18852:20230712:142722.311 Starting Zabbix Agent [Windows host]. Zabbix 6.4.5rc1 (revision c096e125c3d). 18852:20230712:142722.312 **** Enabled features **** 18852:20230712:142722.313 IPv6 support: YES 18852:20230712:142722.314 TLS support: NO 18852:20230712:142722.314 ************************** 18852:20230712:142722.315 using configuration file: C:\zabbix_agent_scripts\conf\zabbix_agentd.win.conf 18852:20230712:142722.317 In init_collector_data() 18852:20230712:142722.318 logical CPU count 12 18852:20230712:142722.319 End of init_collector_data() 18852:20230712:142722.320 In init_perf_collector() 18852:20230712:142722.321 In zbx_init_builtin_counter_indexes() 18852:20230712:142722.322 In zbx_get_all_counter_names() 18852:20230712:142722.869 End of zbx_get_all_counter_names() 18852:20230712:142723.102 End of zbx_init_builtin_counter_indexes():SUCCEED 18852:20230712:142723.102 In set_object_names() 18852:20230712:142723.260 [MPLOG] VEH Trap detected exception 6d9 at 0x00007FFA67E2CF19. Exception information: 18852:20230712:142723.260 ====== Fatal information: ====== 18852:20230712:142723.261 Program counter: 0x67e2cf19 18852:20230712:142723.262 === Registers: === 18852:20230712:142723.262 r8 = 7ffa690605c0 = 140713480553920 = 140713480553920 18852:20230712:142723.263 r9 = 3000511010004 = 844446690246660 = 844446690246660 18852:20230712:142723.263 r10 = 4000000000000000 = 4611686018427387904 = 4611686018427387904 18852:20230712:142723.264 r11 = 0 = 0 = 0 18852:20230712:142723.264 r12 = 225c110 = 36028688 = 36028688 18852:20230712:142723.265 r13 = 6d9 = 1753 = 1753 18852:20230712:142723.265 r14 = 0 = 0 = 0 18852:20230712:142723.266 r15 = 14d3a0 = 1364896 = 1364896 18852:20230712:142723.266 rdi = 7ffa6944a4c8 = 140713484657864 = 140713484657864 18852:20230712:142723.267 rsi = 0 = 0 = 0 18852:20230712:142723.268 rbp = 0 = 0 = 0 18852:20230712:142723.268 rbx = 6d9 = 1753 = 1753 18852:20230712:142723.269 rdx = 14cb80 = 1362816 = 1362816 18852:20230712:142723.269 rax = 47fc7da5fd6fe775 = 5187159022699014005 = 5187159022699014005 18852:20230712:142723.270 rcx = 0 = 0 = 0 18852:20230712:142723.270 rsp = 14d0e0 = 1364192 = 1364192 18852:20230712:142723.271 efl = 206 = 518 = 518 18852:20230712:142723.271 csgsfs = 332b5300 = 858477312 = 858477312 18852:20230712:142723.272 === Backtrace: === 18852:20230712:142723.369 24: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 18852:20230712:142723.370 23: C:\WINDOWS\System32\RPCRT4.dll(RpcRaiseException+0x50) [0x68fb02c0] 18852:20230712:142723.371 22: C:\WINDOWS\System32\RPCRT4.dll(RpcRaiseException+0x14) [0x68fb0284] 18852:20230712:142723.372 21: C:\WINDOWS\System32\RPCRT4.dll(Ndr64AsyncServerCallAll+0x1599) [0x6905d7d9] 18852:20230712:142723.372 20: C:\WINDOWS\System32\RPCRT4.dll(NdrClientCall3+0xf0) [0x690605b0] 18852:20230712:142723.373 19: C:\WINDOWS\System32\ADVAPI32.DLL(PerfRegSetValue+0x4164) [0x69438eb4] 18852:20230712:142723.374 18: C:\WINDOWS\System32\ADVAPI32.DLL(LsaSetForestTrustInformation2+0x6bf0) [0x69405630] 18852:20230712:142723.375 17: C:\WINDOWS\System32\ADVAPI32.DLL(InitiateShutdownW+0x898) [0x693f9f48] 18852:20230712:142723.375 16: C:\WINDOWS\System32\ADVAPI32.DLL(InitiateShutdownW+0x1630) [0x693face0] 18852:20230712:142723.376 15: C:\WINDOWS\System32\ADVAPI32.DLL(PerfRegQueryValue+0x1a05) [0x693eaf35] 18852:20230712:142723.377 14: C:\WINDOWS\System32\ADVAPI32.DLL(PerfRegQueryValue+0x3b) [0x693e956b] 18852:20230712:142723.378 13: C:\WINDOWS\System32\KERNELBASE.dll(SetProcessDynamicEnforcedCetCompatibleRanges+0xa46) [0x67eb3d46] 18852:20230712:142723.378 12: C:\WINDOWS\System32\KERNELBASE.dll(RegQueryValueExW+0x108) [0x67e33808] 18852:20230712:142723.379 11: C:\WINDOWS\SYSTEM32\pdh.dll(PdhCollectQueryData+0x5f93) [0x41848f43] 18852:20230712:142723.380 10: C:\WINDOWS\SYSTEM32\pdh.dll(PdhCollectQueryData+0x6ea7) [0x41849e57] 18852:20230712:142723.380 9: C:\WINDOWS\SYSTEM32\pdh.dll(PdhCollectQueryData+0x205af) [0x4186355f] 18852:20230712:142723.381 8: C:\WINDOWS\SYSTEM32\pdh.dll(PdhEnumObjectsHW+0xa2) [0x418751b2] 18852:20230712:142723.382 7: C:\WINDOWS\SYSTEM32\pdh.dll(PdhEnumObjectsW+0xeb) [0x418752eb] 18852:20230712:142723.384 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(set_object_names+0xa5 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\perfstat.c:242) [0x4003a1f5] 18852:20230712:142723.385 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(init_perf_collector+0x11f c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\perfstat.c:457) [0x40039f1f] 18852:20230712:142723.386 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(MAIN_ZABBIX_ENTRY+0x243 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\zabbix_agentd.c:1249) [0x4003aa63] 18852:20230712:142723.387 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(main+0x366 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\zabbix_agentd.c:1596) [0x4003b446] 18852:20230712:142723.388 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(__scrt_common_main_seh+0x10c d:\a01\_work\43\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288) [0x4008cc08] 18852:20230712:142723.389 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 18852:20230712:142723.390 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 18852:20230712:142723.394 ================================ 18852:20230712:142724.010 In zbx_get_all_counter_names() 18852:20230712:142724.016 End of zbx_get_all_counter_names() 18852:20230712:142724.017 In zbx_get_all_counter_names() 18852:20230712:142724.024 End of zbx_get_all_counter_names() 18852:20230712:142724.076 End of set_object_names():SUCCEED 18852:20230712:142724.077 End of init_perf_collector():SUCCEED 18852:20230712:142724.077 agent #0 started [main process] 2184:20230712:142724.078 agent #1 started [collector] 17028:20230712:142724.079 agent #2 started [listener #1] 19844:20230712:142724.080 agent #3 started [listener #2] 14488:20230712:142724.081 agent #4 started [listener #3] 2184:20230712:142724.081 In init_cpu_collector() 9284:20230712:142724.082 agent #5 started [active checks #1] 2184:20230712:142724.083 In zbx_get_counter_name() pdhIndex:238 9284:20230712:142724.084 In init_active_metrics() 2184:20230712:142724.084 End of zbx_get_counter_name():SUCCEED 9284:20230712:142724.085 buffer: first allocation for 100 elements 2184:20230712:142724.086 In zbx_get_counter_name() pdhIndex:6 9284:20230712:142724.086 End of init_active_metrics() 2184:20230712:142724.087 End of zbx_get_counter_name():SUCCEED 2184:20230712:142724.088 12 CPUs and 1 processor group, using "Processor" counter 9284:20230712:142724.088 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 2184:20230712:142724.089 In add_perf_counter() counter:'\Processor(_Total)\% Processor Time' interval:900 9284:20230712:142724.090 End of send_buffer():SUCCEED 2184:20230712:142724.090 add_perf_counter(): PerfCounter '\Processor(_Total)\% Processor Time' successfully added 9284:20230712:142724.091 In send_heartbeat_msg() 2184:20230712:142724.092 End of add_perf_counter(): SUCCEED 9284:20230712:142724.092 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:3, connection timeout:3] 2184:20230712:142724.093 In add_perf_counter() counter:'\Processor(0)\% Processor Time' interval:900 9284:20230712:142724.094 sending [{"request":"active check heartbeat","host":"Windows host","heartbeat_freq":60}] 2184:20230712:142724.094 add_perf_counter(): PerfCounter '\Processor(0)\% Processor Time' successfully added 2184:20230712:142724.095 End of add_perf_counter(): SUCCEED 9284:20230712:142724.096 Out send_heartbeat_msg() 2184:20230712:142724.096 In add_perf_counter() counter:'\Processor(1)\% Processor Time' interval:900 9284:20230712:142724.097 In refresh_active_checks() host:'192.168.56.201' port:10051 2184:20230712:142724.098 add_perf_counter(): PerfCounter '\Processor(1)\% Processor Time' successfully added 2184:20230712:142724.098 End of add_perf_counter(): SUCCEED 2184:20230712:142724.099 In add_perf_counter() counter:'\Processor(2)\% Processor Time' interval:900 2184:20230712:142724.100 add_perf_counter(): PerfCounter '\Processor(2)\% Processor Time' successfully added 2184:20230712:142724.100 End of add_perf_counter(): SUCCEED 2184:20230712:142724.101 In add_perf_counter() counter:'\Processor(3)\% Processor Time' interval:900 2184:20230712:142724.102 add_perf_counter(): PerfCounter '\Processor(3)\% Processor Time' successfully added 2184:20230712:142724.102 End of add_perf_counter(): SUCCEED 2184:20230712:142724.103 In add_perf_counter() counter:'\Processor(4)\% Processor Time' interval:900 2184:20230712:142724.103 add_perf_counter(): PerfCounter '\Processor(4)\% Processor Time' successfully added 2184:20230712:142724.104 End of add_perf_counter(): SUCCEED 2184:20230712:142724.105 In add_perf_counter() counter:'\Processor(5)\% Processor Time' interval:900 2184:20230712:142724.105 add_perf_counter(): PerfCounter '\Processor(5)\% Processor Time' successfully added 2184:20230712:142724.106 End of add_perf_counter(): SUCCEED 2184:20230712:142724.106 In add_perf_counter() counter:'\Processor(6)\% Processor Time' interval:900 2184:20230712:142724.107 add_perf_counter(): PerfCounter '\Processor(6)\% Processor Time' successfully added 2184:20230712:142724.108 End of add_perf_counter(): SUCCEED 2184:20230712:142724.108 In add_perf_counter() counter:'\Processor(7)\% Processor Time' interval:900 2184:20230712:142724.109 add_perf_counter(): PerfCounter '\Processor(7)\% Processor Time' successfully added 2184:20230712:142724.109 End of add_perf_counter(): SUCCEED 2184:20230712:142724.110 In add_perf_counter() counter:'\Processor(8)\% Processor Time' interval:900 2184:20230712:142724.111 add_perf_counter(): PerfCounter '\Processor(8)\% Processor Time' successfully added 2184:20230712:142724.111 End of add_perf_counter(): SUCCEED 2184:20230712:142724.112 In add_perf_counter() counter:'\Processor(9)\% Processor Time' interval:900 2184:20230712:142724.113 add_perf_counter(): PerfCounter '\Processor(9)\% Processor Time' successfully added 2184:20230712:142724.113 End of add_perf_counter(): SUCCEED 2184:20230712:142724.114 In add_perf_counter() counter:'\Processor(10)\% Processor Time' interval:900 2184:20230712:142724.114 add_perf_counter(): PerfCounter '\Processor(10)\% Processor Time' successfully added 2184:20230712:142724.115 End of add_perf_counter(): SUCCEED 2184:20230712:142724.116 In add_perf_counter() counter:'\Processor(11)\% Processor Time' interval:900 2184:20230712:142724.117 add_perf_counter(): PerfCounter '\Processor(11)\% Processor Time' successfully added 2184:20230712:142724.117 End of add_perf_counter(): SUCCEED 2184:20230712:142724.118 In zbx_get_counter_name() pdhIndex:2 2184:20230712:142724.119 End of zbx_get_counter_name():SUCCEED 2184:20230712:142724.120 In zbx_get_counter_name() pdhIndex:44 2184:20230712:142724.121 End of zbx_get_counter_name():SUCCEED 2184:20230712:142724.121 In add_perf_counter() counter:'\System\Processor Queue Length' interval:900 9284:20230712:142724.123 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:3, connection timeout:3] 2184:20230712:142724.124 add_perf_counter(): PerfCounter '\System\Processor Queue Length' successfully added 9284:20230712:142724.125 sending [{"request":"active checks","host":"Windows host","host_metadata":"Q21 Ver. 02.09.01","config_revision":0,"session":"4027be861358abcc6136983f1f36335c"}] 2184:20230712:142724.126 End of add_perf_counter(): SUCCEED 9284:20230712:142724.126 before read 2184:20230712:142724.127 End of init_cpu_collector():SUCCEED 9284:20230712:142724.128 got [{"response":"success","config_revision":912,"data":[{"key":"eventlog[Application]","delay":10,"lastlogsize":24977,"mtime":0}]}] 2184:20230712:142724.129 In collect_perfstat() 9284:20230712:142724.130 In parse_list_of_checks() 9284:20230712:142724.131 In add_check() key:'eventlog[Application]' refresh:10 lastlogsize:24977 mtime:0 9284:20230712:142724.131 End of add_check() 2184:20230712:142724.132 End of collect_perfstat() 9284:20230712:142724.133 End of parse_list_of_checks():SUCCEED 9284:20230712:142724.134 End of refresh_active_checks():SUCCEED 9284:20230712:142724.134 In process_active_checks() server:'192.168.56.201' port:10051 9284:20230712:142724.135 In initialize_eventlog6() source:'Application' previous lastlogsize:24977 9284:20230712:142724.136 In zbx_open_eventlog6() lastlogsize:24977 9284:20230712:142724.138 In get_eventlog6_id() 9284:20230712:142724.139 End of get_eventlog6_id():SUCCEED id:94304984 9284:20230712:142724.141 In get_eventlog6_id() 9284:20230712:142724.142 End of get_eventlog6_id():SUCCEED id:94304976 9284:20230712:142724.143 End of zbx_open_eventlog6():SUCCEED FirstID:24378 LastID:70723 9284:20230712:142724.143 In zbx_get_handle_eventlog6(), previous lastlogsize:24977 9284:20230712:142724.144 End of zbx_get_handle_eventlog6():SUCCEED 9284:20230712:142724.145 End of initialize_eventlog6():SUCCEED 9284:20230712:142724.146 In process_eventslog6() source: 'Application' previous lastlogsize: 24977, FirstID: 24378, LastID: 70723 9284:20230712:142724.151 In zbx_parse_eventlog_message6() EventRecordID:24978 9284:20230712:142724.152 In expand_message6() 9284:20230712:142724.154 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip. 9284:20230712:142724.154 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142724.155 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:24978 value:'Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.' 9284:20230712:142724.155 buffer: new element 0 9284:20230712:142724.156 End of process_value():SUCCEED 9284:20230712:142724.157 In zbx_parse_eventlog_message6() EventRecordID:24979 9284:20230712:142724.157 In expand_message6() 9284:20230712:142724.159 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip. 9284:20230712:142724.159 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142724.160 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:24979 value:'Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.' 9284:20230712:142724.160 buffer: new element 1 9284:20230712:142724.161 End of process_value():SUCCEED 9284:20230712:142724.161 In zbx_parse_eventlog_message6() EventRecordID:24980 9284:20230712:142724.162 In expand_message6() 9284:20230712:142724.164 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip. 9284:20230712:142724.164 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142724.165 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:24980 value:'Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.' 9284:20230712:142724.165 buffer: new element 2 9284:20230712:142724.166 End of process_value():SUCCEED 9284:20230712:142724.166 In zbx_parse_eventlog_message6() EventRecordID:24981 9284:20230712:142724.167 In expand_message6() 9284:20230712:142724.169 End of expand_message6():Updated policy Kernel-RegisteredProcessors with value of 2 from Clip. 9284:20230712:142724.169 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142724.170 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:24981 value:'Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.' 9284:20230712:142724.170 buffer: new element 3 9284:20230712:142724.171 End of process_value():SUCCEED 9284:20230712:142724.172 In zbx_parse_eventlog_message6() EventRecordID:24982 9284:20230712:142724.172 In expand_message6() 9284:20230712:142724.190 End of expand_message6():12434 9284:20230712:142724.191 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142724.191 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:24982 value:'12434' 9284:20230712:142724.192 buffer: new element 4 9284:20230712:142724.193 End of process_value():SUCCEED 9284:20230712:142724.193 In zbx_parse_eventlog_message6() EventRecordID:24983 9284:20230712:142724.194 In expand_message6() 9284:20230712:142724.195 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142724.195 ====== Fatal information: ====== 9284:20230712:142724.196 Program counter: 0x67e2cf19 9284:20230712:142724.196 === Registers: === 9284:20230712:142724.197 r8 = 18 = 24 = 24 9284:20230712:142724.197 r9 = 0 = 0 = 0 9284:20230712:142724.198 r10 = 0 = 0 = 0 9284:20230712:142724.198 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142724.199 r12 = 6787f0 = 6785008 = 6785008 9284:20230712:142724.199 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142724.200 r14 = 0 = 0 = 0 9284:20230712:142724.201 r15 = 0 = 0 = 0 9284:20230712:142724.201 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142724.202 rsi = 385f3b0 = 59110320 = 59110320 9284:20230712:142724.202 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142724.203 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142724.203 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142724.204 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142724.204 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142724.205 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142724.205 efl = 202 = 514 = 514 9284:20230712:142724.206 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142724.207 === Backtrace: === 9284:20230712:142724.372 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142724.372 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142724.373 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142724.374 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142724.375 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142724.377 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142724.378 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142724.379 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142724.380 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142724.380 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142724.381 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142724.382 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142724.383 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142724.384 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142724.389 ================================ 9284:20230712:142724.402 provider 'OneDriveUpdaterService' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142724.402 End of expand_message6():(null) 9284:20230712:142724.403 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142724.404 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:24983 value:'The description for Event ID:0 in Source:'OneDriveUpdaterService' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: OneDriveUpdaterService; OneDrive Updater Service is beginning an update' 9284:20230712:142724.404 buffer: new element 5 9284:20230712:142724.405 End of process_value():SUCCEED 9284:20230712:142724.406 In zbx_parse_eventlog_message6() EventRecordID:24984 9284:20230712:142724.406 In expand_message6() 9284:20230712:142724.408 End of expand_message6():Outlook loaded the following add-in(s): Name: Microsoft Exchange Add-in Description: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability. ProgID: UmOutlookAddin.FormRegionAddin GUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\UmOutlookAddin.dll Boot Time (Milliseconds): 31 Name: Microsoft Teams Meeting Add-in for Microsoft Office Description: Microsoft Teams Meeting Add-in for Microsoft Office ProgID: TeamsAddin.FastConnect GUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D} Load Behavior: 3 HKLM: 0 Location: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22209.4\x64\Microsoft.Teams.AddinLoader.dll Boot Time (Milliseconds): 16 Name: Outlook Social Connector 2016 Description: Connects to social networking sites and provides people, activity, and status information. ProgID: OscAddin.Connect GUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\SOCIALCONNECTOR.DLL Boot Time (Milliseconds): 31 Name: OneNote Notes about Outlook Items Description: Adds Send to OneNote and Notes about this Item buttons to the command bar ProgID: OneNote.OutlookAddin GUID: {93E5752E-B889-47C5-8545-654EE2533C64} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll Boot Time (Milliseconds): 31 Name: Microsoft VBA for Outlook Addin Description: ProgID: Microsoft.VbaAddinForOutlook.1 GUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2} Load Behavior: 9 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\OUTLVBA.DLL Boot Time (Milliseconds): 0 Name: Microsoft SharePoint Server Colleague Import Add-in Description: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content ProgID: ColleagueImport.ColleagueImportAddin GUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120} Load Behavior: 3 HKLM: 0 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\ColleagueImport.dll Boot Time (Milliseconds): 16 Name: HP Sure Click Outlook Add-in 4.3.4.610 Description: HP Sure Click Outlook Add-in 4.3.4.610 ProgID: Bromium.vSentry.OutlookAddin GUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\HP\Sure Click\4.3.4.610\servers\BrOutlookAddin.dll Boot Time (Milliseconds): 250 9284:20230712:142724.409 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142724.410 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:24984 value:'Outlook loaded the following add-in(s): Name: Microsoft Exchange Add-in Description: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability. ProgID: UmOutlookAddin.FormRegionAddin GUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\UmOutlookAddin.dll Boot Time (Milliseconds): 31 Name: Microsoft Teams Meeting Add-in for Microsoft Office Description: Microsoft Teams Meeting Add-in for Microsoft Office ProgID: TeamsAddin.FastConnect GUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D} Load Behavior: 3 HKLM: 0 Location: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22209.4\x64\Microsoft.Teams.AddinLoader.dll Boot Time (Milliseconds): 16 Name: Outlook Social Connector 2016 Description: Connects to social networking sites and provides people, activity, and status information. ProgID: OscAddin.Connect GUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\SOCIALCONNECTOR.DLL Boot Time (Milliseconds): 31 Name: OneNote Notes about Outlook Items Description: Adds Send to OneNote and Notes about this Item buttons to the command bar ProgID: OneNote.OutlookAddin GUID: {93E5752E-B889-47C5-8545-654EE2533C64} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll Boot Time (Milliseconds): 31 Name: Microsoft VBA for Outlook Addin Description: ProgID: Microsoft.VbaAddinForOutlook.1 GUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2} Load Behavior: 9 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\OUTLVBA.DLL Boot Time (Milliseconds): 0 Name: Microsoft SharePoint Server Colleague Import Add-in Description: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content ProgID: ColleagueImport.ColleagueImportAddin GUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120} Load Behavior: 3 HKLM: 0 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\ColleagueImport.dll Boot Time (Milliseconds): 16 Name: HP Sure Click Outlook Add-in 4.3.4.610 Description: HP Sure Click Outlook Add-in 4.3.4.610 ProgID: Bromium.vSentry.OutlookAddin GUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\HP\Sure Click\4.3.4.610\servers\BrOutlookAddin.dll Boot Time (Milliseconds): 250 ' 9284:20230712:142724.410 buffer: new element 6 9284:20230712:142724.411 End of process_value():SUCCEED 9284:20230712:142724.411 In zbx_parse_eventlog_message6() EventRecordID:24985 9284:20230712:142724.412 In expand_message6() 9284:20230712:142724.414 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142724.415 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142724.415 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:24985 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142724.416 buffer: new element 7 9284:20230712:142724.417 End of process_value():SUCCEED 9284:20230712:142724.417 In zbx_parse_eventlog_message6() EventRecordID:24986 9284:20230712:142724.418 In expand_message6() 9284:20230712:142724.420 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 9284:20230712:142724.421 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142724.421 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:24986 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] ' 9284:20230712:142724.422 buffer: new element 8 9284:20230712:142724.423 End of process_value():SUCCEED 9284:20230712:142724.423 In zbx_parse_eventlog_message6() EventRecordID:24987 9284:20230712:142724.424 In expand_message6() 9284:20230712:142724.426 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142724.426 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142724.427 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:24987 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142724.428 buffer: new element 9 9284:20230712:142724.428 End of process_value():SUCCEED 9284:20230712:142724.429 In zbx_parse_eventlog_message6() EventRecordID:24988 9284:20230712:142724.430 In expand_message6() 9284:20230712:142724.430 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142724.431 ====== Fatal information: ====== 9284:20230712:142724.432 Program counter: 0x67e2cf19 9284:20230712:142724.432 === Registers: === 9284:20230712:142724.433 r8 = 18 = 24 = 24 9284:20230712:142724.434 r9 = 0 = 0 = 0 9284:20230712:142724.434 r10 = 0 = 0 = 0 9284:20230712:142724.435 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142724.436 r12 = 386d680 = 59168384 = 59168384 9284:20230712:142724.436 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142724.437 r14 = 0 = 0 = 0 9284:20230712:142724.437 r15 = 0 = 0 = 0 9284:20230712:142724.438 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142724.439 rsi = 385e410 = 59106320 = 59106320 9284:20230712:142724.439 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142724.440 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142724.441 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142724.441 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142724.442 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142724.443 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142724.443 efl = 202 = 514 = 514 9284:20230712:142724.444 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142724.444 === Backtrace: === 9284:20230712:142724.605 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142724.606 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142724.607 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142724.608 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142724.608 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142724.611 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142724.611 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142724.612 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142724.613 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142724.614 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142724.615 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142724.616 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142724.617 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142724.617 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142724.623 ================================ 9284:20230712:142724.623 provider 'OneDriveUpdaterService' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142724.624 End of expand_message6():(null) 9284:20230712:142724.625 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142724.625 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:24988 value:'The description for Event ID:0 in Source:'OneDriveUpdaterService' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: OneDriveUpdaterService; OneDrive Updater Service finished performing an update' 9284:20230712:142724.626 buffer: new element 10 9284:20230712:142724.626 End of process_value():SUCCEED 9284:20230712:142724.627 In zbx_parse_eventlog_message6() EventRecordID:24989 9284:20230712:142724.627 In expand_message6() 9284:20230712:142724.628 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142724.629 ====== Fatal information: ====== 9284:20230712:142724.629 Program counter: 0x67e2cf19 9284:20230712:142724.630 === Registers: === 9284:20230712:142724.630 r8 = 18 = 24 = 24 9284:20230712:142724.631 r9 = 0 = 0 = 0 9284:20230712:142724.631 r10 = 0 = 0 = 0 9284:20230712:142724.632 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142724.632 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142724.633 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142724.633 r14 = 0 = 0 = 0 9284:20230712:142724.634 r15 = 0 = 0 = 0 9284:20230712:142724.634 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142724.635 rsi = 385ee10 = 59108880 = 59108880 9284:20230712:142724.635 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142724.636 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142724.636 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142724.637 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142724.637 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142724.638 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142724.638 efl = 202 = 514 = 514 9284:20230712:142724.639 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142724.639 === Backtrace: === 9284:20230712:142724.800 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142724.800 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142724.801 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142724.801 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142724.802 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142724.804 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142724.805 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142724.806 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142724.807 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142724.807 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142724.808 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142724.809 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142724.810 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142724.810 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142724.815 ================================ 9284:20230712:142724.816 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142724.816 End of expand_message6():(null) 9284:20230712:142724.817 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142724.818 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:24989 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142724.818 buffer: new element 11 9284:20230712:142724.819 End of process_value():SUCCEED 9284:20230712:142724.819 In zbx_parse_eventlog_message6() EventRecordID:24990 9284:20230712:142724.820 In expand_message6() 9284:20230712:142724.821 End of expand_message6():Service stopped. 9284:20230712:142724.822 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142724.822 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:24990 value:'Service stopped.' 9284:20230712:142724.823 buffer: new element 12 9284:20230712:142724.823 End of process_value():SUCCEED 9284:20230712:142724.824 In zbx_parse_eventlog_message6() EventRecordID:24991 9284:20230712:142724.824 In expand_message6() 9284:20230712:142724.825 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142724.825 ====== Fatal information: ====== 9284:20230712:142724.826 Program counter: 0x67e2cf19 9284:20230712:142724.826 === Registers: === 9284:20230712:142724.827 r8 = 18 = 24 = 24 9284:20230712:142724.827 r9 = 0 = 0 = 0 9284:20230712:142724.827 r10 = 0 = 0 = 0 9284:20230712:142724.828 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142724.829 r12 = 38621b0 = 59122096 = 59122096 9284:20230712:142724.829 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142724.830 r14 = 0 = 0 = 0 9284:20230712:142724.830 r15 = 0 = 0 = 0 9284:20230712:142724.830 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142724.831 rsi = 385ee10 = 59108880 = 59108880 9284:20230712:142724.831 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142724.832 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142724.832 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142724.833 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142724.833 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142724.834 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142724.834 efl = 202 = 514 = 514 9284:20230712:142724.835 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142724.835 === Backtrace: === 9284:20230712:142724.996 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142724.997 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142724.997 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142724.998 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142724.999 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142725.001 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142725.002 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142725.003 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142725.004 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142725.005 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142725.005 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142725.006 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142725.007 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142725.008 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142725.013 ================================ 9284:20230712:142725.014 provider 'gupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142725.014 End of expand_message6():(null) 9284:20230712:142725.015 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.016 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:24991 value:'The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142725.016 buffer: new element 13 9284:20230712:142725.017 End of process_value():SUCCEED 9284:20230712:142725.018 In zbx_parse_eventlog_message6() EventRecordID:24992 9284:20230712:142725.018 In expand_message6() 9284:20230712:142725.036 End of expand_message6():Service started successfully. 9284:20230712:142725.037 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.037 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:24992 value:'Service started successfully.' 9284:20230712:142725.038 buffer: new element 14 9284:20230712:142725.039 End of process_value():SUCCEED 9284:20230712:142725.039 In zbx_parse_eventlog_message6() EventRecordID:24993 9284:20230712:142725.040 In expand_message6() 9284:20230712:142725.042 End of expand_message6():Service started successfully. 9284:20230712:142725.042 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.043 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:24993 value:'Service started successfully.' 9284:20230712:142725.044 buffer: new element 15 9284:20230712:142725.044 End of process_value():SUCCEED 9284:20230712:142725.045 In zbx_parse_eventlog_message6() EventRecordID:24994 9284:20230712:142725.045 In expand_message6() 9284:20230712:142725.047 End of expand_message6():Started event manager Started event manager 9284:20230712:142725.048 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.048 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:24994 value:'Started event manager Started event manager' 9284:20230712:142725.049 buffer: new element 16 9284:20230712:142725.050 End of process_value():SUCCEED 9284:20230712:142725.050 In zbx_parse_eventlog_message6() EventRecordID:24995 9284:20230712:142725.051 In expand_message6() 9284:20230712:142725.053 End of expand_message6():The Windows Security Center Service has started. 9284:20230712:142725.053 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.054 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:24995 value:'The Windows Security Center Service has started.' 9284:20230712:142725.055 buffer: new element 17 9284:20230712:142725.055 End of process_value():SUCCEED 9284:20230712:142725.056 In zbx_parse_eventlog_message6() EventRecordID:24996 9284:20230712:142725.057 In expand_message6() 9284:20230712:142725.058 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142725.059 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.060 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:24996 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142725.060 buffer: new element 18 9284:20230712:142725.061 End of process_value():SUCCEED 9284:20230712:142725.062 In zbx_parse_eventlog_message6() EventRecordID:24997 9284:20230712:142725.062 In expand_message6() 9284:20230712:142725.064 End of expand_message6():Version : 2.0.11.0 9284:20230712:142725.065 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.065 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:24997 value:'Version : 2.0.11.0' 9284:20230712:142725.066 buffer: new element 19 9284:20230712:142725.067 End of process_value():SUCCEED 9284:20230712:142725.067 In zbx_parse_eventlog_message6() EventRecordID:24998 9284:20230712:142725.068 In expand_message6() 9284:20230712:142725.070 End of expand_message6():Cloud logging is enabled. 9284:20230712:142725.070 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.071 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:24998 value:'Cloud logging is enabled.' 9284:20230712:142725.072 buffer: new element 20 9284:20230712:142725.072 End of process_value():SUCCEED 9284:20230712:142725.073 In zbx_parse_eventlog_message6() EventRecordID:24999 9284:20230712:142725.074 In expand_message6() 9284:20230712:142725.075 End of expand_message6():Load Balance is enabled. 9284:20230712:142725.076 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.077 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:24999 value:'Load Balance is enabled.' 9284:20230712:142725.078 buffer: new element 21 9284:20230712:142725.078 End of process_value():SUCCEED 9284:20230712:142725.079 In zbx_parse_eventlog_message6() EventRecordID:25000 9284:20230712:142725.080 In expand_message6() 9284:20230712:142725.082 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-05T06:16:44Z. Reason: RulesEngine. 9284:20230712:142725.082 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.083 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25000 value:'Successfully scheduled Software Protection service for re-start at 2122-08-05T06:16:44Z. Reason: RulesEngine.' 9284:20230712:142725.084 buffer: new element 22 9284:20230712:142725.084 End of process_value():SUCCEED 9284:20230712:142725.085 In zbx_parse_eventlog_message6() EventRecordID:25001 9284:20230712:142725.086 In expand_message6() 9284:20230712:142725.088 End of expand_message6():The Software Protection service has stopped. 9284:20230712:142725.088 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.089 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25001 value:'The Software Protection service has stopped. ' 9284:20230712:142725.090 buffer: new element 23 9284:20230712:142725.090 End of process_value():SUCCEED 9284:20230712:142725.091 In zbx_parse_eventlog_message6() EventRecordID:25002 9284:20230712:142725.092 In expand_message6() 9284:20230712:142725.093 End of expand_message6():Finish Device Check 9284:20230712:142725.094 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.095 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25002 value:'Finish Device Check' 9284:20230712:142725.095 buffer: new element 24 9284:20230712:142725.096 End of process_value():SUCCEED 9284:20230712:142725.097 In zbx_parse_eventlog_message6() EventRecordID:25003 9284:20230712:142725.098 In expand_message6() 9284:20230712:142725.099 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142725.100 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.101 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25003 value:'Offline downlevel migration succeeded.' 9284:20230712:142725.101 buffer: new element 25 9284:20230712:142725.102 End of process_value():SUCCEED 9284:20230712:142725.102 In zbx_parse_eventlog_message6() EventRecordID:25004 9284:20230712:142725.103 In expand_message6() 9284:20230712:142725.105 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-05T06:19:42Z. Reason: RulesEngine. 9284:20230712:142725.105 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.106 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25004 value:'Successfully scheduled Software Protection service for re-start at 2122-08-05T06:19:42Z. Reason: RulesEngine.' 9284:20230712:142725.106 buffer: new element 26 9284:20230712:142725.107 End of process_value():SUCCEED 9284:20230712:142725.107 In zbx_parse_eventlog_message6() EventRecordID:25005 9284:20230712:142725.108 In expand_message6() 9284:20230712:142725.110 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142725.110 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.111 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25005 value:'Offline downlevel migration succeeded.' 9284:20230712:142725.111 buffer: new element 27 9284:20230712:142725.112 End of process_value():SUCCEED 9284:20230712:142725.113 In zbx_parse_eventlog_message6() EventRecordID:25006 9284:20230712:142725.113 In expand_message6() 9284:20230712:142725.115 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142725.116 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.116 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25006 value:'The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142725.117 buffer: new element 28 9284:20230712:142725.118 End of process_value():SUCCEED 9284:20230712:142725.118 In zbx_parse_eventlog_message6() EventRecordID:25007 9284:20230712:142725.119 In expand_message6() 9284:20230712:142725.120 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip. 9284:20230712:142725.121 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.122 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25007 value:'Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.' 9284:20230712:142725.122 buffer: new element 29 9284:20230712:142725.123 End of process_value():SUCCEED 9284:20230712:142725.123 In zbx_parse_eventlog_message6() EventRecordID:25008 9284:20230712:142725.124 In expand_message6() 9284:20230712:142725.126 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip. 9284:20230712:142725.126 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.127 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25008 value:'Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.' 9284:20230712:142725.127 buffer: new element 30 9284:20230712:142725.128 End of process_value():SUCCEED 9284:20230712:142725.129 In zbx_parse_eventlog_message6() EventRecordID:25009 9284:20230712:142725.129 In expand_message6() 9284:20230712:142725.131 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip. 9284:20230712:142725.131 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.132 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25009 value:'Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.' 9284:20230712:142725.132 buffer: new element 31 9284:20230712:142725.133 End of process_value():SUCCEED 2184:20230712:142725.134 In collect_perfstat() 9284:20230712:142725.135 In zbx_parse_eventlog_message6() EventRecordID:25010 9284:20230712:142725.135 In expand_message6() 2184:20230712:142725.137 End of collect_perfstat() 9284:20230712:142725.137 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip. 9284:20230712:142725.138 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.139 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25010 value:'Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.' 9284:20230712:142725.139 buffer: new element 32 9284:20230712:142725.140 End of process_value():SUCCEED 9284:20230712:142725.140 In zbx_parse_eventlog_message6() EventRecordID:25011 9284:20230712:142725.141 In expand_message6() 9284:20230712:142725.143 End of expand_message6():Updated policy Kernel-RegisteredProcessors with value of 2 from Clip. 9284:20230712:142725.143 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.144 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25011 value:'Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.' 9284:20230712:142725.144 buffer: new element 33 9284:20230712:142725.145 End of process_value():SUCCEED 9284:20230712:142725.145 In zbx_parse_eventlog_message6() EventRecordID:25012 9284:20230712:142725.146 In expand_message6() 9284:20230712:142725.147 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142725.147 ====== Fatal information: ====== 9284:20230712:142725.148 Program counter: 0x67e2cf19 9284:20230712:142725.148 === Registers: === 9284:20230712:142725.149 r8 = 18 = 24 = 24 9284:20230712:142725.149 r9 = 0 = 0 = 0 9284:20230712:142725.150 r10 = 0 = 0 = 0 9284:20230712:142725.151 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142725.151 r12 = 3863170 = 59126128 = 59126128 9284:20230712:142725.152 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142725.152 r14 = 0 = 0 = 0 9284:20230712:142725.153 r15 = 0 = 0 = 0 9284:20230712:142725.154 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142725.154 rsi = 385e910 = 59107600 = 59107600 9284:20230712:142725.155 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142725.155 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142725.156 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142725.156 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142725.157 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142725.158 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142725.158 efl = 202 = 514 = 514 9284:20230712:142725.159 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142725.159 === Backtrace: === 9284:20230712:142725.324 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142725.325 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142725.326 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142725.326 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142725.327 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142725.329 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142725.330 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142725.330 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142725.331 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142725.332 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142725.333 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142725.334 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142725.334 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142725.335 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142725.340 ================================ 9284:20230712:142725.340 provider 'gupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142725.341 End of expand_message6():(null) 9284:20230712:142725.342 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.342 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25012 value:'The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142725.343 buffer: new element 34 9284:20230712:142725.343 End of process_value():SUCCEED 9284:20230712:142725.344 In zbx_parse_eventlog_message6() EventRecordID:25013 9284:20230712:142725.344 In expand_message6() 9284:20230712:142725.346 End of expand_message6():Service stopped. 9284:20230712:142725.346 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.347 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25013 value:'Service stopped.' 9284:20230712:142725.347 buffer: new element 35 9284:20230712:142725.348 End of process_value():SUCCEED 9284:20230712:142725.348 In zbx_parse_eventlog_message6() EventRecordID:25014 9284:20230712:142725.349 In expand_message6() 9284:20230712:142725.350 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142725.351 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.352 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25014 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142725.352 buffer: new element 36 9284:20230712:142725.353 End of process_value():SUCCEED 9284:20230712:142725.353 In zbx_parse_eventlog_message6() EventRecordID:25015 9284:20230712:142725.354 In expand_message6() 9284:20230712:142725.356 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 9284:20230712:142725.356 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.357 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25015 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] ' 9284:20230712:142725.357 buffer: new element 37 9284:20230712:142725.358 End of process_value():SUCCEED 9284:20230712:142725.358 In zbx_parse_eventlog_message6() EventRecordID:25016 9284:20230712:142725.359 In expand_message6() 9284:20230712:142725.360 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142725.361 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.361 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25016 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142725.362 buffer: new element 38 9284:20230712:142725.362 End of process_value():SUCCEED 9284:20230712:142725.363 In zbx_parse_eventlog_message6() EventRecordID:25017 9284:20230712:142725.363 In expand_message6() 9284:20230712:142725.365 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-05T06:23:33Z. Reason: RulesEngine. 9284:20230712:142725.366 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.366 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25017 value:'Successfully scheduled Software Protection service for re-start at 2122-08-05T06:23:33Z. Reason: RulesEngine.' 9284:20230712:142725.367 buffer: new element 39 9284:20230712:142725.367 End of process_value():SUCCEED 9284:20230712:142725.368 In zbx_parse_eventlog_message6() EventRecordID:25018 9284:20230712:142725.369 In expand_message6() 9284:20230712:142725.370 End of expand_message6():The Open procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available. 9284:20230712:142725.371 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.372 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25018 value:'The Open procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available.' 9284:20230712:142725.372 buffer: new element 40 9284:20230712:142725.373 End of process_value():SUCCEED 9284:20230712:142725.373 In zbx_parse_eventlog_message6() EventRecordID:25019 9284:20230712:142725.374 In expand_message6() 9284:20230712:142725.376 End of expand_message6():The Open procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available. 9284:20230712:142725.376 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.377 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25019 value:'The Open procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available.' 9284:20230712:142725.377 buffer: new element 41 9284:20230712:142725.378 End of process_value():SUCCEED 9284:20230712:142725.379 In zbx_parse_eventlog_message6() EventRecordID:25020 9284:20230712:142725.379 In expand_message6() 9284:20230712:142725.381 End of expand_message6():The Open procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available. 9284:20230712:142725.381 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.382 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25020 value:'The Open procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available.' 9284:20230712:142725.383 buffer: new element 42 9284:20230712:142725.383 End of process_value():SUCCEED 9284:20230712:142725.384 In zbx_parse_eventlog_message6() EventRecordID:25021 9284:20230712:142725.384 In expand_message6() 9284:20230712:142725.386 End of expand_message6():The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted. 9284:20230712:142725.387 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.387 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25021 value:'The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.' 9284:20230712:142725.388 buffer: new element 43 9284:20230712:142725.388 End of process_value():SUCCEED 9284:20230712:142725.389 In zbx_parse_eventlog_message6() EventRecordID:25022 9284:20230712:142725.390 In expand_message6() 9284:20230712:142725.391 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142725.392 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.392 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25022 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142725.393 buffer: new element 44 9284:20230712:142725.393 End of process_value():SUCCEED 9284:20230712:142725.394 In zbx_parse_eventlog_message6() EventRecordID:25023 9284:20230712:142725.395 In expand_message6() 9284:20230712:142725.396 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142725.397 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.397 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25023 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142725.398 buffer: new element 45 9284:20230712:142725.399 End of process_value():SUCCEED 9284:20230712:142725.399 In zbx_parse_eventlog_message6() EventRecordID:25024 9284:20230712:142725.400 In expand_message6() 9284:20230712:142725.401 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142725.402 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.403 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25024 value:'Offline downlevel migration succeeded.' 9284:20230712:142725.403 buffer: new element 46 9284:20230712:142725.404 End of process_value():SUCCEED 9284:20230712:142725.404 In zbx_parse_eventlog_message6() EventRecordID:25025 9284:20230712:142725.405 In expand_message6() 9284:20230712:142725.407 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142725.407 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.408 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25025 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142725.408 buffer: new element 47 9284:20230712:142725.409 End of process_value():SUCCEED 9284:20230712:142725.410 In zbx_parse_eventlog_message6() EventRecordID:25026 9284:20230712:142725.410 In expand_message6() 9284:20230712:142725.412 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 9284:20230712:142725.412 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.413 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25026 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] ' 9284:20230712:142725.414 buffer: new element 48 9284:20230712:142725.414 End of process_value():SUCCEED 9284:20230712:142725.415 In zbx_parse_eventlog_message6() EventRecordID:25027 9284:20230712:142725.416 In expand_message6() 9284:20230712:142725.417 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-05T06:28:29Z. Reason: RulesEngine. 9284:20230712:142725.418 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.418 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25027 value:'Successfully scheduled Software Protection service for re-start at 2122-08-05T06:28:29Z. Reason: RulesEngine.' 9284:20230712:142725.419 buffer: new element 49 9284:20230712:142725.420 In send_buffer() host:'192.168.56.201' port:10051 entries:50/100 9284:20230712:142725.421 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:60, connection timeout:3] 9284:20230712:142725.422 JSON before sending [{"request":"agent data","session":"4027be861358abcc6136983f1f36335c","data":[{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.","lastlogsize":24978,"timestamp":1661753659,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":1,"clock":1689161244,"ns":155905200},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.","lastlogsize":24979,"timestamp":1661753659,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":2,"clock":1689161244,"ns":160903000},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.","lastlogsize":24980,"timestamp":1661753659,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":3,"clock":1689161244,"ns":165895500},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.","lastlogsize":24981,"timestamp":1661753659,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":4,"clock":1689161244,"ns":171000000},{"host":"Windows host","key":"eventlog[Application]","value":"12434","lastlogsize":24982,"timestamp":1661753666,"source":"SensorFramework-LogonTask-{100ee514-48c8-f419-6760-6fb8cb2767cd}","severity":1,"eventid":92,"id":5,"clock":1689161244,"ns":192625600},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'OneDriveUpdaterService' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: OneDriveUpdaterService; OneDrive Updater Service is beginning an update","lastlogsize":24983,"timestamp":1661753673,"source":"OneDriveUpdaterService","severity":1,"id":6,"clock":1689161244,"ns":405000000},{"host":"Windows host","key":"eventlog[Application]","value":"Outlook loaded the following add-in(s):\n\n\nName: Microsoft Exchange Add-in\nDescription: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability.\nProgID: UmOutlookAddin.FormRegionAddin\nGUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\UmOutlookAddin.dll\nBoot Time (Milliseconds): 31\n\nName: Microsoft Teams Meeting Add-in for Microsoft Office\nDescription: Microsoft Teams Meeting Add-in for Microsoft Office\nProgID: TeamsAddin.FastConnect\nGUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D}\nLoad Behavior: 3\nHKLM: 0\nLocation: C:\\Users\\MihailsPrihodko\\AppData\\Local\\Microsoft\\TeamsMeetingAddin\\1.0.22209.4\\x64\\Microsoft.Teams.AddinLoader.dll\nBoot Time (Milliseconds): 16\n\nName: Outlook Social Connector 2016\nDescription: Connects to social networking sites and provides people, activity, and status information.\nProgID: OscAddin.Connect\nGUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\SOCIALCONNECTOR.DLL\nBoot Time (Milliseconds): 31\n\nName: OneNote Notes about Outlook Items\nDescription: Adds Send to OneNote and Notes about this Item buttons to the command bar\nProgID: OneNote.OutlookAddin\nGUID: {93E5752E-B889-47C5-8545-654EE2533C64}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ONBttnOL.dll\nBoot Time (Milliseconds): 31\n\nName: Microsoft VBA for Outlook Addin\nDescription: \nProgID: Microsoft.VbaAddinForOutlook.1\nGUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2}\nLoad Behavior: 9\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\OUTLVBA.DLL\nBoot Time (Milliseconds): 0\n\nName: Microsoft SharePoint Server Colleague Import Add-in\nDescription: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content\nProgID: ColleagueImport.ColleagueImportAddin\nGUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120}\nLoad Behavior: 3\nHKLM: 0\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\ColleagueImport.dll\nBoot Time (Milliseconds): 16\n\nName: HP Sure Click Outlook Add-in 4.3.4.610\nDescription: HP Sure Click Outlook Add-in 4.3.4.610\nProgID: Bromium.vSentry.OutlookAddin\nGUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\HP\\Sure Click\\4.3.4.610\\servers\\BrOutlookAddin.dll\nBoot Time (Milliseconds): 250\n","lastlogsize":24984,"timestamp":1661753684,"source":"Outlook","severity":1,"eventid":45,"id":7,"clock":1689161244,"ns":410802100},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":24985,"timestamp":1661753685,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":8,"clock":1689161244,"ns":416707200},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n\n","lastlogsize":24986,"timestamp":1661753685,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":9,"clock":1689161244,"ns":422743700},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":24987,"timestamp":1661753685,"source":"Outlook","severity":1,"eventid":63,"id":10,"clock":1689161244,"ns":428186400},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'OneDriveUpdaterService' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: OneDriveUpdaterService; OneDrive Updater Service finished performing an update","lastlogsize":24988,"timestamp":1661753688,"source":"OneDriveUpdaterService","severity":1,"id":11,"clock":1689161244,"ns":626281400},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":24989,"timestamp":1661753702,"source":"dbupdate","severity":1,"id":12,"clock":1689161244,"ns":818709600},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped.","lastlogsize":24990,"timestamp":1661753702,"source":"edgeupdate","severity":1,"id":13,"clock":1689161244,"ns":823134200},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":24991,"timestamp":1661753703,"source":"gupdate","severity":1,"id":14,"clock":1689161245,"ns":17000000},{"host":"Windows host","key":"eventlog[Application]","value":"Service started successfully.","lastlogsize":24992,"timestamp":1661753703,"source":"HP Comm Recovery","severity":1,"id":15,"clock":1689161245,"ns":38747900},{"host":"Windows host","key":"eventlog[Application]","value":"Service started successfully.","lastlogsize":24993,"timestamp":1661753704,"source":"IAStorDataMgrSvc","severity":1,"id":16,"clock":1689161245,"ns":44124900},{"host":"Windows host","key":"eventlog[Application]","value":"Started event manager\nStarted event manager","lastlogsize":24994,"timestamp":1661753704,"source":"IAStorDataMgrSvc","severity":1,"eventid":7303,"id":17,"clock":1689161245,"ns":49512100},{"host":"Windows host","key":"eventlog[Application]","value":"The Windows Security Center Service has started.","lastlogsize":24995,"timestamp":1661753706,"source":"SecurityCenter","severity":1,"eventid":1,"id":18,"clock":1689161245,"ns":55250100},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":24996,"timestamp":1661753708,"source":"SecurityCenter","severity":1,"eventid":15,"id":19,"clock":1689161245,"ns":60901400},{"host":"Windows host","key":"eventlog[Application]","value":"Version : 2.0.11.0","lastlogsize":24997,"timestamp":1661753733,"source":"HP Comm Recovery","severity":1,"id":20,"clock":1689161245,"ns":66790700},{"host":"Windows host","key":"eventlog[Application]","value":"Cloud logging is enabled.","lastlogsize":24998,"timestamp":1661753733,"source":"HP Comm Recovery","severity":1,"id":21,"clock":1689161245,"ns":72312800},{"host":"Windows host","key":"eventlog[Application]","value":"Load Balance is enabled.","lastlogsize":24999,"timestamp":1661753733,"source":"HP Comm Recovery","severity":1,"id":22,"clock":1689161245,"ns":78204400},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-05T06:16:44Z. Reason: RulesEngine.","lastlogsize":25000,"timestamp":1661753804,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":23,"clock":1689161245,"ns":84229900},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has stopped.\r\n","lastlogsize":25001,"timestamp":1661753804,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":903,"id":24,"clock":1689161245,"ns":90246800},{"host":"Windows host","key":"eventlog[Application]","value":"Finish Device Check","lastlogsize":25002,"timestamp":1661753913,"source":"HP Comm Recovery","severity":1,"eventid":1,"id":25,"clock":1689161245,"ns":96109200},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25003,"timestamp":1661753951,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":26,"clock":1689161245,"ns":101785400},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-05T06:19:42Z. Reason: RulesEngine.","lastlogsize":25004,"timestamp":1661753982,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":27,"clock":1689161245,"ns":106931000},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25005,"timestamp":1661754056,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":28,"clock":1689161245,"ns":111970900},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=55c92734-d682-4d71-983e-d6ec3f16059f\r\nLicensing Status=\n1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]\n38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25006,"timestamp":1661754057,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":29,"clock":1689161245,"ns":117581200},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.","lastlogsize":25007,"timestamp":1661754058,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":30,"clock":1689161245,"ns":122785700},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.","lastlogsize":25008,"timestamp":1661754058,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":31,"clock":1689161245,"ns":127965800},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.","lastlogsize":25009,"timestamp":1661754058,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":32,"clock":1689161245,"ns":133012500},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.","lastlogsize":25010,"timestamp":1661754058,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":33,"clock":1689161245,"ns":139797900},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.","lastlogsize":25011,"timestamp":1661754058,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":34,"clock":1689161245,"ns":144918100},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25012,"timestamp":1661754073,"source":"gupdate","severity":1,"id":35,"clock":1689161245,"ns":343289900},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped.","lastlogsize":25013,"timestamp":1661754124,"source":"edgeupdate","severity":1,"id":36,"clock":1689161245,"ns":347786700},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25014,"timestamp":1661754157,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":37,"clock":1689161245,"ns":352697800},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n\n","lastlogsize":25015,"timestamp":1661754157,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":38,"clock":1689161245,"ns":357700500},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25016,"timestamp":1661754182,"source":"SecurityCenter","severity":1,"eventid":15,"id":39,"clock":1689161245,"ns":362266800},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-05T06:23:33Z. Reason: RulesEngine.","lastlogsize":25017,"timestamp":1661754213,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":40,"clock":1689161245,"ns":367434800},{"host":"Windows host","key":"eventlog[Application]","value":"The Open procedure for service \"ASP.NET\" in DLL \"C:\\Windows\\System32\\aspnet_counters.dll\" failed with error code The parameter is incorrect.. Performance data for this service will not be available.","lastlogsize":25018,"timestamp":1661754216,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":1008,"id":41,"clock":1689161245,"ns":372710800},{"host":"Windows host","key":"eventlog[Application]","value":"The Open procedure for service \"ASP.NET_4.0.30319\" in DLL \"C:\\Windows\\System32\\aspnet_counters.dll\" failed with error code The parameter is incorrect.. Performance data for this service will not be available.","lastlogsize":25019,"timestamp":1661754216,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":1008,"id":42,"clock":1689161245,"ns":377913100},{"host":"Windows host","key":"eventlog[Application]","value":"The Open procedure for service \"aspnet_state\" in DLL \"C:\\Windows\\System32\\aspnet_counters.dll\" failed with error code The parameter is incorrect.. Performance data for this service will not be available.","lastlogsize":25020,"timestamp":1661754216,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":1008,"id":43,"clock":1689161245,"ns":383188900},{"host":"Windows host","key":"eventlog[Application]","value":"The configuration information of the performance library \"C:\\Windows\\System32\\perfts.dll\" for the \"TermService\" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.","lastlogsize":25021,"timestamp":1661754220,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":2003,"id":44,"clock":1689161245,"ns":388370700},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25022,"timestamp":1661754269,"source":"SecurityCenter","severity":1,"eventid":15,"id":45,"clock":1689161245,"ns":393438000},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25023,"timestamp":1661754271,"source":"SecurityCenter","severity":1,"eventid":15,"id":46,"clock":1689161245,"ns":398543100},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25024,"timestamp":1661754479,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":47,"clock":1689161245,"ns":403769500},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25025,"timestamp":1661754479,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":48,"clock":1689161245,"ns":409037400},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n\n","lastlogsize":25026,"timestamp":1661754479,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":49,"clock":1689161245,"ns":414291500},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-05T06:28:29Z. Reason: RulesEngine.","lastlogsize":25027,"timestamp":1661754509,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":50,"clock":1689161245,"ns":419677900}],"clock":1689161245,"ns":421624800}] 9284:20230712:142725.427 JSON back [{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002598"}] 9284:20230712:142725.427 In check_response() response:'{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002598"}' 9284:20230712:142725.428 info from server: 'processed: 50; failed: 0; total: 50; seconds spent: 0.002598' 9284:20230712:142725.429 End of check_response():SUCCEED 9284:20230712:142725.429 OK 9284:20230712:142725.430 End of send_buffer():SUCCEED 9284:20230712:142725.431 End of process_value():SUCCEED 9284:20230712:142725.431 In zbx_parse_eventlog_message6() EventRecordID:25028 9284:20230712:142725.432 In expand_message6() 9284:20230712:142725.434 End of expand_message6():svchost (6272,P,98) DS_Token_DB: The database engine (10.00.19044.0000) is starting a new instance (0). 9284:20230712:142725.434 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.435 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25028 value:'svchost (6272,P,98) DS_Token_DB: The database engine (10.00.19044.0000) is starting a new instance (0).' 9284:20230712:142725.435 buffer: new element 0 9284:20230712:142725.436 End of process_value():SUCCEED 9284:20230712:142725.437 In zbx_parse_eventlog_message6() EventRecordID:25029 9284:20230712:142725.437 In expand_message6() 9284:20230712:142725.439 End of expand_message6():svchost (6272,R,98) DS_Token_DB: The database engine is initiating recovery steps. 9284:20230712:142725.439 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.440 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25029 value:'svchost (6272,R,98) DS_Token_DB: The database engine is initiating recovery steps.' 9284:20230712:142725.440 buffer: new element 1 9284:20230712:142725.441 End of process_value():SUCCEED 9284:20230712:142725.441 In zbx_parse_eventlog_message6() EventRecordID:25030 9284:20230712:142725.442 In expand_message6() 9284:20230712:142725.443 End of expand_message6():svchost (6272,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Processing Stats: [1] 0.064487 -0.048408 (9) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:40560/28) +M(C:0K, Fs:117, WS:252K # 256K, PF:168K # 172K, P:168K). Log record of type 'AttachDB ' was seen most frequently (3 times) 9284:20230712:142725.444 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.444 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25030 value:'svchost (6272,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Processing Stats: [1] 0.064487 -0.048408 (9) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:40560/28) +M(C:0K, Fs:117, WS:252K # 256K, PF:168K # 172K, P:168K). Log record of type 'AttachDB ' was seen most frequently (3 times)' 9284:20230712:142725.445 buffer: new element 2 9284:20230712:142725.445 End of process_value():SUCCEED 9284:20230712:142725.446 In zbx_parse_eventlog_message6() EventRecordID:25031 9284:20230712:142725.446 In expand_message6() 9284:20230712:142725.448 End of expand_message6():svchost (6272,U,98) DS_Token_DB: The database engine has successfully completed recovery steps. 9284:20230712:142725.448 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.449 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25031 value:'svchost (6272,U,98) DS_Token_DB: The database engine has successfully completed recovery steps.' 9284:20230712:142725.449 buffer: new element 3 9284:20230712:142725.450 End of process_value():SUCCEED 9284:20230712:142725.450 In zbx_parse_eventlog_message6() EventRecordID:25032 9284:20230712:142725.451 In expand_message6() 9284:20230712:142725.452 End of expand_message6():svchost (6272,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 0000001E:0001:0000 - 0000001E:000A:0039 - 0000001E:000B:0000 - 0000001E:000B:0000 (00000000:0000:0000) cReInits = 3 Internal Timing Sequence: [1] 0.000987 +J(0) +M(C:0K, Fs:148, WS:576K # 576K, PF:2768K # 2768K, P:2768K) [2] 0.000588 +J(0) +M(C:8K, Fs:242, WS:960K # 960K, PF:1212K # 1212K, P:1212K) [3] 0.000019 +J(0) +M(C:0K, Fs:4, WS:12K # 12K, PF:68K # 68K, P:68K) [4] 0.000110 +J(0) +M(C:0K, Fs:32, WS:128K # 128K, PF:164K # 164K, P:164K) [5] 0.002561 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K) [6] 0.005584 +J(0) +M(C:0K, Fs:26, WS:104K # 104K, PF:12K # 12K, P:12K) [7] 0.003686 -0.000446 (2) WT +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:64K # 64K, P:64K) [8] 0.074956 -0.048722 (12) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:40560/28) +M(C:0K, Fs:149, WS:372K # 376K, PF:252K # 256K, P:252K) [9] 0.000971 +J(0) +M(C:0K, Fs:8, WS:32K # 28K, PF:4K # 0K, P:4K) [10] 0.003005 -0.002206 (1) WT +J(0) +M(C:0K, Fs:14, WS:-8K # 52K, PF:8K # 68K, P:8K) [11] 0.000022 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [12] 0.003844 -0.002481 (1) WT +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.044801 -0.000323 (2) CM -0.004850 (23) WT +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:52, WS:88K # 100K, PF:160K # 168K, P:160K) [14] 0.000021 +J(0) [15] 0.000011 +J(0) [16] 0.000829 -0.000060 (1) WT +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K). 9284:20230712:142725.453 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.453 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25032 value:'svchost (6272,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 0000001E:0001:0000 - 0000001E:000A:0039 - 0000001E:000B:0000 - 0000001E:000B:0000 (00000000:0000:0000) cReInits = 3 Internal Timing Sequence: [1] 0.000987 +J(0) +M(C:0K, Fs:148, WS:576K # 576K, PF:2768K # 2768K, P:2768K) [2] 0.000588 +J(0) +M(C:8K, Fs:242, WS:960K # 960K, PF:1212K # 1212K, P:1212K) [3] 0.000019 +J(0) +M(C:0K, Fs:4, WS:12K # 12K, PF:68K # 68K, P:68K) [4] 0.000110 +J(0) +M(C:0K, Fs:32, WS:128K # 128K, PF:164K # 164K, P:164K) [5] 0.002561 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K) [6] 0.005584 +J(0) +M(C:0K, Fs:26, WS:104K # 104K, PF:12K # 12K, P:12K) [7] 0.003686 -0.000446 (2) WT +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:64K # 64K, P:64K) [8] 0.074956 -0.048722 (12) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:40560/28) +M(C:0K, Fs:149, WS:372K # 376K, PF:252K # 256K, P:252K) [9] 0.000971 +J(0) +M(C:0K, Fs:8, WS:32K # 28K, PF:4K # 0K, P:4K) [10] 0.003005 -0.002206 (1) WT +J(0) +M(C:0K, Fs:14, WS:-8K # 52K, PF:8K # 68K, P:8K) [11] 0.000022 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [12] 0.003844 -0.002481 (1) WT +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.044801 -0.000323 (2) CM -0.004850 (23) WT +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:52, WS:88K # 100K, PF:160K # 168K, P:160K) [14] 0.000021 +J(0) [15] 0.000011 +J(0) [16] 0.000829 -0.000060 (1) WT +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).' 9284:20230712:142725.454 buffer: new element 4 9284:20230712:142725.454 End of process_value():SUCCEED 9284:20230712:142725.455 In zbx_parse_eventlog_message6() EventRecordID:25033 9284:20230712:142725.455 In expand_message6() 9284:20230712:142725.457 End of expand_message6():svchost (6272,D,50) DS_Token_DB: The database engine attached a database (1, C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 0000001E:000D:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000004 +J(0) [2] 0.001121 -0.000385 (1) WT +J(0) +M(C:0K, Fs:17, WS:4K # 8K, PF:4K # 0K, P:4K) [3] 0.009463 -0.000672 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:12, WS:44K # 0K, PF:40K # 0K, P:40K) [4] 0.001860 +J(0) [5] - [6] - [7] - [8] 0.000439 -0.000299 (2) CM -0.000224 (2) WT +J(CM:2, PgRf:2, Rd:4/2, Dy:0/0, Lg:54/1) +M(C:8K, Fs:5, WS:20K # 0K, PF:28K # 4K, P:28K) [9] 0.000782 -0.000566 (3) CM -0.000461 (3) WT +J(CM:3, PgRf:23, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:28, WS:104K # 104K, PF:196K # 204K, P:196K) [10] 0.000662 -0.000557 (2) CM -0.000495 (2) WT +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:64K # 56K, P:64K) [11] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000059 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:8, WS:32K # 32K, PF:52K # 52K, P:52K) [13] 0.000001 +J(0) [14] 0.0 +J(0) [15] 0.000007 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0). 9284:20230712:142725.457 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.458 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25033 value:'svchost (6272,D,50) DS_Token_DB: The database engine attached a database (1, C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 0000001E:000D:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000004 +J(0) [2] 0.001121 -0.000385 (1) WT +J(0) +M(C:0K, Fs:17, WS:4K # 8K, PF:4K # 0K, P:4K) [3] 0.009463 -0.000672 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:12, WS:44K # 0K, PF:40K # 0K, P:40K) [4] 0.001860 +J(0) [5] - [6] - [7] - [8] 0.000439 -0.000299 (2) CM -0.000224 (2) WT +J(CM:2, PgRf:2, Rd:4/2, Dy:0/0, Lg:54/1) +M(C:8K, Fs:5, WS:20K # 0K, PF:28K # 4K, P:28K) [9] 0.000782 -0.000566 (3) CM -0.000461 (3) WT +J(CM:3, PgRf:23, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:28, WS:104K # 104K, PF:196K # 204K, P:196K) [10] 0.000662 -0.000557 (2) CM -0.000495 (2) WT +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:64K # 56K, P:64K) [11] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000059 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:8, WS:32K # 32K, PF:52K # 52K, P:52K) [13] 0.000001 +J(0) [14] 0.0 +J(0) [15] 0.000007 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).' 9284:20230712:142725.458 buffer: new element 5 9284:20230712:142725.459 End of process_value():SUCCEED 9284:20230712:142725.459 In zbx_parse_eventlog_message6() EventRecordID:25034 9284:20230712:142725.460 In expand_message6() 9284:20230712:142725.461 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142725.462 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.462 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25034 value:'Offline downlevel migration succeeded.' 9284:20230712:142725.463 buffer: new element 6 9284:20230712:142725.463 End of process_value():SUCCEED 9284:20230712:142725.464 In zbx_parse_eventlog_message6() EventRecordID:25035 9284:20230712:142725.464 In expand_message6() 9284:20230712:142725.466 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-05T06:54:09Z. Reason: RulesEngine. 9284:20230712:142725.466 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.467 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25035 value:'Successfully scheduled Software Protection service for re-start at 2122-08-05T06:54:09Z. Reason: RulesEngine.' 9284:20230712:142725.467 buffer: new element 7 9284:20230712:142725.468 End of process_value():SUCCEED 9284:20230712:142725.468 In zbx_parse_eventlog_message6() EventRecordID:25036 9284:20230712:142725.469 In expand_message6() 9284:20230712:142725.471 End of expand_message6():Starting session 1 - ‎2022‎-‎08‎-‎29T06:54:23.799853600Z. 9284:20230712:142725.471 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.472 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25036 value:'Starting session 1 - ‎2022‎-‎08‎-‎29T06:54:23.799853600Z.' 9284:20230712:142725.472 buffer: new element 8 9284:20230712:142725.473 End of process_value():SUCCEED 9284:20230712:142725.473 In zbx_parse_eventlog_message6() EventRecordID:25037 9284:20230712:142725.474 In expand_message6() 9284:20230712:142725.475 End of expand_message6():Ending session 1 started ‎2022‎-‎08‎-‎29T06:54:23.799853600Z. 9284:20230712:142725.476 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.476 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25037 value:'Ending session 1 started ‎2022‎-‎08‎-‎29T06:54:23.799853600Z.' 9284:20230712:142725.477 buffer: new element 9 9284:20230712:142725.477 End of process_value():SUCCEED 9284:20230712:142725.478 In zbx_parse_eventlog_message6() EventRecordID:25038 9284:20230712:142725.478 In expand_message6() 9284:20230712:142725.480 End of expand_message6():Starting reconciliation for the store C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.ost for the following reason: Automatic Reconciliation. 9284:20230712:142725.480 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.481 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25038 value:'Starting reconciliation for the store C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.ost for the following reason: Automatic Reconciliation.' 9284:20230712:142725.481 buffer: new element 10 9284:20230712:142725.481 End of process_value():SUCCEED 9284:20230712:142725.482 In zbx_parse_eventlog_message6() EventRecordID:25039 9284:20230712:142725.482 In expand_message6() 9284:20230712:142725.484 End of expand_message6():Starting reconciliation for the store C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.nst for the following reason: Automatic Reconciliation. 9284:20230712:142725.484 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.485 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25039 value:'Starting reconciliation for the store C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.nst for the following reason: Automatic Reconciliation.' 9284:20230712:142725.486 buffer: new element 11 9284:20230712:142725.486 End of process_value():SUCCEED 9284:20230712:142725.487 In zbx_parse_eventlog_message6() EventRecordID:25040 9284:20230712:142725.487 In expand_message6() 9284:20230712:142725.489 End of expand_message6():Reconciliation completed for the following store: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.ost. Stats: Added: 0, Deleted: 0, Modified: 3, Compared: 1909, Queries: 0, Results: 0, Version: 16.0.15427.20060. 9284:20230712:142725.489 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.490 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25040 value:'Reconciliation completed for the following store: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.ost. Stats: Added: 0, Deleted: 0, Modified: 3, Compared: 1909, Queries: 0, Results: 0, Version: 16.0.15427.20060.' 9284:20230712:142725.490 buffer: new element 12 9284:20230712:142725.491 End of process_value():SUCCEED 9284:20230712:142725.491 In zbx_parse_eventlog_message6() EventRecordID:25041 9284:20230712:142725.492 In expand_message6() 9284:20230712:142725.493 End of expand_message6():Reconciliation completed for the following store: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.nst. Stats: Added: 0, Deleted: 0, Modified: 0, Compared: 574, Queries: 0, Results: 0, Version: 16.0.15427.20060. 9284:20230712:142725.494 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.495 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25041 value:'Reconciliation completed for the following store: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.nst. Stats: Added: 0, Deleted: 0, Modified: 0, Compared: 574, Queries: 0, Results: 0, Version: 16.0.15427.20060.' 9284:20230712:142725.495 buffer: new element 13 9284:20230712:142725.496 End of process_value():SUCCEED 9284:20230712:142725.496 In zbx_parse_eventlog_message6() EventRecordID:25042 9284:20230712:142725.497 In expand_message6() 9284:20230712:142725.499 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142725.499 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.500 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25042 value:'Offline downlevel migration succeeded.' 9284:20230712:142725.500 buffer: new element 14 9284:20230712:142725.501 End of process_value():SUCCEED 9284:20230712:142725.501 In zbx_parse_eventlog_message6() EventRecordID:25043 9284:20230712:142725.502 In expand_message6() 9284:20230712:142725.504 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-05T06:59:07Z. Reason: RulesEngine. 9284:20230712:142725.504 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.505 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25043 value:'Successfully scheduled Software Protection service for re-start at 2122-08-05T06:59:07Z. Reason: RulesEngine.' 9284:20230712:142725.506 buffer: new element 15 9284:20230712:142725.506 End of process_value():SUCCEED 9284:20230712:142725.507 In zbx_parse_eventlog_message6() EventRecordID:25044 9284:20230712:142725.507 In expand_message6() 9284:20230712:142725.509 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142725.509 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.510 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25044 value:'Offline downlevel migration succeeded.' 9284:20230712:142725.511 buffer: new element 16 9284:20230712:142725.511 End of process_value():SUCCEED 9284:20230712:142725.512 In zbx_parse_eventlog_message6() EventRecordID:25045 9284:20230712:142725.512 In expand_message6() 9284:20230712:142725.514 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-05T08:18:27Z. Reason: RulesEngine. 9284:20230712:142725.515 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.515 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25045 value:'Successfully scheduled Software Protection service for re-start at 2122-08-05T08:18:27Z. Reason: RulesEngine.' 9284:20230712:142725.516 buffer: new element 17 9284:20230712:142725.516 End of process_value():SUCCEED 9284:20230712:142725.517 In zbx_parse_eventlog_message6() EventRecordID:25046 9284:20230712:142725.517 In expand_message6() 9284:20230712:142725.519 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142725.520 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.520 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25046 value:'Offline downlevel migration succeeded.' 9284:20230712:142725.521 buffer: new element 18 9284:20230712:142725.521 End of process_value():SUCCEED 9284:20230712:142725.522 In zbx_parse_eventlog_message6() EventRecordID:25047 9284:20230712:142725.522 In expand_message6() 9284:20230712:142725.524 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142725.524 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.525 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25047 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142725.525 buffer: new element 19 9284:20230712:142725.526 End of process_value():SUCCEED 9284:20230712:142725.527 In zbx_parse_eventlog_message6() EventRecordID:25048 9284:20230712:142725.527 In expand_message6() 9284:20230712:142725.529 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-05T09:23:37Z. Reason: RulesEngine. 9284:20230712:142725.529 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.530 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25048 value:'Successfully scheduled Software Protection service for re-start at 2122-08-05T09:23:37Z. Reason: RulesEngine.' 9284:20230712:142725.531 buffer: new element 20 9284:20230712:142725.531 End of process_value():SUCCEED 9284:20230712:142725.532 In zbx_parse_eventlog_message6() EventRecordID:25049 9284:20230712:142725.532 In expand_message6() 9284:20230712:142725.534 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142725.534 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.535 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25049 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142725.535 buffer: new element 21 9284:20230712:142725.536 End of process_value():SUCCEED 9284:20230712:142725.536 In zbx_parse_eventlog_message6() EventRecordID:25050 9284:20230712:142725.537 In expand_message6() 9284:20230712:142725.538 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142725.538 ====== Fatal information: ====== 9284:20230712:142725.539 Program counter: 0x67e2cf19 9284:20230712:142725.539 === Registers: === 9284:20230712:142725.540 r8 = 18 = 24 = 24 9284:20230712:142725.540 r9 = 0 = 0 = 0 9284:20230712:142725.541 r10 = 0 = 0 = 0 9284:20230712:142725.542 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142725.542 r12 = 38629f0 = 59124208 = 59124208 9284:20230712:142725.543 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142725.544 r14 = 0 = 0 = 0 9284:20230712:142725.544 r15 = 0 = 0 = 0 9284:20230712:142725.545 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142725.545 rsi = 385f270 = 59110000 = 59110000 9284:20230712:142725.546 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142725.546 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142725.547 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142725.548 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142725.548 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142725.549 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142725.549 efl = 202 = 514 = 514 9284:20230712:142725.550 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142725.550 === Backtrace: === 9284:20230712:142725.709 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142725.710 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142725.711 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142725.711 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142725.712 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142725.714 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142725.715 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142725.716 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142725.716 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142725.717 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142725.718 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142725.719 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142725.719 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142725.720 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142725.725 ================================ 9284:20230712:142725.725 provider 'gupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142725.726 End of expand_message6():(null) 9284:20230712:142725.726 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.727 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25050 value:'The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142725.727 buffer: new element 22 9284:20230712:142725.728 End of process_value():SUCCEED 9284:20230712:142725.728 In zbx_parse_eventlog_message6() EventRecordID:25051 9284:20230712:142725.729 In expand_message6() 9284:20230712:142725.729 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142725.730 ====== Fatal information: ====== 9284:20230712:142725.730 Program counter: 0x67e2cf19 9284:20230712:142725.731 === Registers: === 9284:20230712:142725.731 r8 = 18 = 24 = 24 9284:20230712:142725.732 r9 = 0 = 0 = 0 9284:20230712:142725.732 r10 = 0 = 0 = 0 9284:20230712:142725.733 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142725.733 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142725.734 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142725.734 r14 = 0 = 0 = 0 9284:20230712:142725.735 r15 = 0 = 0 = 0 9284:20230712:142725.735 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142725.736 rsi = 385fbd0 = 59112400 = 59112400 9284:20230712:142725.736 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142725.737 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142725.737 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142725.738 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142725.738 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142725.739 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142725.739 efl = 202 = 514 = 514 9284:20230712:142725.740 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142725.740 === Backtrace: === 9284:20230712:142725.900 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142725.901 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142725.902 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142725.903 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142725.903 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142725.906 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142725.907 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142725.907 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142725.908 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142725.909 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142725.910 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142725.911 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142725.912 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142725.913 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142725.918 ================================ 9284:20230712:142725.918 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142725.919 End of expand_message6():(null) 9284:20230712:142725.920 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142725.920 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25051 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started' 9284:20230712:142725.921 buffer: new element 23 9284:20230712:142725.922 End of process_value():SUCCEED 9284:20230712:142725.922 In zbx_parse_eventlog_message6() EventRecordID:25052 9284:20230712:142725.923 In expand_message6() 9284:20230712:142725.923 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142725.924 ====== Fatal information: ====== 9284:20230712:142725.925 Program counter: 0x67e2cf19 9284:20230712:142725.925 === Registers: === 9284:20230712:142725.926 r8 = 18 = 24 = 24 9284:20230712:142725.926 r9 = 0 = 0 = 0 9284:20230712:142725.927 r10 = 0 = 0 = 0 9284:20230712:142725.928 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142725.928 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142725.929 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142725.929 r14 = 0 = 0 = 0 9284:20230712:142725.930 r15 = 0 = 0 = 0 9284:20230712:142725.930 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142725.931 rsi = 385e690 = 59106960 = 59106960 9284:20230712:142725.932 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142725.932 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142725.933 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142725.933 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142725.934 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142725.934 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142725.935 efl = 202 = 514 = 514 9284:20230712:142725.936 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142725.936 === Backtrace: === 9284:20230712:142726.096 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142726.097 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142726.098 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142726.098 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142726.099 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142726.101 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142726.102 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142726.103 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142726.104 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142726.105 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142726.106 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142726.107 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142726.108 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142726.108 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142726.114 ================================ 9284:20230712:142726.114 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142726.115 End of expand_message6():(null) 9284:20230712:142726.116 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.116 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25052 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142726.117 buffer: new element 24 9284:20230712:142726.118 End of process_value():SUCCEED 9284:20230712:142726.119 In zbx_parse_eventlog_message6() EventRecordID:25053 9284:20230712:142726.119 In expand_message6() 9284:20230712:142726.121 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142726.122 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.123 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25053 value:'Offline downlevel migration succeeded.' 9284:20230712:142726.123 buffer: new element 25 9284:20230712:142726.124 End of process_value():SUCCEED 9284:20230712:142726.125 In zbx_parse_eventlog_message6() EventRecordID:25054 9284:20230712:142726.126 In expand_message6() 9284:20230712:142726.127 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142726.128 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.129 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25054 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142726.129 buffer: new element 26 9284:20230712:142726.130 End of process_value():SUCCEED 9284:20230712:142726.131 In zbx_parse_eventlog_message6() EventRecordID:25055 9284:20230712:142726.131 In expand_message6() 9284:20230712:142726.133 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-05T12:23:36Z. Reason: RulesEngine. 9284:20230712:142726.134 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.135 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25055 value:'Successfully scheduled Software Protection service for re-start at 2122-08-05T12:23:36Z. Reason: RulesEngine.' 9284:20230712:142726.135 buffer: new element 27 9284:20230712:142726.136 End of process_value():SUCCEED 9284:20230712:142726.137 In zbx_parse_eventlog_message6() EventRecordID:25056 9284:20230712:142726.137 In expand_message6() 2184:20230712:142726.138 In collect_perfstat() 9284:20230712:142726.139 End of expand_message6():The VSS service is shutting down due to idle timeout. 9284:20230712:142726.140 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.141 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25056 value:'The VSS service is shutting down due to idle timeout. ' 2184:20230712:142726.141 End of collect_perfstat() 9284:20230712:142726.142 buffer: new element 28 9284:20230712:142726.143 End of process_value():SUCCEED 9284:20230712:142726.144 In zbx_parse_eventlog_message6() EventRecordID:25057 9284:20230712:142726.144 In expand_message6() 9284:20230712:142726.146 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142726.147 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.147 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25057 value:'Offline downlevel migration succeeded.' 9284:20230712:142726.148 buffer: new element 29 9284:20230712:142726.148 End of process_value():SUCCEED 9284:20230712:142726.149 In zbx_parse_eventlog_message6() EventRecordID:25058 9284:20230712:142726.150 In expand_message6() 9284:20230712:142726.151 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-05T13:57:23Z. Reason: RulesEngine. 9284:20230712:142726.152 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.152 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25058 value:'Successfully scheduled Software Protection service for re-start at 2122-08-05T13:57:23Z. Reason: RulesEngine.' 9284:20230712:142726.153 buffer: new element 30 9284:20230712:142726.153 End of process_value():SUCCEED 9284:20230712:142726.154 In zbx_parse_eventlog_message6() EventRecordID:25059 9284:20230712:142726.155 In expand_message6() 9284:20230712:142726.156 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142726.157 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.157 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25059 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142726.158 buffer: new element 31 9284:20230712:142726.158 End of process_value():SUCCEED 9284:20230712:142726.159 In zbx_parse_eventlog_message6() EventRecordID:25060 9284:20230712:142726.159 In expand_message6() 9284:20230712:142726.161 End of expand_message6():Outlook detected a change notification for your apps and will attempt to update them. 9284:20230712:142726.161 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.162 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25060 value:'Outlook detected a change notification for your apps and will attempt to update them.' 9284:20230712:142726.162 buffer: new element 32 9284:20230712:142726.163 End of process_value():SUCCEED 9284:20230712:142726.164 In zbx_parse_eventlog_message6() EventRecordID:25061 9284:20230712:142726.164 In expand_message6() 9284:20230712:142726.165 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142726.166 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.166 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25061 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142726.167 buffer: new element 33 9284:20230712:142726.167 End of process_value():SUCCEED 9284:20230712:142726.168 In zbx_parse_eventlog_message6() EventRecordID:25062 9284:20230712:142726.169 In expand_message6() 9284:20230712:142726.170 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142726.171 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.171 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25062 value:'Offline downlevel migration succeeded.' 9284:20230712:142726.172 buffer: new element 34 9284:20230712:142726.172 End of process_value():SUCCEED 9284:20230712:142726.173 In zbx_parse_eventlog_message6() EventRecordID:25063 9284:20230712:142726.173 In expand_message6() 9284:20230712:142726.175 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-05T14:36:44Z. Reason: RulesEngine. 9284:20230712:142726.176 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.176 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25063 value:'Successfully scheduled Software Protection service for re-start at 2122-08-05T14:36:44Z. Reason: RulesEngine.' 9284:20230712:142726.177 buffer: new element 35 9284:20230712:142726.177 End of process_value():SUCCEED 9284:20230712:142726.178 In zbx_parse_eventlog_message6() EventRecordID:25064 9284:20230712:142726.178 In expand_message6() 9284:20230712:142726.179 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142726.179 ====== Fatal information: ====== 9284:20230712:142726.180 Program counter: 0x67e2cf19 9284:20230712:142726.180 === Registers: === 9284:20230712:142726.181 r8 = 18 = 24 = 24 9284:20230712:142726.181 r9 = 0 = 0 = 0 9284:20230712:142726.182 r10 = 0 = 0 = 0 9284:20230712:142726.182 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142726.183 r12 = 384f750 = 59045712 = 59045712 9284:20230712:142726.183 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142726.184 r14 = 0 = 0 = 0 9284:20230712:142726.184 r15 = 0 = 0 = 0 9284:20230712:142726.184 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142726.185 rsi = 385ee10 = 59108880 = 59108880 9284:20230712:142726.185 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142726.186 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142726.186 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142726.187 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142726.187 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142726.188 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142726.188 efl = 202 = 514 = 514 9284:20230712:142726.189 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142726.189 === Backtrace: === 9284:20230712:142726.350 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142726.350 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142726.351 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142726.351 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142726.352 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142726.354 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142726.355 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142726.356 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142726.357 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142726.358 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142726.359 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142726.359 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142726.360 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142726.361 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142726.366 ================================ 9284:20230712:142726.366 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142726.367 End of expand_message6():(null) 9284:20230712:142726.368 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.368 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25064 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test ' 9284:20230712:142726.369 buffer: new element 36 9284:20230712:142726.370 End of process_value():SUCCEED 9284:20230712:142726.370 In zbx_parse_eventlog_message6() EventRecordID:25065 9284:20230712:142726.371 In expand_message6() 9284:20230712:142726.372 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142726.373 ====== Fatal information: ====== 9284:20230712:142726.373 Program counter: 0x67e2cf19 9284:20230712:142726.374 === Registers: === 9284:20230712:142726.374 r8 = 18 = 24 = 24 9284:20230712:142726.375 r9 = 0 = 0 = 0 9284:20230712:142726.375 r10 = 0 = 0 = 0 9284:20230712:142726.376 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142726.377 r12 = 384e790 = 59041680 = 59041680 9284:20230712:142726.377 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142726.378 r14 = 0 = 0 = 0 9284:20230712:142726.378 r15 = 0 = 0 = 0 9284:20230712:142726.379 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142726.379 rsi = 385ee10 = 59108880 = 59108880 9284:20230712:142726.380 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142726.381 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142726.381 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142726.382 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142726.382 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142726.383 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142726.384 efl = 202 = 514 = 514 9284:20230712:142726.384 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142726.385 === Backtrace: === 9284:20230712:142726.544 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142726.545 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142726.546 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142726.546 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142726.547 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142726.549 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142726.550 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142726.551 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142726.552 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142726.553 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142726.554 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142726.555 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142726.555 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142726.556 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142726.561 ================================ 9284:20230712:142726.562 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142726.562 End of expand_message6():(null) 9284:20230712:142726.563 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.564 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25065 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 ' 9284:20230712:142726.564 buffer: new element 37 9284:20230712:142726.565 End of process_value():SUCCEED 9284:20230712:142726.566 In zbx_parse_eventlog_message6() EventRecordID:25066 9284:20230712:142726.566 In expand_message6() 9284:20230712:142726.568 End of expand_message6():The winlogon notification subscriber was unavailable to handle a notification event. 9284:20230712:142726.569 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.569 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25066 value:'The winlogon notification subscriber was unavailable to handle a notification event.' 9284:20230712:142726.570 buffer: new element 38 9284:20230712:142726.571 End of process_value():SUCCEED 9284:20230712:142726.571 In zbx_parse_eventlog_message6() EventRecordID:25067 9284:20230712:142726.572 In expand_message6() 9284:20230712:142726.573 End of expand_message6():The winlogon notification subscriber was unavailable to handle a notification event. 9284:20230712:142726.574 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.574 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25067 value:'The winlogon notification subscriber was unavailable to handle a notification event.' 9284:20230712:142726.575 buffer: new element 39 9284:20230712:142726.575 End of process_value():SUCCEED 9284:20230712:142726.576 In zbx_parse_eventlog_message6() EventRecordID:25068 9284:20230712:142726.577 In expand_message6() 9284:20230712:142726.577 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142726.578 ====== Fatal information: ====== 9284:20230712:142726.579 Program counter: 0x67e2cf19 9284:20230712:142726.579 === Registers: === 9284:20230712:142726.580 r8 = 18 = 24 = 24 9284:20230712:142726.581 r9 = 0 = 0 = 0 9284:20230712:142726.581 r10 = 0 = 0 = 0 9284:20230712:142726.582 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142726.582 r12 = 384fc90 = 59047056 = 59047056 9284:20230712:142726.583 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142726.584 r14 = 0 = 0 = 0 9284:20230712:142726.584 r15 = 0 = 0 = 0 9284:20230712:142726.585 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142726.586 rsi = 385fdb0 = 59112880 = 59112880 9284:20230712:142726.586 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142726.587 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142726.588 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142726.588 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142726.589 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142726.589 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142726.590 efl = 202 = 514 = 514 9284:20230712:142726.591 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142726.591 === Backtrace: === 9284:20230712:142726.751 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142726.751 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142726.752 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142726.753 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142726.753 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142726.756 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142726.757 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142726.757 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142726.758 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142726.759 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142726.760 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142726.760 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142726.761 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142726.762 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142726.767 ================================ 9284:20230712:142726.767 provider 'BrService_4_3_4_610' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142726.768 End of expand_message6():(null) 9284:20230712:142726.768 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.769 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25068 value:'The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142726.769 buffer: new element 40 9284:20230712:142726.770 End of process_value():SUCCEED 9284:20230712:142726.770 In zbx_parse_eventlog_message6() EventRecordID:25069 9284:20230712:142726.771 In expand_message6() 9284:20230712:142726.772 End of expand_message6():Service has been successfully shut down. 9284:20230712:142726.773 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.773 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25069 value:'Service has been successfully shut down.' 9284:20230712:142726.774 buffer: new element 41 9284:20230712:142726.774 End of process_value():SUCCEED 9284:20230712:142726.775 In zbx_parse_eventlog_message6() EventRecordID:25070 9284:20230712:142726.775 In expand_message6() 9284:20230712:142726.776 End of expand_message6():Service has been successfully shut down. 9284:20230712:142726.777 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.777 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25070 value:'Service has been successfully shut down.' 9284:20230712:142726.778 buffer: new element 42 9284:20230712:142726.778 End of process_value():SUCCEED 9284:20230712:142726.779 In zbx_parse_eventlog_message6() EventRecordID:25071 9284:20230712:142726.779 In expand_message6() 9284:20230712:142726.780 End of expand_message6():Service has been successfully shut down. 9284:20230712:142726.781 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.781 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25071 value:'Service has been successfully shut down.' 9284:20230712:142726.782 buffer: new element 43 9284:20230712:142726.782 End of process_value():SUCCEED 9284:20230712:142726.783 In zbx_parse_eventlog_message6() EventRecordID:25072 9284:20230712:142726.783 In expand_message6() 9284:20230712:142726.785 End of expand_message6():The Windows Security Center Service has stopped. 9284:20230712:142726.785 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.786 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25072 value:'The Windows Security Center Service has stopped.' 9284:20230712:142726.786 buffer: new element 44 9284:20230712:142726.787 End of process_value():SUCCEED 9284:20230712:142726.787 In zbx_parse_eventlog_message6() EventRecordID:25073 9284:20230712:142726.788 In expand_message6() 9284:20230712:142726.789 End of expand_message6():Service stopped (0) 9284:20230712:142726.789 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.790 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25073 value:'Service stopped (0) ' 9284:20230712:142726.790 buffer: new element 45 9284:20230712:142726.791 End of process_value():SUCCEED 9284:20230712:142726.791 In zbx_parse_eventlog_message6() EventRecordID:25074 9284:20230712:142726.792 In expand_message6() 9284:20230712:142726.794 End of expand_message6():The User Profile Service has stopped. 9284:20230712:142726.794 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.795 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25074 value:'The User Profile Service has stopped. ' 9284:20230712:142726.795 buffer: new element 46 9284:20230712:142726.796 End of process_value():SUCCEED 9284:20230712:142726.796 In zbx_parse_eventlog_message6() EventRecordID:25075 9284:20230712:142726.797 In expand_message6() 9284:20230712:142726.797 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142726.798 ====== Fatal information: ====== 9284:20230712:142726.798 Program counter: 0x67e2cf19 9284:20230712:142726.799 === Registers: === 9284:20230712:142726.799 r8 = 18 = 24 = 24 9284:20230712:142726.800 r9 = 0 = 0 = 0 9284:20230712:142726.800 r10 = 0 = 0 = 0 9284:20230712:142726.801 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142726.801 r12 = 33f4170 = 54477168 = 54477168 9284:20230712:142726.802 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142726.802 r14 = 0 = 0 = 0 9284:20230712:142726.802 r15 = 0 = 0 = 0 9284:20230712:142726.803 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142726.803 rsi = 385f950 = 59111760 = 59111760 9284:20230712:142726.804 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142726.804 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142726.805 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142726.805 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142726.806 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142726.806 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142726.807 efl = 202 = 514 = 514 9284:20230712:142726.807 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142726.808 === Backtrace: === 9284:20230712:142726.968 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142726.968 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142726.969 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142726.970 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142726.971 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142726.973 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142726.974 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142726.975 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142726.976 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142726.977 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142726.978 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142726.979 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142726.980 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142726.980 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142726.986 ================================ 9284:20230712:142726.986 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142726.987 End of expand_message6():(null) 9284:20230712:142726.988 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.989 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25075 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed' 9284:20230712:142726.989 buffer: new element 47 9284:20230712:142726.990 End of process_value():SUCCEED 9284:20230712:142726.991 In zbx_parse_eventlog_message6() EventRecordID:25076 9284:20230712:142726.992 In expand_message6() 9284:20230712:142726.994 End of expand_message6():The User Profile Service has started successfully. 9284:20230712:142726.995 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142726.996 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25076 value:'The User Profile Service has started successfully. ' 9284:20230712:142726.997 buffer: new element 48 9284:20230712:142726.997 End of process_value():SUCCEED 9284:20230712:142726.998 In zbx_parse_eventlog_message6() EventRecordID:25077 9284:20230712:142726.999 In expand_message6() 9284:20230712:142727.001 End of expand_message6():Windows Management Instrumentation Service started sucessfully 9284:20230712:142727.002 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142727.003 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25077 value:'Windows Management Instrumentation Service started sucessfully' 9284:20230712:142727.004 buffer: new element 49 9284:20230712:142727.005 In send_buffer() host:'192.168.56.201' port:10051 entries:50/100 9284:20230712:142727.006 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:60, connection timeout:3] 9284:20230712:142727.007 JSON before sending [{"request":"agent data","session":"4027be861358abcc6136983f1f36335c","data":[{"host":"Windows host","key":"eventlog[Application]","value":"svchost (6272,P,98) DS_Token_DB: The database engine (10.00.19044.0000) is starting a new instance (0).","lastlogsize":25028,"timestamp":1661756020,"source":"ESENT","severity":1,"eventid":102,"id":51,"clock":1689161245,"ns":436108100},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (6272,R,98) DS_Token_DB: The database engine is initiating recovery steps.","lastlogsize":25029,"timestamp":1661756020,"source":"ESENT","severity":1,"eventid":300,"id":52,"clock":1689161245,"ns":441007000},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (6272,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\\WINDOWS\\system32\\config\\systemprofile\\AppData\\Local\\DataSharing\\Storage\\DSS.log. \r\n \r\nProcessing Stats: \n[1] 0.064487 -0.048408 (9) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:40560/28) +M(C:0K, Fs:117, WS:252K # 256K, PF:168K # 172K, P:168K). \r\nLog record of type 'AttachDB ' was seen most frequently (3 times)","lastlogsize":25030,"timestamp":1661756020,"source":"ESENT","severity":1,"eventid":301,"id":53,"clock":1689161245,"ns":445436800},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (6272,U,98) DS_Token_DB: The database engine has successfully completed recovery steps.","lastlogsize":25031,"timestamp":1661756020,"source":"ESENT","severity":1,"eventid":302,"id":54,"clock":1689161245,"ns":449807300},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (6272,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) \r\n \r\nAdditional Data:\r\n lgposV2[] = 0000001E:0001:0000 - 0000001E:000A:0039 - 0000001E:000B:0000 - 0000001E:000B:0000 (00000000:0000:0000)\ncReInits = 3\n \r\n \r\nInternal Timing Sequence: \n[1] 0.000987 +J(0) +M(C:0K, Fs:148, WS:576K # 576K, PF:2768K # 2768K, P:2768K)\n[2] 0.000588 +J(0) +M(C:8K, Fs:242, WS:960K # 960K, PF:1212K # 1212K, P:1212K)\n[3] 0.000019 +J(0) +M(C:0K, Fs:4, WS:12K # 12K, PF:68K # 68K, P:68K)\n[4] 0.000110 +J(0) +M(C:0K, Fs:32, WS:128K # 128K, PF:164K # 164K, P:164K)\n[5] 0.002561 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K)\n[6] 0.005584 +J(0) +M(C:0K, Fs:26, WS:104K # 104K, PF:12K # 12K, P:12K)\n[7] 0.003686 -0.000446 (2) WT +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:64K # 64K, P:64K)\n[8] 0.074956 -0.048722 (12) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:40560/28) +M(C:0K, Fs:149, WS:372K # 376K, PF:252K # 256K, P:252K)\n[9] 0.000971 +J(0) +M(C:0K, Fs:8, WS:32K # 28K, PF:4K # 0K, P:4K)\n[10] 0.003005 -0.002206 (1) WT +J(0) +M(C:0K, Fs:14, WS:-8K # 52K, PF:8K # 68K, P:8K)\n[11] 0.000022 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[12] 0.003844 -0.002481 (1) WT +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[13] 0.044801 -0.000323 (2) CM -0.004850 (23) WT +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:52, WS:88K # 100K, PF:160K # 168K, P:160K)\n[14] 0.000021 +J(0)\n[15] 0.000011 +J(0)\n[16] 0.000829 -0.000060 (1) WT +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).","lastlogsize":25032,"timestamp":1661756020,"source":"ESENT","severity":1,"eventid":105,"id":55,"clock":1689161245,"ns":454268000},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (6272,D,50) DS_Token_DB: The database engine attached a database (1, C:\\WINDOWS\\system32\\config\\systemprofile\\AppData\\Local\\DataSharing\\Storage\\DSTokenDB2.dat). (Time=0 seconds) \r\n \r\nSaved Cache: 1 0 \r\nAdditional Data: lgposAttach = 0000001E:000D:0268,\ndbv = 1568.110.240 \r\n \r\nInternal Timing Sequence: \n[1] 0.000004 +J(0)\n[2] 0.001121 -0.000385 (1) WT +J(0) +M(C:0K, Fs:17, WS:4K # 8K, PF:4K # 0K, P:4K)\n[3] 0.009463 -0.000672 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:12, WS:44K # 0K, PF:40K # 0K, P:40K)\n[4] 0.001860 +J(0)\n[5] -\n[6] -\n[7] -\n[8] 0.000439 -0.000299 (2) CM -0.000224 (2) WT +J(CM:2, PgRf:2, Rd:4/2, Dy:0/0, Lg:54/1) +M(C:8K, Fs:5, WS:20K # 0K, PF:28K # 4K, P:28K)\n[9] 0.000782 -0.000566 (3) CM -0.000461 (3) WT +J(CM:3, PgRf:23, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:28, WS:104K # 104K, PF:196K # 204K, P:196K)\n[10] 0.000662 -0.000557 (2) CM -0.000495 (2) WT +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:64K # 56K, P:64K)\n[11] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K)\n[12] 0.000059 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:8, WS:32K # 32K, PF:52K # 52K, P:52K)\n[13] 0.000001 +J(0)\n[14] 0.0 +J(0)\n[15] 0.000007 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).","lastlogsize":25033,"timestamp":1661756020,"source":"ESENT","severity":1,"eventid":326,"id":56,"clock":1689161245,"ns":458732500},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25034,"timestamp":1661756021,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":57,"clock":1689161245,"ns":463163300},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-05T06:54:09Z. Reason: RulesEngine.","lastlogsize":25035,"timestamp":1661756049,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":58,"clock":1689161245,"ns":467748500},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 1 - ‎2022‎-‎08‎-‎29T06:54:23.799853600Z.","lastlogsize":25036,"timestamp":1661756063,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":59,"clock":1689161245,"ns":472632300},{"host":"Windows host","key":"eventlog[Application]","value":"Ending session 1 started ‎2022‎-‎08‎-‎29T06:54:23.799853600Z.","lastlogsize":25037,"timestamp":1661756236,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10001,"id":60,"clock":1689161245,"ns":477350500},{"host":"Windows host","key":"eventlog[Application]","value":"Starting reconciliation for the store C:\\Users\\MihailsPrihodko\\AppData\\Local\\Microsoft\\Outlook\\mihails.prihodko@zabbix.com.ost for the following reason: Automatic Reconciliation.","lastlogsize":25038,"timestamp":1661756257,"source":"Outlook","severity":1,"eventid":30,"id":61,"clock":1689161245,"ns":481548200},{"host":"Windows host","key":"eventlog[Application]","value":"Starting reconciliation for the store C:\\Users\\MihailsPrihodko\\AppData\\Local\\Microsoft\\Outlook\\mihails.prihodko@zabbix.com.nst for the following reason: Automatic Reconciliation.","lastlogsize":25039,"timestamp":1661756257,"source":"Outlook","severity":1,"eventid":30,"id":62,"clock":1689161245,"ns":486106600},{"host":"Windows host","key":"eventlog[Application]","value":"Reconciliation completed for the following store: C:\\Users\\MihailsPrihodko\\AppData\\Local\\Microsoft\\Outlook\\mihails.prihodko@zabbix.com.ost. Stats: Added: 0, Deleted: 0, Modified: 3, Compared: 1909, Queries: 0, Results: 0, Version: 16.0.15427.20060.","lastlogsize":25040,"timestamp":1661756264,"source":"Outlook","severity":1,"eventid":38,"id":63,"clock":1689161245,"ns":490932800},{"host":"Windows host","key":"eventlog[Application]","value":"Reconciliation completed for the following store: C:\\Users\\MihailsPrihodko\\AppData\\Local\\Microsoft\\Outlook\\mihails.prihodko@zabbix.com.nst. Stats: Added: 0, Deleted: 0, Modified: 0, Compared: 574, Queries: 0, Results: 0, Version: 16.0.15427.20060.","lastlogsize":25041,"timestamp":1661756272,"source":"Outlook","severity":1,"eventid":38,"id":64,"clock":1689161245,"ns":495694100},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25042,"timestamp":1661756317,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":65,"clock":1689161245,"ns":500859000},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-05T06:59:07Z. Reason: RulesEngine.","lastlogsize":25043,"timestamp":1661756347,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":66,"clock":1689161245,"ns":506118900},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25044,"timestamp":1661761076,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":67,"clock":1689161245,"ns":511181000},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-05T08:18:27Z. Reason: RulesEngine.","lastlogsize":25045,"timestamp":1661761107,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":68,"clock":1689161245,"ns":516198400},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25046,"timestamp":1661764978,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":69,"clock":1689161245,"ns":521322800},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25047,"timestamp":1661764996,"source":"SecurityCenter","severity":1,"eventid":15,"id":70,"clock":1689161245,"ns":526077600},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-05T09:23:37Z. Reason: RulesEngine.","lastlogsize":25048,"timestamp":1661765017,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":71,"clock":1689161245,"ns":531261400},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":25049,"timestamp":1661768111,"source":"Outlook","severity":1,"eventid":63,"id":72,"clock":1689161245,"ns":535894700},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25050,"timestamp":1661772101,"source":"gupdate","severity":1,"id":73,"clock":1689161245,"ns":727964700},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started","lastlogsize":25051,"timestamp":1661772367,"source":"dbupdate","severity":1,"id":74,"clock":1689161245,"ns":921555100},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25052,"timestamp":1661772368,"source":"dbupdate","severity":1,"id":75,"clock":1689161246,"ns":117820400},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25053,"timestamp":1661775778,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":76,"clock":1689161246,"ns":124072100},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25054,"timestamp":1661775795,"source":"SecurityCenter","severity":1,"eventid":15,"id":77,"clock":1689161246,"ns":129984200},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-05T12:23:36Z. Reason: RulesEngine.","lastlogsize":25055,"timestamp":1661775816,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":78,"clock":1689161246,"ns":135867900},{"host":"Windows host","key":"eventlog[Application]","value":"The VSS service is shutting down due to idle timeout. ","lastlogsize":25056,"timestamp":1661775960,"source":"VSS","severity":1,"eventid":8224,"id":79,"clock":1689161246,"ns":142781000},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25057,"timestamp":1661781410,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":80,"clock":1689161246,"ns":148400900},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-05T13:57:23Z. Reason: RulesEngine.","lastlogsize":25058,"timestamp":1661781443,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":81,"clock":1689161246,"ns":153510100},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":25059,"timestamp":1661782540,"source":"Outlook","severity":1,"eventid":63,"id":82,"clock":1689161246,"ns":158296600},{"host":"Windows host","key":"eventlog[Application]","value":"Outlook detected a change notification for your apps and will attempt to update them.","lastlogsize":25060,"timestamp":1661782569,"source":"Outlook","severity":1,"eventid":63,"id":83,"clock":1689161246,"ns":162887200},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":25061,"timestamp":1661782569,"source":"Outlook","severity":1,"eventid":63,"id":84,"clock":1689161246,"ns":167498900},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25062,"timestamp":1661783773,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":85,"clock":1689161246,"ns":172363400},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-05T14:36:44Z. Reason: RulesEngine.","lastlogsize":25063,"timestamp":1661783804,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":86,"clock":1689161246,"ns":177179600},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test\n","lastlogsize":25064,"timestamp":1661785398,"source":"igfxCUIService2.0.0.0","severity":1,"id":87,"clock":1689161246,"ns":369800900},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1\n","lastlogsize":25065,"timestamp":1661785398,"source":"igfxCUIService2.0.0.0","severity":1,"id":88,"clock":1689161246,"ns":565068400},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a notification event.","lastlogsize":25066,"timestamp":1661785398,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6000,"id":89,"clock":1689161246,"ns":570668900},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a notification event.","lastlogsize":25067,"timestamp":1661785398,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6000,"id":90,"clock":1689161246,"ns":575411100},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25068,"timestamp":1661785398,"source":"BrService_4_3_4_610","severity":1,"id":91,"clock":1689161246,"ns":769851600},{"host":"Windows host","key":"eventlog[Application]","value":"Service has been successfully shut down.","lastlogsize":25069,"timestamp":1661785401,"source":"IAStorDataMgrSvc","severity":1,"id":92,"clock":1689161246,"ns":774193700},{"host":"Windows host","key":"eventlog[Application]","value":"Service has been successfully shut down.","lastlogsize":25070,"timestamp":1661785401,"source":"HP Comm Recovery","severity":1,"id":93,"clock":1689161246,"ns":778321700},{"host":"Windows host","key":"eventlog[Application]","value":"Service has been successfully shut down.","lastlogsize":25071,"timestamp":1661785401,"source":"XTUService","severity":1,"id":94,"clock":1689161246,"ns":782450600},{"host":"Windows host","key":"eventlog[Application]","value":"The Windows Security Center Service has stopped.","lastlogsize":25072,"timestamp":1661785401,"source":"SecurityCenter","severity":1,"eventid":2,"id":95,"clock":1689161246,"ns":786735400},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped (0)\n","lastlogsize":25073,"timestamp":1661785401,"source":"Bonjour Service","severity":1,"eventid":100,"id":96,"clock":1689161246,"ns":790995700},{"host":"Windows host","key":"eventlog[Application]","value":"The User Profile Service has stopped. \r\n\r\n","lastlogsize":25074,"timestamp":1661785401,"source":"Microsoft-Windows-User Profiles Service","severity":1,"eventid":1532,"id":97,"clock":1689161246,"ns":795667600},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed","lastlogsize":25075,"timestamp":1661839755,"source":"igfxCUIService2.0.0.0","severity":1,"id":98,"clock":1689161246,"ns":990059300},{"host":"Windows host","key":"eventlog[Application]","value":"The User Profile Service has started successfully. \r\n\r\n","lastlogsize":25076,"timestamp":1661839755,"source":"Microsoft-Windows-User Profiles Service","severity":1,"eventid":1531,"id":99,"clock":1689161246,"ns":997218200},{"host":"Windows host","key":"eventlog[Application]","value":"Windows Management Instrumentation Service started sucessfully","lastlogsize":25077,"timestamp":1661839756,"source":"Microsoft-Windows-WMI","severity":1,"eventid":5615,"id":100,"clock":1689161247,"ns":4367700}],"clock":1689161247,"ns":6704900}] 9284:20230712:142727.012 JSON back [{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002288"}] 9284:20230712:142727.012 In check_response() response:'{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002288"}' 9284:20230712:142727.013 info from server: 'processed: 50; failed: 0; total: 50; seconds spent: 0.002288' 9284:20230712:142727.014 End of check_response():SUCCEED 9284:20230712:142727.015 OK 9284:20230712:142727.016 End of send_buffer():SUCCEED 9284:20230712:142727.017 End of process_value():SUCCEED 9284:20230712:142727.019 In zbx_parse_eventlog_message6() EventRecordID:25078 9284:20230712:142727.020 In expand_message6() 9284:20230712:142727.021 End of expand_message6():Intel(R) Dynamic Application Loader Host Interface Service started. 9284:20230712:142727.022 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142727.023 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25078 value:'Intel(R) Dynamic Application Loader Host Interface Service started.' 9284:20230712:142727.024 buffer: new element 0 9284:20230712:142727.024 End of process_value():SUCCEED 17028:20230712:142727.025 Requested [system.sw.os.get] 9284:20230712:142727.026 In zbx_parse_eventlog_message6() EventRecordID:25079 17028:20230712:142727.026 [MPLOG] in system_sw_os_get() 9284:20230712:142727.027 In expand_message6() 17028:20230712:142727.028 [MPLOG] end system_sw_os_get() 17028:20230712:142727.029 Sending back [{"os_type":"windows","product_name":"Windows 10 Pro","architecture":"x86_64","build_number":"19045","build_revision":"3086","build":"19045.3086","edition":"Professional","composition":"Enterprise","display_version":"22H2","version":"6.3","version_pretty":"Windows 10 Pro Build 19045.3086","version_full":"Windows 10 Pro 19041.1.amd64fre.vb_release.191206-1406 Build 19045.3086"}] 9284:20230712:142727.030 End of expand_message6():Local Management Service started. 9284:20230712:142727.030 End of zbx_parse_eventlog_message6():SUCCEED 14488:20230712:142727.031 Requested [agent.ping] 9284:20230712:142727.032 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25079 value:'Local Management Service started.' 14488:20230712:142727.033 Sending back [1] 9284:20230712:142727.034 buffer: new element 1 9284:20230712:142727.034 End of process_value():SUCCEED 9284:20230712:142727.035 In zbx_parse_eventlog_message6() EventRecordID:25080 9284:20230712:142727.036 In expand_message6() 9284:20230712:142727.037 End of expand_message6():Service started/resumed 9284:20230712:142727.038 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142727.039 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25080 value:'Service started/resumed' 9284:20230712:142727.039 buffer: new element 2 9284:20230712:142727.040 End of process_value():SUCCEED 9284:20230712:142727.041 In zbx_parse_eventlog_message6() EventRecordID:25081 9284:20230712:142727.041 In expand_message6() 9284:20230712:142727.043 End of expand_message6():Windows Management Instrumentation Service subsystems initialized successfully 9284:20230712:142727.044 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142727.044 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25081 value:'Windows Management Instrumentation Service subsystems initialized successfully' 9284:20230712:142727.045 buffer: new element 3 9284:20230712:142727.046 End of process_value():SUCCEED 9284:20230712:142727.046 In zbx_parse_eventlog_message6() EventRecordID:25082 9284:20230712:142727.047 In expand_message6() 9284:20230712:142727.048 End of expand_message6():Service started successfully. 9284:20230712:142727.049 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142727.050 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25082 value:'Service started successfully.' 9284:20230712:142727.050 buffer: new element 4 9284:20230712:142727.051 End of process_value():SUCCEED 9284:20230712:142727.052 In zbx_parse_eventlog_message6() EventRecordID:25083 9284:20230712:142727.052 In expand_message6() 9284:20230712:142727.054 End of expand_message6():Service initializing 9284:20230712:142727.054 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142727.055 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25083 value:'Service initializing' 9284:20230712:142727.056 buffer: new element 5 9284:20230712:142727.056 End of process_value():SUCCEED 9284:20230712:142727.057 In zbx_parse_eventlog_message6() EventRecordID:25084 9284:20230712:142727.058 In expand_message6() 9284:20230712:142727.060 End of expand_message6():Service started (1.0.24.0). 9284:20230712:142727.060 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142727.061 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25084 value:'Service started (1.0.24.0).' 9284:20230712:142727.062 buffer: new element 6 9284:20230712:142727.062 End of process_value():SUCCEED 9284:20230712:142727.063 In zbx_parse_eventlog_message6() EventRecordID:25085 9284:20230712:142727.064 In expand_message6() 9284:20230712:142727.065 End of expand_message6():Pipe server thread started. 9284:20230712:142727.066 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142727.066 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25085 value:'Pipe server thread started.' 9284:20230712:142727.067 buffer: new element 7 9284:20230712:142727.068 End of process_value():SUCCEED 9284:20230712:142727.068 In zbx_parse_eventlog_message6() EventRecordID:25086 9284:20230712:142727.069 In expand_message6() 9284:20230712:142727.070 End of expand_message6():Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying... 9284:20230712:142727.071 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142727.071 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25086 value:'Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...' 9284:20230712:142727.072 buffer: new element 8 9284:20230712:142727.072 End of process_value():SUCCEED 9284:20230712:142727.073 In zbx_parse_eventlog_message6() EventRecordID:25087 9284:20230712:142727.073 In expand_message6() 9284:20230712:142727.074 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142727.075 ====== Fatal information: ====== 9284:20230712:142727.075 Program counter: 0x67e2cf19 9284:20230712:142727.076 === Registers: === 9284:20230712:142727.076 r8 = 18 = 24 = 24 9284:20230712:142727.077 r9 = 0 = 0 = 0 9284:20230712:142727.078 r10 = 0 = 0 = 0 9284:20230712:142727.078 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142727.079 r12 = 6af650 = 7009872 = 7009872 9284:20230712:142727.079 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142727.080 r14 = 0 = 0 = 0 9284:20230712:142727.080 r15 = 0 = 0 = 0 9284:20230712:142727.081 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142727.081 rsi = 385e9b0 = 59107760 = 59107760 9284:20230712:142727.082 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142727.083 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142727.083 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142727.084 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142727.084 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142727.085 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142727.085 efl = 202 = 514 = 514 9284:20230712:142727.086 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142727.087 === Backtrace: === 2184:20230712:142727.143 In collect_perfstat() 2184:20230712:142727.146 End of collect_perfstat() 9284:20230712:142727.250 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142727.251 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142727.252 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142727.252 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142727.253 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142727.255 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142727.256 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142727.257 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142727.258 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142727.259 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142727.259 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142727.260 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142727.261 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142727.262 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142727.267 ================================ 9284:20230712:142727.268 provider 'AdobeARMservice' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142727.269 End of expand_message6():(null) 9284:20230712:142727.269 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142727.270 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25087 value:'The description for Event ID:0 in Source:'AdobeARMservice' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started' 9284:20230712:142727.270 buffer: new element 9 9284:20230712:142727.271 End of process_value():SUCCEED 9284:20230712:142727.271 In zbx_parse_eventlog_message6() EventRecordID:25088 9284:20230712:142727.272 In expand_message6() 9284:20230712:142727.273 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142727.273 ====== Fatal information: ====== 9284:20230712:142727.274 Program counter: 0x67e2cf19 9284:20230712:142727.274 === Registers: === 9284:20230712:142727.275 r8 = 18 = 24 = 24 9284:20230712:142727.275 r9 = 0 = 0 = 0 9284:20230712:142727.276 r10 = 0 = 0 = 0 9284:20230712:142727.276 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142727.277 r12 = 678110 = 6783248 = 6783248 9284:20230712:142727.278 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142727.278 r14 = 0 = 0 = 0 9284:20230712:142727.279 r15 = 0 = 0 = 0 9284:20230712:142727.279 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142727.280 rsi = 385fd10 = 59112720 = 59112720 9284:20230712:142727.280 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142727.281 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142727.281 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142727.282 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142727.282 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142727.283 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142727.284 efl = 202 = 514 = 514 9284:20230712:142727.284 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142727.285 === Backtrace: === 9284:20230712:142727.448 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142727.449 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142727.450 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142727.450 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142727.451 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142727.454 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142727.454 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142727.455 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142727.456 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142727.457 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142727.458 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142727.459 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142727.460 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142727.461 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142727.466 ================================ 9284:20230712:142727.467 provider 'LanWlanSwitchingService' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142727.468 End of expand_message6():(null) 9284:20230712:142727.468 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142727.469 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25088 value:'The description for Event ID:0 in Source:'LanWlanSwitchingService' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: LanWlanSwitchingService; LAN/WLAN | LAN/WWAN Switching Service in OnStart' 9284:20230712:142727.470 buffer: new element 10 9284:20230712:142727.470 End of process_value():SUCCEED 9284:20230712:142727.471 In zbx_parse_eventlog_message6() EventRecordID:25089 9284:20230712:142727.472 In expand_message6() 9284:20230712:142727.473 End of expand_message6():Service initialized 9284:20230712:142727.474 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142727.474 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25089 value:'Service initialized' 9284:20230712:142727.475 buffer: new element 11 9284:20230712:142727.476 End of process_value():SUCCEED 9284:20230712:142727.476 In zbx_parse_eventlog_message6() EventRecordID:25090 9284:20230712:142727.477 In expand_message6() 9284:20230712:142727.478 End of expand_message6():Service started 9284:20230712:142727.479 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142727.480 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25090 value:'Service started ' 9284:20230712:142727.480 buffer: new element 12 9284:20230712:142727.481 End of process_value():SUCCEED 9284:20230712:142727.482 In zbx_parse_eventlog_message6() EventRecordID:25091 9284:20230712:142727.482 In expand_message6() 9284:20230712:142727.484 End of expand_message6():The winlogon notification subscriber was unavailable to handle a critical notification event. 9284:20230712:142727.484 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142727.485 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25091 value:'The winlogon notification subscriber was unavailable to handle a critical notification event.' 9284:20230712:142727.486 buffer: new element 13 9284:20230712:142727.486 End of process_value():SUCCEED 9284:20230712:142727.487 In zbx_parse_eventlog_message6() EventRecordID:25092 9284:20230712:142727.488 In expand_message6() 9284:20230712:142727.488 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142727.489 ====== Fatal information: ====== 9284:20230712:142727.490 Program counter: 0x67e2cf19 9284:20230712:142727.490 === Registers: === 9284:20230712:142727.491 r8 = 18 = 24 = 24 9284:20230712:142727.492 r9 = 0 = 0 = 0 9284:20230712:142727.492 r10 = 0 = 0 = 0 9284:20230712:142727.493 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142727.493 r12 = 384fbb0 = 59046832 = 59046832 9284:20230712:142727.494 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142727.495 r14 = 0 = 0 = 0 9284:20230712:142727.495 r15 = 0 = 0 = 0 9284:20230712:142727.496 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142727.497 rsi = 385e410 = 59106320 = 59106320 9284:20230712:142727.497 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142727.498 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142727.499 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142727.499 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142727.500 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142727.501 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142727.501 efl = 202 = 514 = 514 9284:20230712:142727.502 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142727.503 === Backtrace: === 9284:20230712:142727.662 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142727.662 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142727.663 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142727.664 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142727.665 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142727.667 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142727.668 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142727.668 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142727.669 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142727.670 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142727.671 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142727.672 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142727.673 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142727.673 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142727.678 ================================ 9284:20230712:142727.679 provider 'hpqcaslwmiex' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142727.680 End of expand_message6():(null) 9284:20230712:142727.680 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142727.681 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25092 value:'The description for Event ID:0 in Source:'hpqcaslwmiex' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed' 9284:20230712:142727.682 buffer: new element 14 9284:20230712:142727.682 End of process_value():SUCCEED 9284:20230712:142727.683 In zbx_parse_eventlog_message6() EventRecordID:25093 9284:20230712:142727.684 In expand_message6() 9284:20230712:142727.684 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142727.685 ====== Fatal information: ====== 9284:20230712:142727.685 Program counter: 0x67e2cf19 9284:20230712:142727.686 === Registers: === 9284:20230712:142727.687 r8 = 18 = 24 = 24 9284:20230712:142727.687 r9 = 0 = 0 = 0 9284:20230712:142727.688 r10 = 0 = 0 = 0 9284:20230712:142727.688 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142727.689 r12 = 63cde0 = 6540768 = 6540768 9284:20230712:142727.689 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142727.690 r14 = 0 = 0 = 0 9284:20230712:142727.690 r15 = 0 = 0 = 0 9284:20230712:142727.691 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142727.691 rsi = 385f630 = 59110960 = 59110960 9284:20230712:142727.692 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142727.692 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142727.693 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142727.693 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142727.694 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142727.694 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142727.695 efl = 202 = 514 = 514 9284:20230712:142727.695 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142727.696 === Backtrace: === 9284:20230712:142727.855 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142727.856 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142727.856 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142727.857 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142727.857 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142727.860 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142727.860 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142727.861 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142727.862 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142727.863 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142727.863 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142727.864 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142727.865 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142727.866 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142727.871 ================================ 9284:20230712:142727.872 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142727.872 End of expand_message6():(null) 9284:20230712:142727.873 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142727.874 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25093 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 ' 9284:20230712:142727.874 buffer: new element 15 9284:20230712:142727.875 End of process_value():SUCCEED 9284:20230712:142727.875 In zbx_parse_eventlog_message6() EventRecordID:25094 9284:20230712:142727.876 In expand_message6() 9284:20230712:142727.877 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142727.877 ====== Fatal information: ====== 9284:20230712:142727.878 Program counter: 0x67e2cf19 9284:20230712:142727.878 === Registers: === 9284:20230712:142727.879 r8 = 18 = 24 = 24 9284:20230712:142727.880 r9 = 0 = 0 = 0 9284:20230712:142727.880 r10 = 0 = 0 = 0 9284:20230712:142727.881 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142727.881 r12 = 384e410 = 59040784 = 59040784 9284:20230712:142727.882 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142727.882 r14 = 0 = 0 = 0 9284:20230712:142727.883 r15 = 0 = 0 = 0 9284:20230712:142727.884 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142727.884 rsi = 385e0f0 = 59105520 = 59105520 9284:20230712:142727.885 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142727.885 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142727.886 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142727.886 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142727.887 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142727.888 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142727.888 efl = 202 = 514 = 514 9284:20230712:142727.889 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142727.889 === Backtrace: === 9284:20230712:142728.049 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142728.049 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142728.050 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142728.051 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142728.052 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142728.054 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142728.055 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142728.055 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142728.056 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142728.057 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142728.058 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142728.059 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142728.060 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142728.061 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142728.066 ================================ 9284:20230712:142728.067 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142728.067 End of expand_message6():(null) 9284:20230712:142728.068 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.069 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25094 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 ' 9284:20230712:142728.070 buffer: new element 16 9284:20230712:142728.070 End of process_value():SUCCEED 9284:20230712:142728.071 In zbx_parse_eventlog_message6() EventRecordID:25095 9284:20230712:142728.072 In expand_message6() 9284:20230712:142728.073 End of expand_message6():The winlogon notification subscriber was unavailable to handle a notification event. 9284:20230712:142728.074 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.075 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25095 value:'The winlogon notification subscriber was unavailable to handle a notification event.' 9284:20230712:142728.075 buffer: new element 17 9284:20230712:142728.076 End of process_value():SUCCEED 9284:20230712:142728.077 In zbx_parse_eventlog_message6() EventRecordID:25096 9284:20230712:142728.077 In expand_message6() 9284:20230712:142728.078 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142728.079 ====== Fatal information: ====== 9284:20230712:142728.080 Program counter: 0x67e2cf19 9284:20230712:142728.081 === Registers: === 9284:20230712:142728.081 r8 = 18 = 24 = 24 9284:20230712:142728.082 r9 = 0 = 0 = 0 9284:20230712:142728.083 r10 = 0 = 0 = 0 9284:20230712:142728.083 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142728.084 r12 = 63d0e0 = 6541536 = 6541536 9284:20230712:142728.084 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142728.085 r14 = 0 = 0 = 0 9284:20230712:142728.086 r15 = 0 = 0 = 0 9284:20230712:142728.086 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142728.087 rsi = 385e410 = 59106320 = 59106320 9284:20230712:142728.088 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142728.088 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142728.089 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142728.089 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142728.090 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142728.091 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142728.091 efl = 202 = 514 = 514 9284:20230712:142728.092 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142728.093 === Backtrace: === 2184:20230712:142728.149 In collect_perfstat() 2184:20230712:142728.152 End of collect_perfstat() 9284:20230712:142728.253 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142728.254 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142728.255 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142728.256 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142728.256 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142728.259 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142728.260 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142728.260 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142728.261 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142728.262 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142728.263 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142728.264 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142728.264 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142728.265 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142728.270 ================================ 9284:20230712:142728.270 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142728.271 End of expand_message6():(null) 9284:20230712:142728.271 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.272 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25096 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 ' 9284:20230712:142728.272 buffer: new element 18 9284:20230712:142728.273 End of process_value():SUCCEED 9284:20230712:142728.273 In zbx_parse_eventlog_message6() EventRecordID:25097 9284:20230712:142728.274 In expand_message6() 9284:20230712:142728.276 End of expand_message6():SearchIndexer (9212,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0). 9284:20230712:142728.276 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.277 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25097 value:'SearchIndexer (9212,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0).' 9284:20230712:142728.277 buffer: new element 19 9284:20230712:142728.278 End of process_value():SUCCEED 9284:20230712:142728.278 In zbx_parse_eventlog_message6() EventRecordID:25098 9284:20230712:142728.279 In expand_message6() 9284:20230712:142728.280 End of expand_message6():SearchIndexer (9212,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.001713 +J(0) +M(C:0K, Fs:318, WS:1244K # 1244K, PF:5392K # 5392K, P:5392K) [2] 0.000343 +J(0) +M(C:0K, Fs:123, WS:492K # 492K, PF:436K # 436K, P:436K) [3] 0.000820 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K) [4] 0.000108 +J(0) +M(C:0K, Fs:33, WS:128K # 128K, PF:364K # 364K, P:364K) [5] 0.001004 +J(0) +M(C:0K, Fs:11, WS:44K # 44K, PF:20K # 20K, P:20K) [6] 0.012000 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:20K # 20K, P:20K) [7] 0.005471 -0.001848 (2) WT +J(0) +M(C:0K, Fs:267, WS:1068K # 1068K, PF:1024K # 1024K, P:1024K) [8] - [9] - [10] - [11] - [12] - [13] 0.012408 -0.000206 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1020K # 12K, P:-1020K) [14] 0.000023 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:4K # 0K, P:4K) [15] 0.000065 +J(0) +M(C:0K, Fs:65, WS:260K # 0K, PF:64K # 0K, P:64K) [16] 0.000195 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K). 9284:20230712:142728.281 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.281 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25098 value:'SearchIndexer (9212,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.001713 +J(0) +M(C:0K, Fs:318, WS:1244K # 1244K, PF:5392K # 5392K, P:5392K) [2] 0.000343 +J(0) +M(C:0K, Fs:123, WS:492K # 492K, PF:436K # 436K, P:436K) [3] 0.000820 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K) [4] 0.000108 +J(0) +M(C:0K, Fs:33, WS:128K # 128K, PF:364K # 364K, P:364K) [5] 0.001004 +J(0) +M(C:0K, Fs:11, WS:44K # 44K, PF:20K # 20K, P:20K) [6] 0.012000 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:20K # 20K, P:20K) [7] 0.005471 -0.001848 (2) WT +J(0) +M(C:0K, Fs:267, WS:1068K # 1068K, PF:1024K # 1024K, P:1024K) [8] - [9] - [10] - [11] - [12] - [13] 0.012408 -0.000206 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1020K # 12K, P:-1020K) [14] 0.000023 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:4K # 0K, P:4K) [15] 0.000065 +J(0) +M(C:0K, Fs:65, WS:260K # 0K, PF:64K # 0K, P:64K) [16] 0.000195 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).' 9284:20230712:142728.282 buffer: new element 20 9284:20230712:142728.282 End of process_value():SUCCEED 9284:20230712:142728.283 In zbx_parse_eventlog_message6() EventRecordID:25099 9284:20230712:142728.283 In expand_message6() 9284:20230712:142728.284 End of expand_message6():SearchIndexer (9212,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000BBC:0080:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000004 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [2] 0.001408 -0.000422 (1) WT +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.004282 -0.000751 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:43, WS:136K # 0K, PF:152K # 0K, P:152K) [4] 0.000175 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] - [8] 0.005388 -0.005125 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:51, WS:200K # 0K, PF:688K # 0K, P:688K) [9] 0.017471 -0.000529 (5) CM -0.016680 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:288K # 212K, P:288K) [10] 0.000258 -0.000177 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 20K, PF:96K # 96K, P:96K) [11] 0.000011 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000041 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K) [13] 0.000001 +J(0) [14] 0.0 +J(0) [15] 0.000007 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0). 9284:20230712:142728.285 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.285 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25099 value:'SearchIndexer (9212,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000BBC:0080:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000004 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [2] 0.001408 -0.000422 (1) WT +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.004282 -0.000751 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:43, WS:136K # 0K, PF:152K # 0K, P:152K) [4] 0.000175 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] - [8] 0.005388 -0.005125 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:51, WS:200K # 0K, PF:688K # 0K, P:688K) [9] 0.017471 -0.000529 (5) CM -0.016680 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:288K # 212K, P:288K) [10] 0.000258 -0.000177 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 20K, PF:96K # 96K, P:96K) [11] 0.000011 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000041 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K) [13] 0.000001 +J(0) [14] 0.0 +J(0) [15] 0.000007 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).' 9284:20230712:142728.286 buffer: new element 21 9284:20230712:142728.286 End of process_value():SUCCEED 9284:20230712:142728.287 In zbx_parse_eventlog_message6() EventRecordID:25100 9284:20230712:142728.287 In expand_message6() 9284:20230712:142728.302 End of expand_message6():The Windows Search Service started. 9284:20230712:142728.303 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.303 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25100 value:'The Windows Search Service started. ' 9284:20230712:142728.304 buffer: new element 22 9284:20230712:142728.305 End of process_value():SUCCEED 9284:20230712:142728.305 In zbx_parse_eventlog_message6() EventRecordID:25101 9284:20230712:142728.306 In expand_message6() 9284:20230712:142728.306 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142728.307 ====== Fatal information: ====== 9284:20230712:142728.307 Program counter: 0x67e2cf19 9284:20230712:142728.308 === Registers: === 9284:20230712:142728.308 r8 = 18 = 24 = 24 9284:20230712:142728.309 r9 = 0 = 0 = 0 9284:20230712:142728.309 r10 = 0 = 0 = 0 9284:20230712:142728.310 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142728.310 r12 = 33f5160 = 54481248 = 54481248 9284:20230712:142728.311 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142728.311 r14 = 0 = 0 = 0 9284:20230712:142728.312 r15 = 0 = 0 = 0 9284:20230712:142728.312 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142728.313 rsi = 385f3b0 = 59110320 = 59110320 9284:20230712:142728.313 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142728.313 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142728.314 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142728.314 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142728.315 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142728.315 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142728.316 efl = 202 = 514 = 514 9284:20230712:142728.316 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142728.317 === Backtrace: === 9284:20230712:142728.478 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142728.479 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142728.480 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142728.481 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142728.481 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142728.484 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142728.484 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142728.485 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142728.486 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142728.487 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142728.488 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142728.489 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142728.490 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142728.491 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142728.496 ================================ 9284:20230712:142728.497 provider 'BrService_4_3_4_610' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142728.498 End of expand_message6():(null) 9284:20230712:142728.498 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.499 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25101 value:'The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed' 9284:20230712:142728.500 buffer: new element 23 9284:20230712:142728.500 End of process_value():SUCCEED 9284:20230712:142728.501 In zbx_parse_eventlog_message6() EventRecordID:25102 9284:20230712:142728.502 In expand_message6() 9284:20230712:142728.503 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142728.503 ====== Fatal information: ====== 9284:20230712:142728.504 Program counter: 0x67e2cf19 9284:20230712:142728.505 === Registers: === 9284:20230712:142728.505 r8 = 18 = 24 = 24 9284:20230712:142728.506 r9 = 0 = 0 = 0 9284:20230712:142728.507 r10 = 0 = 0 = 0 9284:20230712:142728.507 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142728.508 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142728.508 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142728.509 r14 = 0 = 0 = 0 9284:20230712:142728.510 r15 = 0 = 0 = 0 9284:20230712:142728.510 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142728.511 rsi = 385e410 = 59106320 = 59106320 9284:20230712:142728.512 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142728.512 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142728.513 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142728.513 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142728.514 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142728.515 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142728.515 efl = 202 = 514 = 514 9284:20230712:142728.516 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142728.516 === Backtrace: === 19844:20230712:142728.543 Requested [agent.ping] 19844:20230712:142728.544 Sending back [1] 9284:20230712:142728.676 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142728.676 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142728.677 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142728.678 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142728.679 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142728.681 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142728.682 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142728.682 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142728.683 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142728.684 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142728.685 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142728.686 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142728.687 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142728.687 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142728.693 ================================ 9284:20230712:142728.693 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142728.694 End of expand_message6():(null) 9284:20230712:142728.695 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.695 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25102 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started' 9284:20230712:142728.696 buffer: new element 24 9284:20230712:142728.696 End of process_value():SUCCEED 9284:20230712:142728.697 In zbx_parse_eventlog_message6() EventRecordID:25103 9284:20230712:142728.698 In expand_message6() 9284:20230712:142728.698 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142728.699 ====== Fatal information: ====== 9284:20230712:142728.699 Program counter: 0x67e2cf19 9284:20230712:142728.700 === Registers: === 9284:20230712:142728.701 r8 = 18 = 24 = 24 9284:20230712:142728.701 r9 = 0 = 0 = 0 9284:20230712:142728.702 r10 = 0 = 0 = 0 9284:20230712:142728.702 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142728.703 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142728.703 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142728.704 r14 = 0 = 0 = 0 9284:20230712:142728.705 r15 = 0 = 0 = 0 9284:20230712:142728.705 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142728.706 rsi = 385e0f0 = 59105520 = 59105520 9284:20230712:142728.706 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142728.707 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142728.708 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142728.708 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142728.709 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142728.709 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142728.710 efl = 202 = 514 = 514 9284:20230712:142728.710 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142728.711 === Backtrace: === 9284:20230712:142728.870 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142728.871 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142728.872 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142728.872 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142728.873 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142728.875 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142728.876 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142728.877 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142728.877 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142728.878 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142728.879 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142728.880 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142728.880 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142728.881 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142728.886 ================================ 9284:20230712:142728.887 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142728.887 End of expand_message6():(null) 9284:20230712:142728.888 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.889 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25103 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142728.889 buffer: new element 25 9284:20230712:142728.890 End of process_value():SUCCEED 9284:20230712:142728.890 In zbx_parse_eventlog_message6() EventRecordID:25104 9284:20230712:142728.891 In expand_message6() 9284:20230712:142728.892 End of expand_message6():The Software Protection service is starting. Parameters:TriggerStarted:6 9284:20230712:142728.893 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.893 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25104 value:'The Software Protection service is starting. Parameters:TriggerStarted:6' 9284:20230712:142728.894 buffer: new element 26 9284:20230712:142728.894 End of process_value():SUCCEED 9284:20230712:142728.895 In zbx_parse_eventlog_message6() EventRecordID:25105 9284:20230712:142728.895 In expand_message6() 9284:20230712:142728.897 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142728.897 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.898 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25105 value:'Offline downlevel migration succeeded.' 9284:20230712:142728.898 buffer: new element 27 9284:20230712:142728.899 End of process_value():SUCCEED 9284:20230712:142728.899 In zbx_parse_eventlog_message6() EventRecordID:25106 9284:20230712:142728.900 In expand_message6() 9284:20230712:142728.902 End of expand_message6():Initialization status for service objects. C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 9284:20230712:142728.902 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.903 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25106 value:'Initialization status for service objects. C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 ' 9284:20230712:142728.903 buffer: new element 28 9284:20230712:142728.904 End of process_value():SUCCEED 9284:20230712:142728.904 In zbx_parse_eventlog_message6() EventRecordID:25107 9284:20230712:142728.905 In expand_message6() 9284:20230712:142728.907 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142728.907 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.908 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25107 value:'The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142728.908 buffer: new element 29 9284:20230712:142728.909 End of process_value():SUCCEED 9284:20230712:142728.910 In zbx_parse_eventlog_message6() EventRecordID:25108 9284:20230712:142728.910 In expand_message6() 9284:20230712:142728.912 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip. 9284:20230712:142728.912 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.913 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25108 value:'Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.' 9284:20230712:142728.914 buffer: new element 30 9284:20230712:142728.914 End of process_value():SUCCEED 9284:20230712:142728.915 In zbx_parse_eventlog_message6() EventRecordID:25109 9284:20230712:142728.915 In expand_message6() 9284:20230712:142728.917 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip. 9284:20230712:142728.918 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.918 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25109 value:'Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.' 9284:20230712:142728.919 buffer: new element 31 9284:20230712:142728.919 End of process_value():SUCCEED 9284:20230712:142728.920 In zbx_parse_eventlog_message6() EventRecordID:25110 9284:20230712:142728.920 In expand_message6() 9284:20230712:142728.922 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip. 9284:20230712:142728.923 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.923 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25110 value:'Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.' 9284:20230712:142728.924 buffer: new element 32 9284:20230712:142728.924 End of process_value():SUCCEED 9284:20230712:142728.925 In zbx_parse_eventlog_message6() EventRecordID:25111 9284:20230712:142728.925 In expand_message6() 9284:20230712:142728.927 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip. 9284:20230712:142728.928 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.928 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25111 value:'Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.' 9284:20230712:142728.929 buffer: new element 33 9284:20230712:142728.929 End of process_value():SUCCEED 9284:20230712:142728.930 In zbx_parse_eventlog_message6() EventRecordID:25112 9284:20230712:142728.930 In expand_message6() 9284:20230712:142728.932 End of expand_message6():Updated policy Kernel-RegisteredProcessors with value of 2 from Clip. 9284:20230712:142728.933 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.933 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25112 value:'Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.' 9284:20230712:142728.934 buffer: new element 34 9284:20230712:142728.934 End of process_value():SUCCEED 9284:20230712:142728.935 In zbx_parse_eventlog_message6() EventRecordID:25113 9284:20230712:142728.936 In expand_message6() 9284:20230712:142728.937 End of expand_message6():The Software Protection service has started. 10.0.19041.1889 9284:20230712:142728.938 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.939 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25113 value:'The Software Protection service has started. 10.0.19041.1889' 9284:20230712:142728.939 buffer: new element 35 9284:20230712:142728.940 End of process_value():SUCCEED 9284:20230712:142728.940 In zbx_parse_eventlog_message6() EventRecordID:25114 9284:20230712:142728.941 In expand_message6() 9284:20230712:142728.943 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142728.944 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.944 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25114 value:'The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142728.945 buffer: new element 36 9284:20230712:142728.946 End of process_value():SUCCEED 9284:20230712:142728.946 In zbx_parse_eventlog_message6() EventRecordID:25115 9284:20230712:142728.947 In expand_message6() 9284:20230712:142728.948 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip. 9284:20230712:142728.949 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.950 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25115 value:'Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.' 9284:20230712:142728.950 buffer: new element 37 9284:20230712:142728.951 End of process_value():SUCCEED 9284:20230712:142728.952 In zbx_parse_eventlog_message6() EventRecordID:25116 9284:20230712:142728.952 In expand_message6() 9284:20230712:142728.954 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip. 9284:20230712:142728.955 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.956 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25116 value:'Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.' 9284:20230712:142728.956 buffer: new element 38 9284:20230712:142728.957 End of process_value():SUCCEED 9284:20230712:142728.958 In zbx_parse_eventlog_message6() EventRecordID:25117 9284:20230712:142728.959 In expand_message6() 9284:20230712:142728.960 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip. 9284:20230712:142728.961 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.962 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25117 value:'Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.' 9284:20230712:142728.962 buffer: new element 39 9284:20230712:142728.963 End of process_value():SUCCEED 9284:20230712:142728.963 In zbx_parse_eventlog_message6() EventRecordID:25118 9284:20230712:142728.964 In expand_message6() 9284:20230712:142728.966 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip. 9284:20230712:142728.966 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.967 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25118 value:'Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.' 9284:20230712:142728.967 buffer: new element 40 9284:20230712:142728.968 End of process_value():SUCCEED 9284:20230712:142728.969 In zbx_parse_eventlog_message6() EventRecordID:25119 9284:20230712:142728.969 In expand_message6() 9284:20230712:142728.971 End of expand_message6():Updated policy Kernel-RegisteredProcessors with value of 2 from Clip. 9284:20230712:142728.972 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.972 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25119 value:'Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.' 9284:20230712:142728.973 buffer: new element 41 9284:20230712:142728.973 End of process_value():SUCCEED 9284:20230712:142728.974 In zbx_parse_eventlog_message6() EventRecordID:25120 9284:20230712:142728.975 In expand_message6() 9284:20230712:142728.976 End of expand_message6():Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying... 9284:20230712:142728.977 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.977 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25120 value:'Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...' 9284:20230712:142728.978 buffer: new element 42 9284:20230712:142728.979 End of process_value():SUCCEED 9284:20230712:142728.979 In zbx_parse_eventlog_message6() EventRecordID:25121 9284:20230712:142728.980 In expand_message6() 9284:20230712:142728.981 End of expand_message6():12520 9284:20230712:142728.982 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.982 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25121 value:'12520' 9284:20230712:142728.983 buffer: new element 43 9284:20230712:142728.983 End of process_value():SUCCEED 9284:20230712:142728.984 In zbx_parse_eventlog_message6() EventRecordID:25122 9284:20230712:142728.984 In expand_message6() 9284:20230712:142728.986 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142728.987 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.987 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25122 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142728.988 buffer: new element 44 9284:20230712:142728.988 End of process_value():SUCCEED 9284:20230712:142728.989 In zbx_parse_eventlog_message6() EventRecordID:25123 9284:20230712:142728.990 In expand_message6() 9284:20230712:142728.991 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 9284:20230712:142728.992 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.992 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25123 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] ' 9284:20230712:142728.993 buffer: new element 45 9284:20230712:142728.993 End of process_value():SUCCEED 9284:20230712:142728.994 In zbx_parse_eventlog_message6() EventRecordID:25124 9284:20230712:142728.994 In expand_message6() 9284:20230712:142728.996 End of expand_message6():Outlook loaded the following add-in(s): Name: Microsoft Exchange Add-in Description: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability. ProgID: UmOutlookAddin.FormRegionAddin GUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\UmOutlookAddin.dll Boot Time (Milliseconds): 16 Name: Microsoft Teams Meeting Add-in for Microsoft Office Description: Microsoft Teams Meeting Add-in for Microsoft Office ProgID: TeamsAddin.FastConnect GUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D} Load Behavior: 3 HKLM: 0 Location: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22209.4\x64\Microsoft.Teams.AddinLoader.dll Boot Time (Milliseconds): 15 Name: Outlook Social Connector 2016 Description: Connects to social networking sites and provides people, activity, and status information. ProgID: OscAddin.Connect GUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\SOCIALCONNECTOR.DLL Boot Time (Milliseconds): 47 Name: OneNote Notes about Outlook Items Description: Adds Send to OneNote and Notes about this Item buttons to the command bar ProgID: OneNote.OutlookAddin GUID: {93E5752E-B889-47C5-8545-654EE2533C64} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll Boot Time (Milliseconds): 47 Name: Microsoft VBA for Outlook Addin Description: ProgID: Microsoft.VbaAddinForOutlook.1 GUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2} Load Behavior: 9 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\OUTLVBA.DLL Boot Time (Milliseconds): 0 Name: Microsoft SharePoint Server Colleague Import Add-in Description: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content ProgID: ColleagueImport.ColleagueImportAddin GUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120} Load Behavior: 3 HKLM: 0 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\ColleagueImport.dll Boot Time (Milliseconds): 15 Name: HP Sure Click Outlook Add-in 4.3.4.610 Description: HP Sure Click Outlook Add-in 4.3.4.610 ProgID: Bromium.vSentry.OutlookAddin GUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\HP\Sure Click\4.3.4.610\servers\BrOutlookAddin.dll Boot Time (Milliseconds): 281 9284:20230712:142728.996 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142728.997 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25124 value:'Outlook loaded the following add-in(s): Name: Microsoft Exchange Add-in Description: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability. ProgID: UmOutlookAddin.FormRegionAddin GUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\UmOutlookAddin.dll Boot Time (Milliseconds): 16 Name: Microsoft Teams Meeting Add-in for Microsoft Office Description: Microsoft Teams Meeting Add-in for Microsoft Office ProgID: TeamsAddin.FastConnect GUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D} Load Behavior: 3 HKLM: 0 Location: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22209.4\x64\Microsoft.Teams.AddinLoader.dll Boot Time (Milliseconds): 15 Name: Outlook Social Connector 2016 Description: Connects to social networking sites and provides people, activity, and status information. ProgID: OscAddin.Connect GUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\SOCIALCONNECTOR.DLL Boot Time (Milliseconds): 47 Name: OneNote Notes about Outlook Items Description: Adds Send to OneNote and Notes about this Item buttons to the command bar ProgID: OneNote.OutlookAddin GUID: {93E5752E-B889-47C5-8545-654EE2533C64} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll Boot Time (Milliseconds): 47 Name: Microsoft VBA for Outlook Addin Description: ProgID: Microsoft.VbaAddinForOutlook.1 GUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2} Load Behavior: 9 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\OUTLVBA.DLL Boot Time (Milliseconds): 0 Name: Microsoft SharePoint Server Colleague Import Add-in Description: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content ProgID: ColleagueImport.ColleagueImportAddin GUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120} Load Behavior: 3 HKLM: 0 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\ColleagueImport.dll Boot Time (Milliseconds): 15 Name: HP Sure Click Outlook Add-in 4.3.4.610 Description: HP Sure Click Outlook Add-in 4.3.4.610 ProgID: Bromium.vSentry.OutlookAddin GUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\HP\Sure Click\4.3.4.610\servers\BrOutlookAddin.dll Boot Time (Milliseconds): 281 ' 9284:20230712:142728.998 buffer: new element 46 9284:20230712:142728.998 End of process_value():SUCCEED 9284:20230712:142728.999 In zbx_parse_eventlog_message6() EventRecordID:25125 9284:20230712:142728.999 In expand_message6() 9284:20230712:142729.001 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142729.001 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.002 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25125 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142729.003 buffer: new element 47 9284:20230712:142729.003 End of process_value():SUCCEED 9284:20230712:142729.004 In zbx_parse_eventlog_message6() EventRecordID:25126 9284:20230712:142729.004 In expand_message6() 9284:20230712:142729.005 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142729.006 ====== Fatal information: ====== 9284:20230712:142729.006 Program counter: 0x67e2cf19 9284:20230712:142729.007 === Registers: === 9284:20230712:142729.008 r8 = 18 = 24 = 24 9284:20230712:142729.008 r9 = 0 = 0 = 0 9284:20230712:142729.009 r10 = 0 = 0 = 0 9284:20230712:142729.009 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142729.010 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142729.011 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142729.011 r14 = 0 = 0 = 0 9284:20230712:142729.012 r15 = 0 = 0 = 0 9284:20230712:142729.012 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142729.013 rsi = 385e0f0 = 59105520 = 59105520 9284:20230712:142729.014 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142729.014 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142729.015 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142729.015 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142729.016 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142729.017 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142729.017 efl = 202 = 514 = 514 9284:20230712:142729.018 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142729.019 === Backtrace: === 2184:20230712:142729.153 In collect_perfstat() 2184:20230712:142729.156 End of collect_perfstat() 9284:20230712:142729.178 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142729.179 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142729.179 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142729.180 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142729.181 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142729.183 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142729.184 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142729.185 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142729.186 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142729.187 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142729.187 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142729.188 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142729.189 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142729.190 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142729.195 ================================ 9284:20230712:142729.196 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142729.196 End of expand_message6():(null) 9284:20230712:142729.197 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.198 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25126 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142729.198 buffer: new element 48 9284:20230712:142729.199 End of process_value():SUCCEED 9284:20230712:142729.199 In zbx_parse_eventlog_message6() EventRecordID:25127 9284:20230712:142729.200 In expand_message6() 9284:20230712:142729.201 End of expand_message6():Service stopped. 9284:20230712:142729.202 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.203 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25127 value:'Service stopped.' 9284:20230712:142729.203 buffer: new element 49 9284:20230712:142729.204 In send_buffer() host:'192.168.56.201' port:10051 entries:50/100 9284:20230712:142729.205 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:60, connection timeout:3] 9284:20230712:142729.206 JSON before sending [{"request":"agent data","session":"4027be861358abcc6136983f1f36335c","data":[{"host":"Windows host","key":"eventlog[Application]","value":"Intel(R) Dynamic Application Loader Host Interface Service started.","lastlogsize":25078,"timestamp":1661839756,"source":"IntelDalJhi","severity":1,"id":101,"clock":1689161247,"ns":24170600},{"host":"Windows host","key":"eventlog[Application]","value":"Local Management Service started.","lastlogsize":25079,"timestamp":1661839756,"source":"LMS","severity":1,"eventid":2000,"id":102,"clock":1689161247,"ns":34173200},{"host":"Windows host","key":"eventlog[Application]","value":"Service started/resumed","lastlogsize":25080,"timestamp":1661839756,"source":"LMS","severity":1,"id":103,"clock":1689161247,"ns":40000000},{"host":"Windows host","key":"eventlog[Application]","value":"Windows Management Instrumentation Service subsystems initialized successfully","lastlogsize":25081,"timestamp":1661839756,"source":"Microsoft-Windows-WMI","severity":1,"eventid":5617,"id":104,"clock":1689161247,"ns":45618600},{"host":"Windows host","key":"eventlog[Application]","value":"Service started successfully.","lastlogsize":25082,"timestamp":1661839760,"source":"XTUService","severity":1,"id":105,"clock":1689161247,"ns":51041200},{"host":"Windows host","key":"eventlog[Application]","value":"Service initializing","lastlogsize":25083,"timestamp":1661839762,"source":"Bonjour Service","severity":1,"eventid":100,"id":106,"clock":1689161247,"ns":56132300},{"host":"Windows host","key":"eventlog[Application]","value":"Service started (1.0.24.0).","lastlogsize":25084,"timestamp":1661839762,"source":"DbxSvc","severity":1,"eventid":336,"id":107,"clock":1689161247,"ns":62437800},{"host":"Windows host","key":"eventlog[Application]","value":"Pipe server thread started.","lastlogsize":25085,"timestamp":1661839762,"source":"DbxSvc","severity":1,"eventid":258,"id":108,"clock":1689161247,"ns":67557500},{"host":"Windows host","key":"eventlog[Application]","value":"Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...","lastlogsize":25086,"timestamp":1661839762,"source":"DbxSvc","severity":1,"eventid":320,"id":109,"clock":1689161247,"ns":72471600},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'AdobeARMservice' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started","lastlogsize":25087,"timestamp":1661839762,"source":"AdobeARMservice","severity":1,"id":110,"clock":1689161247,"ns":270956700},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'LanWlanSwitchingService' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: LanWlanSwitchingService; LAN/WLAN | LAN/WWAN Switching Service in OnStart","lastlogsize":25088,"timestamp":1661839762,"source":"LanWlanSwitchingService","severity":1,"id":111,"clock":1689161247,"ns":470170900},{"host":"Windows host","key":"eventlog[Application]","value":"Service initialized","lastlogsize":25089,"timestamp":1661839762,"source":"Bonjour Service","severity":1,"eventid":100,"id":112,"clock":1689161247,"ns":475611800},{"host":"Windows host","key":"eventlog[Application]","value":"Service started\n","lastlogsize":25090,"timestamp":1661839762,"source":"Bonjour Service","severity":1,"eventid":100,"id":113,"clock":1689161247,"ns":481060700},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a critical notification event.","lastlogsize":25091,"timestamp":1661839763,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6003,"id":114,"clock":1689161247,"ns":486278100},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'hpqcaslwmiex' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed","lastlogsize":25092,"timestamp":1661839774,"source":"hpqcaslwmiex","severity":1,"id":115,"clock":1689161247,"ns":682352600},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1\n","lastlogsize":25093,"timestamp":1661839780,"source":"igfxCUIService2.0.0.0","severity":1,"id":116,"clock":1689161247,"ns":874776100},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1\n","lastlogsize":25094,"timestamp":1661839780,"source":"igfxCUIService2.0.0.0","severity":1,"id":117,"clock":1689161248,"ns":70257600},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a notification event.","lastlogsize":25095,"timestamp":1661839780,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6000,"id":118,"clock":1689161248,"ns":75987500},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1\n","lastlogsize":25096,"timestamp":1661839780,"source":"igfxCUIService2.0.0.0","severity":1,"id":119,"clock":1689161248,"ns":273064600},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (9212,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0).","lastlogsize":25097,"timestamp":1661839781,"source":"ESENT","severity":1,"eventid":102,"id":120,"clock":1689161248,"ns":277677900},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (9212,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) \r\n \r\nAdditional Data:\r\n \r\n \r\nInternal Timing Sequence: \n[1] 0.001713 +J(0) +M(C:0K, Fs:318, WS:1244K # 1244K, PF:5392K # 5392K, P:5392K)\n[2] 0.000343 +J(0) +M(C:0K, Fs:123, WS:492K # 492K, PF:436K # 436K, P:436K)\n[3] 0.000820 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K)\n[4] 0.000108 +J(0) +M(C:0K, Fs:33, WS:128K # 128K, PF:364K # 364K, P:364K)\n[5] 0.001004 +J(0) +M(C:0K, Fs:11, WS:44K # 44K, PF:20K # 20K, P:20K)\n[6] 0.012000 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:20K # 20K, P:20K)\n[7] 0.005471 -0.001848 (2) WT +J(0) +M(C:0K, Fs:267, WS:1068K # 1068K, PF:1024K # 1024K, P:1024K)\n[8] -\n[9] -\n[10] -\n[11] -\n[12] -\n[13] 0.012408 -0.000206 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1020K # 12K, P:-1020K)\n[14] 0.000023 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:4K # 0K, P:4K)\n[15] 0.000065 +J(0) +M(C:0K, Fs:65, WS:260K # 0K, PF:64K # 0K, P:64K)\n[16] 0.000195 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).","lastlogsize":25098,"timestamp":1661839781,"source":"ESENT","severity":1,"eventid":105,"id":121,"clock":1689161248,"ns":282131900},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (9212,D,50) Windows: The database engine attached a database (1, C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb). (Time=0 seconds) \r\n \r\nSaved Cache: 0 0 \r\nAdditional Data: lgposAttach = 00000BBC:0080:0268,\ndbv = 1568.110.240 \r\n \r\nInternal Timing Sequence: \n[1] 0.000004 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[2] 0.001408 -0.000422 (1) WT +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K)\n[3] 0.004282 -0.000751 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:43, WS:136K # 0K, PF:152K # 0K, P:152K)\n[4] 0.000175 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[5] -\n[6] -\n[7] -\n[8] 0.005388 -0.005125 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:51, WS:200K # 0K, PF:688K # 0K, P:688K)\n[9] 0.017471 -0.000529 (5) CM -0.016680 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:288K # 212K, P:288K)\n[10] 0.000258 -0.000177 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 20K, PF:96K # 96K, P:96K)\n[11] 0.000011 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K)\n[12] 0.000041 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K)\n[13] 0.000001 +J(0)\n[14] 0.0 +J(0)\n[15] 0.000007 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).","lastlogsize":25099,"timestamp":1661839781,"source":"ESENT","severity":1,"eventid":326,"id":122,"clock":1689161248,"ns":286534700},{"host":"Windows host","key":"eventlog[Application]","value":"The Windows Search Service started.\n","lastlogsize":25100,"timestamp":1661839781,"source":"Microsoft-Windows-Search","severity":1,"eventid":1003,"id":123,"clock":1689161248,"ns":304648900},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed","lastlogsize":25101,"timestamp":1661839783,"source":"BrService_4_3_4_610","severity":1,"id":124,"clock":1689161248,"ns":500373400},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started","lastlogsize":25102,"timestamp":1661839783,"source":"dbupdate","severity":1,"id":125,"clock":1689161248,"ns":696412200},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25103,"timestamp":1661839784,"source":"dbupdate","severity":1,"id":126,"clock":1689161248,"ns":889650300},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service is starting.\r\nParameters:TriggerStarted:6","lastlogsize":25104,"timestamp":1661839787,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":900,"id":127,"clock":1689161248,"ns":894408800},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25105,"timestamp":1661839788,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":128,"clock":1689161248,"ns":899030000},{"host":"Windows host","key":"eventlog[Application]","value":"Initialization status for service objects.\r\nC:\\WINDOWS\\system32\\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000\n","lastlogsize":25106,"timestamp":1661839788,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1066,"id":129,"clock":1689161248,"ns":903711700},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=55c92734-d682-4d71-983e-d6ec3f16059f\r\nLicensing Status=\n1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]\n38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25107,"timestamp":1661839788,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":130,"clock":1689161248,"ns":909027200},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.","lastlogsize":25108,"timestamp":1661839788,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":131,"clock":1689161248,"ns":914195200},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.","lastlogsize":25109,"timestamp":1661839788,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":132,"clock":1689161248,"ns":919355200},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.","lastlogsize":25110,"timestamp":1661839788,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":133,"clock":1689161248,"ns":924321200},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.","lastlogsize":25111,"timestamp":1661839788,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":134,"clock":1689161248,"ns":929256600},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.","lastlogsize":25112,"timestamp":1661839788,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":135,"clock":1689161248,"ns":934252700},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has started.\r\n10.0.19041.1889","lastlogsize":25113,"timestamp":1661839788,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":902,"id":136,"clock":1689161248,"ns":939788800},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=55c92734-d682-4d71-983e-d6ec3f16059f\r\nLicensing Status=\n1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]\n38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25114,"timestamp":1661839788,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":137,"clock":1689161248,"ns":945544800},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.","lastlogsize":25115,"timestamp":1661839788,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":138,"clock":1689161248,"ns":950693300},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.","lastlogsize":25116,"timestamp":1661839788,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":139,"clock":1689161248,"ns":957086000},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.","lastlogsize":25117,"timestamp":1661839788,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":140,"clock":1689161248,"ns":962754300},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.","lastlogsize":25118,"timestamp":1661839788,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":141,"clock":1689161248,"ns":968056300},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.","lastlogsize":25119,"timestamp":1661839788,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":142,"clock":1689161248,"ns":973350700},{"host":"Windows host","key":"eventlog[Application]","value":"Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...","lastlogsize":25120,"timestamp":1661839793,"source":"DbxSvc","severity":1,"eventid":320,"id":143,"clock":1689161248,"ns":978544900},{"host":"Windows host","key":"eventlog[Application]","value":"12520","lastlogsize":25121,"timestamp":1661839797,"source":"SensorFramework-LogonTask-{100ee514-48c8-f419-6760-6fb8cb2767cd}","severity":1,"eventid":92,"id":144,"clock":1689161248,"ns":983473400},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25122,"timestamp":1661839815,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":145,"clock":1689161248,"ns":988444200},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n\n","lastlogsize":25123,"timestamp":1661839815,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":146,"clock":1689161248,"ns":993341800},{"host":"Windows host","key":"eventlog[Application]","value":"Outlook loaded the following add-in(s):\n\n\nName: Microsoft Exchange Add-in\nDescription: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability.\nProgID: UmOutlookAddin.FormRegionAddin\nGUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\UmOutlookAddin.dll\nBoot Time (Milliseconds): 16\n\nName: Microsoft Teams Meeting Add-in for Microsoft Office\nDescription: Microsoft Teams Meeting Add-in for Microsoft Office\nProgID: TeamsAddin.FastConnect\nGUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D}\nLoad Behavior: 3\nHKLM: 0\nLocation: C:\\Users\\MihailsPrihodko\\AppData\\Local\\Microsoft\\TeamsMeetingAddin\\1.0.22209.4\\x64\\Microsoft.Teams.AddinLoader.dll\nBoot Time (Milliseconds): 15\n\nName: Outlook Social Connector 2016\nDescription: Connects to social networking sites and provides people, activity, and status information.\nProgID: OscAddin.Connect\nGUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\SOCIALCONNECTOR.DLL\nBoot Time (Milliseconds): 47\n\nName: OneNote Notes about Outlook Items\nDescription: Adds Send to OneNote and Notes about this Item buttons to the command bar\nProgID: OneNote.OutlookAddin\nGUID: {93E5752E-B889-47C5-8545-654EE2533C64}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ONBttnOL.dll\nBoot Time (Milliseconds): 47\n\nName: Microsoft VBA for Outlook Addin\nDescription: \nProgID: Microsoft.VbaAddinForOutlook.1\nGUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2}\nLoad Behavior: 9\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\OUTLVBA.DLL\nBoot Time (Milliseconds): 0\n\nName: Microsoft SharePoint Server Colleague Import Add-in\nDescription: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content\nProgID: ColleagueImport.ColleagueImportAddin\nGUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120}\nLoad Behavior: 3\nHKLM: 0\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\ColleagueImport.dll\nBoot Time (Milliseconds): 15\n\nName: HP Sure Click Outlook Add-in 4.3.4.610\nDescription: HP Sure Click Outlook Add-in 4.3.4.610\nProgID: Bromium.vSentry.OutlookAddin\nGUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\HP\\Sure Click\\4.3.4.610\\servers\\BrOutlookAddin.dll\nBoot Time (Milliseconds): 281\n","lastlogsize":25124,"timestamp":1661839817,"source":"Outlook","severity":1,"eventid":45,"id":147,"clock":1689161248,"ns":998110500},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":25125,"timestamp":1661839818,"source":"Outlook","severity":1,"eventid":63,"id":148,"clock":1689161249,"ns":3214100},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25126,"timestamp":1661839883,"source":"dbupdate","severity":1,"id":149,"clock":1689161249,"ns":198728600},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped.","lastlogsize":25127,"timestamp":1661839883,"source":"edgeupdate","severity":1,"id":150,"clock":1689161249,"ns":203758200}],"clock":1689161249,"ns":205679400}] 9284:20230712:142729.211 JSON back [{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002702"}] 9284:20230712:142729.211 In check_response() response:'{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002702"}' 9284:20230712:142729.212 info from server: 'processed: 50; failed: 0; total: 50; seconds spent: 0.002702' 9284:20230712:142729.213 End of check_response():SUCCEED 9284:20230712:142729.213 OK 9284:20230712:142729.214 End of send_buffer():SUCCEED 9284:20230712:142729.215 End of process_value():SUCCEED 9284:20230712:142729.215 In zbx_parse_eventlog_message6() EventRecordID:25128 9284:20230712:142729.216 In expand_message6() 9284:20230712:142729.217 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142729.217 ====== Fatal information: ====== 9284:20230712:142729.218 Program counter: 0x67e2cf19 9284:20230712:142729.219 === Registers: === 9284:20230712:142729.219 r8 = 18 = 24 = 24 9284:20230712:142729.220 r9 = 0 = 0 = 0 9284:20230712:142729.220 r10 = 0 = 0 = 0 9284:20230712:142729.221 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142729.221 r12 = 3863b30 = 59128624 = 59128624 9284:20230712:142729.222 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142729.223 r14 = 0 = 0 = 0 9284:20230712:142729.223 r15 = 0 = 0 = 0 9284:20230712:142729.224 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142729.224 rsi = 385e410 = 59106320 = 59106320 9284:20230712:142729.225 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142729.226 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142729.226 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142729.227 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142729.228 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142729.228 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142729.229 efl = 202 = 514 = 514 9284:20230712:142729.230 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142729.230 === Backtrace: === 9284:20230712:142729.391 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142729.391 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142729.392 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142729.393 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142729.393 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142729.396 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142729.396 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142729.397 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142729.398 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142729.399 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142729.399 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142729.400 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142729.401 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142729.401 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142729.406 ================================ 9284:20230712:142729.407 provider 'gupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142729.408 End of expand_message6():(null) 9284:20230712:142729.408 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.409 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25128 value:'The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142729.409 buffer: new element 0 9284:20230712:142729.410 End of process_value():SUCCEED 9284:20230712:142729.410 In zbx_parse_eventlog_message6() EventRecordID:25129 9284:20230712:142729.411 In expand_message6() 9284:20230712:142729.412 End of expand_message6():Service started successfully. 9284:20230712:142729.413 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.413 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25129 value:'Service started successfully.' 9284:20230712:142729.413 buffer: new element 1 9284:20230712:142729.414 End of process_value():SUCCEED 9284:20230712:142729.414 In zbx_parse_eventlog_message6() EventRecordID:25130 9284:20230712:142729.415 In expand_message6() 9284:20230712:142729.416 End of expand_message6():Started event manager Started event manager 9284:20230712:142729.417 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.417 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25130 value:'Started event manager Started event manager' 9284:20230712:142729.418 buffer: new element 2 9284:20230712:142729.418 End of process_value():SUCCEED 9284:20230712:142729.419 In zbx_parse_eventlog_message6() EventRecordID:25131 9284:20230712:142729.419 In expand_message6() 9284:20230712:142729.421 End of expand_message6():Service started successfully. 9284:20230712:142729.421 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.422 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25131 value:'Service started successfully.' 9284:20230712:142729.422 buffer: new element 3 9284:20230712:142729.423 End of process_value():SUCCEED 9284:20230712:142729.423 In zbx_parse_eventlog_message6() EventRecordID:25132 9284:20230712:142729.424 In expand_message6() 9284:20230712:142729.425 End of expand_message6():The Windows Security Center Service has started. 9284:20230712:142729.426 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.427 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25132 value:'The Windows Security Center Service has started.' 9284:20230712:142729.427 buffer: new element 4 9284:20230712:142729.428 End of process_value():SUCCEED 9284:20230712:142729.429 In zbx_parse_eventlog_message6() EventRecordID:25133 9284:20230712:142729.429 In expand_message6() 9284:20230712:142729.431 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142729.431 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.432 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25133 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142729.433 buffer: new element 5 9284:20230712:142729.433 End of process_value():SUCCEED 9284:20230712:142729.434 In zbx_parse_eventlog_message6() EventRecordID:25134 9284:20230712:142729.434 In expand_message6() 9284:20230712:142729.436 End of expand_message6():Version : 2.0.11.0 9284:20230712:142729.436 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.437 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25134 value:'Version : 2.0.11.0' 9284:20230712:142729.438 buffer: new element 6 9284:20230712:142729.438 End of process_value():SUCCEED 9284:20230712:142729.439 In zbx_parse_eventlog_message6() EventRecordID:25135 9284:20230712:142729.439 In expand_message6() 9284:20230712:142729.441 End of expand_message6():Cloud logging is enabled. 9284:20230712:142729.441 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.442 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25135 value:'Cloud logging is enabled.' 9284:20230712:142729.443 buffer: new element 7 9284:20230712:142729.443 End of process_value():SUCCEED 9284:20230712:142729.444 In zbx_parse_eventlog_message6() EventRecordID:25136 9284:20230712:142729.444 In expand_message6() 9284:20230712:142729.446 End of expand_message6():Load Balance is enabled. 9284:20230712:142729.446 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.447 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25136 value:'Load Balance is enabled.' 9284:20230712:142729.447 buffer: new element 8 9284:20230712:142729.448 End of process_value():SUCCEED 9284:20230712:142729.448 In zbx_parse_eventlog_message6() EventRecordID:25137 9284:20230712:142729.449 In expand_message6() 9284:20230712:142729.451 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-06T06:12:09Z. Reason: RulesEngine. 9284:20230712:142729.451 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.452 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25137 value:'Successfully scheduled Software Protection service for re-start at 2122-08-06T06:12:09Z. Reason: RulesEngine.' 9284:20230712:142729.452 buffer: new element 9 9284:20230712:142729.453 End of process_value():SUCCEED 9284:20230712:142729.454 In zbx_parse_eventlog_message6() EventRecordID:25138 9284:20230712:142729.454 In expand_message6() 9284:20230712:142729.456 End of expand_message6():The Software Protection service has stopped. 9284:20230712:142729.456 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.457 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25138 value:'The Software Protection service has stopped. ' 9284:20230712:142729.457 buffer: new element 10 9284:20230712:142729.458 End of process_value():SUCCEED 9284:20230712:142729.459 In zbx_parse_eventlog_message6() EventRecordID:25139 9284:20230712:142729.459 In expand_message6() 9284:20230712:142729.461 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142729.461 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.462 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25139 value:'Offline downlevel migration succeeded.' 9284:20230712:142729.463 buffer: new element 11 9284:20230712:142729.463 End of process_value():SUCCEED 9284:20230712:142729.464 In zbx_parse_eventlog_message6() EventRecordID:25140 9284:20230712:142729.464 In expand_message6() 9284:20230712:142729.466 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-06T06:12:47Z. Reason: RulesEngine. 9284:20230712:142729.467 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.467 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25140 value:'Successfully scheduled Software Protection service for re-start at 2122-08-06T06:12:47Z. Reason: RulesEngine.' 9284:20230712:142729.468 buffer: new element 12 9284:20230712:142729.468 End of process_value():SUCCEED 9284:20230712:142729.469 In zbx_parse_eventlog_message6() EventRecordID:25141 9284:20230712:142729.470 In expand_message6() 9284:20230712:142729.471 End of expand_message6():Finish Device Check 9284:20230712:142729.472 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.472 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25141 value:'Finish Device Check' 9284:20230712:142729.473 buffer: new element 13 9284:20230712:142729.473 End of process_value():SUCCEED 9284:20230712:142729.474 In zbx_parse_eventlog_message6() EventRecordID:25142 9284:20230712:142729.474 In expand_message6() 9284:20230712:142729.476 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142729.476 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.477 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25142 value:'Offline downlevel migration succeeded.' 9284:20230712:142729.478 buffer: new element 14 9284:20230712:142729.478 End of process_value():SUCCEED 9284:20230712:142729.479 In zbx_parse_eventlog_message6() EventRecordID:25143 9284:20230712:142729.479 In expand_message6() 9284:20230712:142729.481 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142729.482 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.482 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25143 value:'The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142729.483 buffer: new element 15 9284:20230712:142729.483 End of process_value():SUCCEED 9284:20230712:142729.484 In zbx_parse_eventlog_message6() EventRecordID:25144 9284:20230712:142729.484 In expand_message6() 9284:20230712:142729.486 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip. 9284:20230712:142729.487 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.487 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25144 value:'Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.' 9284:20230712:142729.488 buffer: new element 16 9284:20230712:142729.488 End of process_value():SUCCEED 9284:20230712:142729.489 In zbx_parse_eventlog_message6() EventRecordID:25145 9284:20230712:142729.489 In expand_message6() 9284:20230712:142729.491 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip. 9284:20230712:142729.492 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.492 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25145 value:'Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.' 9284:20230712:142729.493 buffer: new element 17 9284:20230712:142729.493 End of process_value():SUCCEED 9284:20230712:142729.494 In zbx_parse_eventlog_message6() EventRecordID:25146 9284:20230712:142729.494 In expand_message6() 9284:20230712:142729.496 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip. 9284:20230712:142729.496 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.497 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25146 value:'Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.' 9284:20230712:142729.498 buffer: new element 18 9284:20230712:142729.498 End of process_value():SUCCEED 9284:20230712:142729.499 In zbx_parse_eventlog_message6() EventRecordID:25147 9284:20230712:142729.499 In expand_message6() 9284:20230712:142729.501 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip. 9284:20230712:142729.501 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.502 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25147 value:'Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.' 9284:20230712:142729.503 buffer: new element 19 9284:20230712:142729.503 End of process_value():SUCCEED 9284:20230712:142729.504 In zbx_parse_eventlog_message6() EventRecordID:25148 9284:20230712:142729.505 In expand_message6() 9284:20230712:142729.506 End of expand_message6():Updated policy Kernel-RegisteredProcessors with value of 2 from Clip. 9284:20230712:142729.507 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.508 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25148 value:'Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.' 9284:20230712:142729.508 buffer: new element 20 9284:20230712:142729.509 End of process_value():SUCCEED 9284:20230712:142729.510 In zbx_parse_eventlog_message6() EventRecordID:25149 9284:20230712:142729.510 In expand_message6() 9284:20230712:142729.512 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-06T06:16:12Z. Reason: RulesEngine. 9284:20230712:142729.513 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.513 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25149 value:'Successfully scheduled Software Protection service for re-start at 2122-08-06T06:16:12Z. Reason: RulesEngine.' 9284:20230712:142729.514 buffer: new element 21 9284:20230712:142729.514 End of process_value():SUCCEED 9284:20230712:142729.515 In zbx_parse_eventlog_message6() EventRecordID:25150 9284:20230712:142729.516 In expand_message6() 9284:20230712:142729.517 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142729.518 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.519 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25150 value:'Offline downlevel migration succeeded.' 9284:20230712:142729.519 buffer: new element 22 9284:20230712:142729.520 End of process_value():SUCCEED 9284:20230712:142729.521 In zbx_parse_eventlog_message6() EventRecordID:25151 9284:20230712:142729.521 In expand_message6() 9284:20230712:142729.523 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142729.523 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.524 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25151 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142729.525 buffer: new element 23 9284:20230712:142729.525 End of process_value():SUCCEED 9284:20230712:142729.526 In zbx_parse_eventlog_message6() EventRecordID:25152 9284:20230712:142729.527 In expand_message6() 9284:20230712:142729.528 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142729.529 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.529 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25152 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142729.530 buffer: new element 24 9284:20230712:142729.531 End of process_value():SUCCEED 9284:20230712:142729.531 In zbx_parse_eventlog_message6() EventRecordID:25153 9284:20230712:142729.532 In expand_message6() 9284:20230712:142729.534 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-06T06:20:05Z. Reason: RulesEngine. 9284:20230712:142729.534 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.535 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25153 value:'Successfully scheduled Software Protection service for re-start at 2122-08-06T06:20:05Z. Reason: RulesEngine.' 9284:20230712:142729.536 buffer: new element 25 9284:20230712:142729.536 End of process_value():SUCCEED 9284:20230712:142729.537 In zbx_parse_eventlog_message6() EventRecordID:25154 9284:20230712:142729.537 In expand_message6() 9284:20230712:142729.539 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142729.540 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.540 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25154 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142729.541 buffer: new element 26 9284:20230712:142729.542 End of process_value():SUCCEED 9284:20230712:142729.542 In zbx_parse_eventlog_message6() EventRecordID:25155 9284:20230712:142729.543 In expand_message6() 9284:20230712:142729.544 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142729.545 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.546 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25155 value:'Offline downlevel migration succeeded.' 9284:20230712:142729.546 buffer: new element 27 9284:20230712:142729.547 End of process_value():SUCCEED 9284:20230712:142729.548 In zbx_parse_eventlog_message6() EventRecordID:25156 9284:20230712:142729.548 In expand_message6() 9284:20230712:142729.550 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-06T06:25:39Z. Reason: RulesEngine. 9284:20230712:142729.551 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.551 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25156 value:'Successfully scheduled Software Protection service for re-start at 2122-08-06T06:25:39Z. Reason: RulesEngine.' 9284:20230712:142729.552 buffer: new element 28 9284:20230712:142729.553 End of process_value():SUCCEED 9284:20230712:142729.553 In zbx_parse_eventlog_message6() EventRecordID:25157 9284:20230712:142729.554 In expand_message6() 9284:20230712:142729.555 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142729.556 ====== Fatal information: ====== 9284:20230712:142729.556 Program counter: 0x67e2cf19 9284:20230712:142729.557 === Registers: === 9284:20230712:142729.557 r8 = 18 = 24 = 24 9284:20230712:142729.558 r9 = 0 = 0 = 0 9284:20230712:142729.559 r10 = 0 = 0 = 0 9284:20230712:142729.559 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142729.560 r12 = 3862930 = 59124016 = 59124016 9284:20230712:142729.561 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142729.561 r14 = 0 = 0 = 0 9284:20230712:142729.562 r15 = 0 = 0 = 0 9284:20230712:142729.563 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142729.563 rsi = 385f630 = 59110960 = 59110960 9284:20230712:142729.564 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142729.565 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142729.565 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142729.566 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142729.566 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142729.567 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142729.568 efl = 202 = 514 = 514 9284:20230712:142729.568 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142729.569 === Backtrace: === 9284:20230712:142729.728 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142729.729 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142729.730 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142729.731 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142729.731 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142729.734 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142729.734 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142729.735 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142729.736 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142729.736 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142729.737 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142729.738 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142729.739 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142729.739 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142729.744 ================================ 9284:20230712:142729.745 provider 'gupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142729.746 End of expand_message6():(null) 9284:20230712:142729.746 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.747 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25157 value:'The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142729.747 buffer: new element 29 9284:20230712:142729.748 End of process_value():SUCCEED 9284:20230712:142729.748 In zbx_parse_eventlog_message6() EventRecordID:25158 9284:20230712:142729.748 In expand_message6() 9284:20230712:142729.750 End of expand_message6():Service stopped. 9284:20230712:142729.751 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.751 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25158 value:'Service stopped.' 9284:20230712:142729.752 buffer: new element 30 9284:20230712:142729.752 End of process_value():SUCCEED 9284:20230712:142729.753 In zbx_parse_eventlog_message6() EventRecordID:25159 9284:20230712:142729.753 In expand_message6() 9284:20230712:142729.755 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142729.755 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.756 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25159 value:'Offline downlevel migration succeeded.' 9284:20230712:142729.756 buffer: new element 31 9284:20230712:142729.757 End of process_value():SUCCEED 9284:20230712:142729.757 In zbx_parse_eventlog_message6() EventRecordID:25160 9284:20230712:142729.758 In expand_message6() 9284:20230712:142729.759 End of expand_message6():svchost (7076,P,98) DS_Token_DB: The database engine (10.00.19044.0000) is starting a new instance (0). 9284:20230712:142729.760 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.760 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25160 value:'svchost (7076,P,98) DS_Token_DB: The database engine (10.00.19044.0000) is starting a new instance (0).' 9284:20230712:142729.761 buffer: new element 32 9284:20230712:142729.761 End of process_value():SUCCEED 9284:20230712:142729.762 In zbx_parse_eventlog_message6() EventRecordID:25161 9284:20230712:142729.762 In expand_message6() 9284:20230712:142729.764 End of expand_message6():svchost (7076,R,98) DS_Token_DB: The database engine is initiating recovery steps. 9284:20230712:142729.764 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.765 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25161 value:'svchost (7076,R,98) DS_Token_DB: The database engine is initiating recovery steps.' 9284:20230712:142729.765 buffer: new element 33 9284:20230712:142729.766 End of process_value():SUCCEED 9284:20230712:142729.766 In zbx_parse_eventlog_message6() EventRecordID:25162 9284:20230712:142729.767 In expand_message6() 9284:20230712:142729.769 End of expand_message6():svchost (7076,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS0001E.log. Processing Stats: [1] 0.019702 -0.001914 (7) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:8129/7) +M(C:0K, Fs:76, WS:224K # 228K, PF:160K # 164K, P:160K). Log record of type 'AttachDB ' was seen most frequently (1 times) 9284:20230712:142729.769 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.770 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25162 value:'svchost (7076,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS0001E.log. Processing Stats: [1] 0.019702 -0.001914 (7) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:8129/7) +M(C:0K, Fs:76, WS:224K # 228K, PF:160K # 164K, P:160K). Log record of type 'AttachDB ' was seen most frequently (1 times)' 9284:20230712:142729.770 buffer: new element 34 9284:20230712:142729.771 End of process_value():SUCCEED 9284:20230712:142729.771 In zbx_parse_eventlog_message6() EventRecordID:25163 9284:20230712:142729.772 In expand_message6() 9284:20230712:142729.773 End of expand_message6():svchost (7076,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Processing Stats: [1] 0.003078 -0.000246 (2) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:1/1) +M(C:0K, Fs:15, WS:56K # 60K, PF:64K # 64K, P:64K). Log record of type 'NOP ' was seen most frequently (1 times) 9284:20230712:142729.774 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.774 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25163 value:'svchost (7076,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Processing Stats: [1] 0.003078 -0.000246 (2) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:1/1) +M(C:0K, Fs:15, WS:56K # 60K, PF:64K # 64K, P:64K). Log record of type 'NOP ' was seen most frequently (1 times)' 9284:20230712:142729.775 buffer: new element 35 9284:20230712:142729.775 End of process_value():SUCCEED 9284:20230712:142729.776 In zbx_parse_eventlog_message6() EventRecordID:25164 9284:20230712:142729.776 In expand_message6() 9284:20230712:142729.778 End of expand_message6():svchost (7076,U,98) DS_Token_DB: The database engine has successfully completed recovery steps. 9284:20230712:142729.778 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.779 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25164 value:'svchost (7076,U,98) DS_Token_DB: The database engine has successfully completed recovery steps.' 9284:20230712:142729.779 buffer: new element 36 9284:20230712:142729.780 End of process_value():SUCCEED 9284:20230712:142729.780 In zbx_parse_eventlog_message6() EventRecordID:25165 9284:20230712:142729.781 In expand_message6() 9284:20230712:142729.783 End of expand_message6():svchost (7076,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 0000001E:000C:0000 - 0000001E:000E:0036 - 0000001F:0001:0000 - 0000001F:0001:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.001876 +J(0) +M(C:0K, Fs:276, WS:1084K # 1084K, PF:3612K # 3612K, P:3612K) [2] 0.000521 +J(0) +M(C:8K, Fs:114, WS:448K # 448K, PF:368K # 368K, P:368K) [3] 0.000022 +J(0) +M(C:0K, Fs:4, WS:12K # 12K, PF:68K # 68K, P:68K) [4] 0.000129 +J(0) +M(C:0K, Fs:32, WS:128K # 128K, PF:164K # 164K, P:164K) [5] 0.003606 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K) [6] 0.006118 +J(0) +M(C:0K, Fs:26, WS:104K # 104K, PF:12K # 12K, P:12K) [7] 0.005978 -0.000611 (2) WT +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:64K # 64K, P:64K) [8] 0.039680 -0.002855 (10) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:8129/7) +M(C:0K, Fs:108, WS:344K # 348K, PF:248K # 252K, P:248K) [9] 0.008227 -0.000817 (4) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:1/1) +M(C:0K, Fs:30, WS:112K # 108K, PF:68K # 64K, P:68K) + 1 lgens [10] 0.001063 -0.000211 (1) WT +J(0) +M(C:0K, Fs:0, WS:-60K # 0K, PF:-60K # 0K, P:-60K) [11] 0.000225 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [12] 0.003579 -0.000324 (1) WT +J(0) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [13] 0.038824 -0.000378 (2) CM -0.005989 (23) WT +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:56, WS:92K # 112K, PF:160K # 168K, P:160K) [14] 0.000024 +J(0) [15] 0.000011 +J(0) [16] 0.001496 -0.000325 (1) WT +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K). 9284:20230712:142729.783 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.784 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25165 value:'svchost (7076,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 0000001E:000C:0000 - 0000001E:000E:0036 - 0000001F:0001:0000 - 0000001F:0001:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.001876 +J(0) +M(C:0K, Fs:276, WS:1084K # 1084K, PF:3612K # 3612K, P:3612K) [2] 0.000521 +J(0) +M(C:8K, Fs:114, WS:448K # 448K, PF:368K # 368K, P:368K) [3] 0.000022 +J(0) +M(C:0K, Fs:4, WS:12K # 12K, PF:68K # 68K, P:68K) [4] 0.000129 +J(0) +M(C:0K, Fs:32, WS:128K # 128K, PF:164K # 164K, P:164K) [5] 0.003606 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K) [6] 0.006118 +J(0) +M(C:0K, Fs:26, WS:104K # 104K, PF:12K # 12K, P:12K) [7] 0.005978 -0.000611 (2) WT +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:64K # 64K, P:64K) [8] 0.039680 -0.002855 (10) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:8129/7) +M(C:0K, Fs:108, WS:344K # 348K, PF:248K # 252K, P:248K) [9] 0.008227 -0.000817 (4) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:1/1) +M(C:0K, Fs:30, WS:112K # 108K, PF:68K # 64K, P:68K) + 1 lgens [10] 0.001063 -0.000211 (1) WT +J(0) +M(C:0K, Fs:0, WS:-60K # 0K, PF:-60K # 0K, P:-60K) [11] 0.000225 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [12] 0.003579 -0.000324 (1) WT +J(0) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [13] 0.038824 -0.000378 (2) CM -0.005989 (23) WT +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:56, WS:92K # 112K, PF:160K # 168K, P:160K) [14] 0.000024 +J(0) [15] 0.000011 +J(0) [16] 0.001496 -0.000325 (1) WT +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).' 9284:20230712:142729.784 buffer: new element 37 9284:20230712:142729.785 End of process_value():SUCCEED 9284:20230712:142729.785 In zbx_parse_eventlog_message6() EventRecordID:25166 9284:20230712:142729.786 In expand_message6() 9284:20230712:142729.787 End of expand_message6():svchost (7076,D,50) DS_Token_DB: The database engine attached a database (1, C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 0000001F:0003:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000005 +J(0) [2] 0.002314 -0.001540 (1) WT +J(0) +M(C:0K, Fs:17, WS:4K # 8K, PF:4K # 0K, P:4K) [3] 0.011837 -0.000656 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:11, WS:40K # 0K, PF:36K # 0K, P:36K) [4] 0.002142 +J(0) [5] - [6] - [7] - [8] 0.000944 -0.000481 (2) CM -0.000245 (2) WT +J(CM:2, PgRf:2, Rd:4/2, Dy:0/0, Lg:54/1) +M(C:8K, Fs:7, WS:28K # 4K, PF:36K # 8K, P:36K) [9] 0.001177 -0.000920 (3) CM -0.000805 (3) WT +J(CM:3, PgRf:23, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:28, WS:100K # 100K, PF:200K # 208K, P:200K) [10] 0.000453 -0.000303 (2) CM -0.000222 (2) WT +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:64K # 56K, P:64K) [11] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000047 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [13] 0.000001 +J(0) [14] 0.0 +J(0) [15] 0.000006 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0). 9284:20230712:142729.788 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.788 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25166 value:'svchost (7076,D,50) DS_Token_DB: The database engine attached a database (1, C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 0000001F:0003:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000005 +J(0) [2] 0.002314 -0.001540 (1) WT +J(0) +M(C:0K, Fs:17, WS:4K # 8K, PF:4K # 0K, P:4K) [3] 0.011837 -0.000656 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:11, WS:40K # 0K, PF:36K # 0K, P:36K) [4] 0.002142 +J(0) [5] - [6] - [7] - [8] 0.000944 -0.000481 (2) CM -0.000245 (2) WT +J(CM:2, PgRf:2, Rd:4/2, Dy:0/0, Lg:54/1) +M(C:8K, Fs:7, WS:28K # 4K, PF:36K # 8K, P:36K) [9] 0.001177 -0.000920 (3) CM -0.000805 (3) WT +J(CM:3, PgRf:23, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:28, WS:100K # 100K, PF:200K # 208K, P:200K) [10] 0.000453 -0.000303 (2) CM -0.000222 (2) WT +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:64K # 56K, P:64K) [11] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000047 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [13] 0.000001 +J(0) [14] 0.0 +J(0) [15] 0.000006 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).' 9284:20230712:142729.789 buffer: new element 38 9284:20230712:142729.789 End of process_value():SUCCEED 9284:20230712:142729.790 In zbx_parse_eventlog_message6() EventRecordID:25167 9284:20230712:142729.790 In expand_message6() 9284:20230712:142729.792 End of expand_message6():Starting session 1 - ‎2022‎-‎08‎-‎30T07:55:47.040191700Z. 9284:20230712:142729.793 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.793 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25167 value:'Starting session 1 - ‎2022‎-‎08‎-‎30T07:55:47.040191700Z.' 9284:20230712:142729.794 buffer: new element 39 9284:20230712:142729.794 End of process_value():SUCCEED 9284:20230712:142729.795 In zbx_parse_eventlog_message6() EventRecordID:25168 9284:20230712:142729.795 In expand_message6() 9284:20230712:142729.797 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-06T07:55:55Z. Reason: RulesEngine. 9284:20230712:142729.798 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.798 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25168 value:'Successfully scheduled Software Protection service for re-start at 2122-08-06T07:55:55Z. Reason: RulesEngine.' 9284:20230712:142729.799 buffer: new element 40 9284:20230712:142729.800 End of process_value():SUCCEED 9284:20230712:142729.800 In zbx_parse_eventlog_message6() EventRecordID:25169 9284:20230712:142729.801 In expand_message6() 9284:20230712:142729.803 End of expand_message6():Ending session 1 started ‎2022‎-‎08‎-‎30T07:55:47.040191700Z. 9284:20230712:142729.804 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.804 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25169 value:'Ending session 1 started ‎2022‎-‎08‎-‎30T07:55:47.040191700Z.' 9284:20230712:142729.805 buffer: new element 41 9284:20230712:142729.805 End of process_value():SUCCEED 9284:20230712:142729.806 In zbx_parse_eventlog_message6() EventRecordID:25170 9284:20230712:142729.806 In expand_message6() 9284:20230712:142729.808 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142729.809 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.809 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25170 value:'Offline downlevel migration succeeded.' 9284:20230712:142729.810 buffer: new element 42 9284:20230712:142729.810 End of process_value():SUCCEED 9284:20230712:142729.811 In zbx_parse_eventlog_message6() EventRecordID:25171 9284:20230712:142729.812 In expand_message6() 9284:20230712:142729.813 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-06T08:14:47Z. Reason: RulesEngine. 9284:20230712:142729.814 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.814 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25171 value:'Successfully scheduled Software Protection service for re-start at 2122-08-06T08:14:47Z. Reason: RulesEngine.' 9284:20230712:142729.815 buffer: new element 43 9284:20230712:142729.815 End of process_value():SUCCEED 9284:20230712:142729.816 In zbx_parse_eventlog_message6() EventRecordID:25172 9284:20230712:142729.816 In expand_message6() 9284:20230712:142729.818 End of expand_message6():Starting session 1 - ‎2022‎-‎08‎-‎30T09:00:59.500758500Z. 9284:20230712:142729.819 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.820 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25172 value:'Starting session 1 - ‎2022‎-‎08‎-‎30T09:00:59.500758500Z.' 9284:20230712:142729.820 buffer: new element 44 9284:20230712:142729.821 End of process_value():SUCCEED 9284:20230712:142729.821 In zbx_parse_eventlog_message6() EventRecordID:25173 9284:20230712:142729.822 In expand_message6() 9284:20230712:142729.824 End of expand_message6():Ending session 1 started ‎2022‎-‎08‎-‎30T09:00:59.500758500Z. 9284:20230712:142729.824 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.825 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25173 value:'Ending session 1 started ‎2022‎-‎08‎-‎30T09:00:59.500758500Z.' 9284:20230712:142729.825 buffer: new element 45 9284:20230712:142729.826 End of process_value():SUCCEED 9284:20230712:142729.826 In zbx_parse_eventlog_message6() EventRecordID:25174 9284:20230712:142729.827 In expand_message6() 9284:20230712:142729.829 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142729.829 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.830 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25174 value:'Offline downlevel migration succeeded.' 9284:20230712:142729.830 buffer: new element 46 9284:20230712:142729.831 End of process_value():SUCCEED 9284:20230712:142729.831 In zbx_parse_eventlog_message6() EventRecordID:25175 9284:20230712:142729.832 In expand_message6() 9284:20230712:142729.833 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142729.834 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.834 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25175 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142729.835 buffer: new element 47 9284:20230712:142729.836 End of process_value():SUCCEED 9284:20230712:142729.836 In zbx_parse_eventlog_message6() EventRecordID:25176 9284:20230712:142729.837 In expand_message6() 9284:20230712:142729.838 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-06T09:20:09Z. Reason: RulesEngine. 9284:20230712:142729.839 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.839 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25176 value:'Successfully scheduled Software Protection service for re-start at 2122-08-06T09:20:09Z. Reason: RulesEngine.' 9284:20230712:142729.840 buffer: new element 48 9284:20230712:142729.840 End of process_value():SUCCEED 9284:20230712:142729.841 In zbx_parse_eventlog_message6() EventRecordID:25177 9284:20230712:142729.842 In expand_message6() 9284:20230712:142729.843 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142729.843 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142729.844 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25177 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142729.845 buffer: new element 49 9284:20230712:142729.845 In send_buffer() host:'192.168.56.201' port:10051 entries:50/100 9284:20230712:142729.846 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:60, connection timeout:3] 9284:20230712:142729.847 JSON before sending [{"request":"agent data","session":"4027be861358abcc6136983f1f36335c","data":[{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25128,"timestamp":1661839883,"source":"gupdate","severity":1,"id":151,"clock":1689161249,"ns":409832100},{"host":"Windows host","key":"eventlog[Application]","value":"Service started successfully.","lastlogsize":25129,"timestamp":1661839883,"source":"HP Comm Recovery","severity":1,"id":152,"clock":1689161249,"ns":414058500},{"host":"Windows host","key":"eventlog[Application]","value":"Started event manager\nStarted event manager","lastlogsize":25130,"timestamp":1661839884,"source":"IAStorDataMgrSvc","severity":1,"eventid":7303,"id":153,"clock":1689161249,"ns":418363800},{"host":"Windows host","key":"eventlog[Application]","value":"Service started successfully.","lastlogsize":25131,"timestamp":1661839884,"source":"IAStorDataMgrSvc","severity":1,"id":154,"clock":1689161249,"ns":422921800},{"host":"Windows host","key":"eventlog[Application]","value":"The Windows Security Center Service has started.","lastlogsize":25132,"timestamp":1661839886,"source":"SecurityCenter","severity":1,"eventid":1,"id":155,"clock":1689161249,"ns":427984000},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25133,"timestamp":1661839888,"source":"SecurityCenter","severity":1,"eventid":15,"id":156,"clock":1689161249,"ns":433106600},{"host":"Windows host","key":"eventlog[Application]","value":"Version : 2.0.11.0","lastlogsize":25134,"timestamp":1661839913,"source":"HP Comm Recovery","severity":1,"id":157,"clock":1689161249,"ns":438176000},{"host":"Windows host","key":"eventlog[Application]","value":"Cloud logging is enabled.","lastlogsize":25135,"timestamp":1661839913,"source":"HP Comm Recovery","severity":1,"id":158,"clock":1689161249,"ns":443100600},{"host":"Windows host","key":"eventlog[Application]","value":"Load Balance is enabled.","lastlogsize":25136,"timestamp":1661839913,"source":"HP Comm Recovery","severity":1,"id":159,"clock":1689161249,"ns":448008400},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-06T06:12:09Z. Reason: RulesEngine.","lastlogsize":25137,"timestamp":1661839929,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":160,"clock":1689161249,"ns":453035100},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has stopped.\r\n","lastlogsize":25138,"timestamp":1661839929,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":903,"id":161,"clock":1689161249,"ns":458090700},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25139,"timestamp":1661839936,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":162,"clock":1689161249,"ns":463214000},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-06T06:12:47Z. Reason: RulesEngine.","lastlogsize":25140,"timestamp":1661839967,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":163,"clock":1689161249,"ns":468480200},{"host":"Windows host","key":"eventlog[Application]","value":"Finish Device Check","lastlogsize":25141,"timestamp":1661840093,"source":"HP Comm Recovery","severity":1,"eventid":1,"id":164,"clock":1689161249,"ns":473240600},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25142,"timestamp":1661840116,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":165,"clock":1689161249,"ns":478119000},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=55c92734-d682-4d71-983e-d6ec3f16059f\r\nLicensing Status=\n1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]\n38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25143,"timestamp":1661840118,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":166,"clock":1689161249,"ns":483382200},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.","lastlogsize":25144,"timestamp":1661840118,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":167,"clock":1689161249,"ns":488330400},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.","lastlogsize":25145,"timestamp":1661840118,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":168,"clock":1689161249,"ns":493324200},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.","lastlogsize":25146,"timestamp":1661840118,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":169,"clock":1689161249,"ns":498137000},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.","lastlogsize":25147,"timestamp":1661840118,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":170,"clock":1689161249,"ns":503381500},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.","lastlogsize":25148,"timestamp":1661840118,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":171,"clock":1689161249,"ns":508946300},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-06T06:16:12Z. Reason: RulesEngine.","lastlogsize":25149,"timestamp":1661840172,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":172,"clock":1689161249,"ns":514457300},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25150,"timestamp":1661840364,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":173,"clock":1689161249,"ns":519917700},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25151,"timestamp":1661840368,"source":"SecurityCenter","severity":1,"eventid":15,"id":174,"clock":1689161249,"ns":525257400},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25152,"timestamp":1661840404,"source":"SecurityCenter","severity":1,"eventid":15,"id":175,"clock":1689161249,"ns":530677000},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-06T06:20:05Z. Reason: RulesEngine.","lastlogsize":25153,"timestamp":1661840405,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":176,"clock":1689161249,"ns":536201600},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25154,"timestamp":1661840406,"source":"SecurityCenter","severity":1,"eventid":15,"id":177,"clock":1689161249,"ns":541525000},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25155,"timestamp":1661840658,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":178,"clock":1689161249,"ns":547006100},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-06T06:25:39Z. Reason: RulesEngine.","lastlogsize":25156,"timestamp":1661840739,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":179,"clock":1689161249,"ns":552627900},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25157,"timestamp":1661843147,"source":"gupdate","severity":1,"id":180,"clock":1689161249,"ns":747581900},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped.","lastlogsize":25158,"timestamp":1661843290,"source":"edgeupdate","severity":1,"id":181,"clock":1689161249,"ns":752204400},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25159,"timestamp":1661846124,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":182,"clock":1689161249,"ns":756754700},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (7076,P,98) DS_Token_DB: The database engine (10.00.19044.0000) is starting a new instance (0).","lastlogsize":25160,"timestamp":1661846124,"source":"ESENT","severity":1,"eventid":102,"id":183,"clock":1689161249,"ns":761482100},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (7076,R,98) DS_Token_DB: The database engine is initiating recovery steps.","lastlogsize":25161,"timestamp":1661846124,"source":"ESENT","severity":1,"eventid":300,"id":184,"clock":1689161249,"ns":766028600},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (7076,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\\WINDOWS\\system32\\config\\systemprofile\\AppData\\Local\\DataSharing\\Storage\\DSS0001E.log. \r\n \r\nProcessing Stats: \n[1] 0.019702 -0.001914 (7) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:8129/7) +M(C:0K, Fs:76, WS:224K # 228K, PF:160K # 164K, P:160K). \r\nLog record of type 'AttachDB ' was seen most frequently (1 times)","lastlogsize":25162,"timestamp":1661846124,"source":"ESENT","severity":1,"eventid":301,"id":185,"clock":1689161249,"ns":770642900},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (7076,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\\WINDOWS\\system32\\config\\systemprofile\\AppData\\Local\\DataSharing\\Storage\\DSS.log. \r\n \r\nProcessing Stats: \n[1] 0.003078 -0.000246 (2) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:1/1) +M(C:0K, Fs:15, WS:56K # 60K, PF:64K # 64K, P:64K). \r\nLog record of type 'NOP ' was seen most frequently (1 times)","lastlogsize":25163,"timestamp":1661846124,"source":"ESENT","severity":1,"eventid":301,"id":186,"clock":1689161249,"ns":775364000},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (7076,U,98) DS_Token_DB: The database engine has successfully completed recovery steps.","lastlogsize":25164,"timestamp":1661846124,"source":"ESENT","severity":1,"eventid":302,"id":187,"clock":1689161249,"ns":779985300},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (7076,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) \r\n \r\nAdditional Data:\r\n lgposV2[] = 0000001E:000C:0000 - 0000001E:000E:0036 - 0000001F:0001:0000 - 0000001F:0001:0000 (00000000:0000:0000)\ncReInits = 1\n \r\n \r\nInternal Timing Sequence: \n[1] 0.001876 +J(0) +M(C:0K, Fs:276, WS:1084K # 1084K, PF:3612K # 3612K, P:3612K)\n[2] 0.000521 +J(0) +M(C:8K, Fs:114, WS:448K # 448K, PF:368K # 368K, P:368K)\n[3] 0.000022 +J(0) +M(C:0K, Fs:4, WS:12K # 12K, PF:68K # 68K, P:68K)\n[4] 0.000129 +J(0) +M(C:0K, Fs:32, WS:128K # 128K, PF:164K # 164K, P:164K)\n[5] 0.003606 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K)\n[6] 0.006118 +J(0) +M(C:0K, Fs:26, WS:104K # 104K, PF:12K # 12K, P:12K)\n[7] 0.005978 -0.000611 (2) WT +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:64K # 64K, P:64K)\n[8] 0.039680 -0.002855 (10) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:8129/7) +M(C:0K, Fs:108, WS:344K # 348K, PF:248K # 252K, P:248K)\n[9] 0.008227 -0.000817 (4) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:1/1) +M(C:0K, Fs:30, WS:112K # 108K, PF:68K # 64K, P:68K) + 1 lgens\n[10] 0.001063 -0.000211 (1) WT +J(0) +M(C:0K, Fs:0, WS:-60K # 0K, PF:-60K # 0K, P:-60K)\n[11] 0.000225 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[12] 0.003579 -0.000324 (1) WT +J(0) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K)\n[13] 0.038824 -0.000378 (2) CM -0.005989 (23) WT +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:56, WS:92K # 112K, PF:160K # 168K, P:160K)\n[14] 0.000024 +J(0)\n[15] 0.000011 +J(0)\n[16] 0.001496 -0.000325 (1) WT +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).","lastlogsize":25165,"timestamp":1661846124,"source":"ESENT","severity":1,"eventid":105,"id":188,"clock":1689161249,"ns":784626700},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (7076,D,50) DS_Token_DB: The database engine attached a database (1, C:\\WINDOWS\\system32\\config\\systemprofile\\AppData\\Local\\DataSharing\\Storage\\DSTokenDB2.dat). (Time=0 seconds) \r\n \r\nSaved Cache: 1 0 \r\nAdditional Data: lgposAttach = 0000001F:0003:0268,\ndbv = 1568.110.240 \r\n \r\nInternal Timing Sequence: \n[1] 0.000005 +J(0)\n[2] 0.002314 -0.001540 (1) WT +J(0) +M(C:0K, Fs:17, WS:4K # 8K, PF:4K # 0K, P:4K)\n[3] 0.011837 -0.000656 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:11, WS:40K # 0K, PF:36K # 0K, P:36K)\n[4] 0.002142 +J(0)\n[5] -\n[6] -\n[7] -\n[8] 0.000944 -0.000481 (2) CM -0.000245 (2) WT +J(CM:2, PgRf:2, Rd:4/2, Dy:0/0, Lg:54/1) +M(C:8K, Fs:7, WS:28K # 4K, PF:36K # 8K, P:36K)\n[9] 0.001177 -0.000920 (3) CM -0.000805 (3) WT +J(CM:3, PgRf:23, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:28, WS:100K # 100K, PF:200K # 208K, P:200K)\n[10] 0.000453 -0.000303 (2) CM -0.000222 (2) WT +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:64K # 56K, P:64K)\n[11] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K)\n[12] 0.000047 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K)\n[13] 0.000001 +J(0)\n[14] 0.0 +J(0)\n[15] 0.000006 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).","lastlogsize":25166,"timestamp":1661846124,"source":"ESENT","severity":1,"eventid":326,"id":189,"clock":1689161249,"ns":789318700},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 1 - ‎2022‎-‎08‎-‎30T07:55:47.040191700Z.","lastlogsize":25167,"timestamp":1661846147,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":190,"clock":1689161249,"ns":794224600},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-06T07:55:55Z. Reason: RulesEngine.","lastlogsize":25168,"timestamp":1661846155,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":191,"clock":1689161249,"ns":799518800},{"host":"Windows host","key":"eventlog[Application]","value":"Ending session 1 started ‎2022‎-‎08‎-‎30T07:55:47.040191700Z.","lastlogsize":25169,"timestamp":1661846243,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10001,"id":192,"clock":1689161249,"ns":805213600},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25170,"timestamp":1661847257,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":193,"clock":1689161249,"ns":810428000},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-06T08:14:47Z. Reason: RulesEngine.","lastlogsize":25171,"timestamp":1661847287,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":194,"clock":1689161249,"ns":815507100},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 1 - ‎2022‎-‎08‎-‎30T09:00:59.500758500Z.","lastlogsize":25172,"timestamp":1661850059,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":195,"clock":1689161249,"ns":820790300},{"host":"Windows host","key":"eventlog[Application]","value":"Ending session 1 started ‎2022‎-‎08‎-‎30T09:00:59.500758500Z.","lastlogsize":25173,"timestamp":1661850130,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10001,"id":196,"clock":1689161249,"ns":826033600},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25174,"timestamp":1661851160,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":197,"clock":1689161249,"ns":830862000},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25175,"timestamp":1661851189,"source":"SecurityCenter","severity":1,"eventid":15,"id":198,"clock":1689161249,"ns":835539100},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-06T09:20:09Z. Reason: RulesEngine.","lastlogsize":25176,"timestamp":1661851209,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":199,"clock":1689161249,"ns":840453400},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":25177,"timestamp":1661854235,"source":"Outlook","severity":1,"eventid":63,"id":200,"clock":1689161249,"ns":845083700}],"clock":1689161249,"ns":846914400}] 9284:20230712:142729.851 JSON back [{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002347"}] 9284:20230712:142729.852 In check_response() response:'{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002347"}' 9284:20230712:142729.852 info from server: 'processed: 50; failed: 0; total: 50; seconds spent: 0.002347' 9284:20230712:142729.853 End of check_response():SUCCEED 9284:20230712:142729.853 OK 9284:20230712:142729.854 End of send_buffer():SUCCEED 9284:20230712:142729.855 End of process_value():SUCCEED 9284:20230712:142729.855 End of process_eventslog6():SUCCEED last eventid:63 9284:20230712:142729.856 In finalize_eventlog6() 9284:20230712:142729.857 End of finalize_eventlog6():SUCCEED 9284:20230712:142729.857 In need_meta_update() key:eventlog[Application] 9284:20230712:142729.858 End of need_meta_update():FAIL 9284:20230712:142729.858 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142729.859 End of send_buffer():SUCCEED 9284:20230712:142729.860 End of process_active_checks() 9284:20230712:142729.860 In get_min_nextcheck() 9284:20230712:142729.861 End of get_min_nextcheck():1689161259 9284:20230712:142729.861 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142729.862 End of send_buffer():SUCCEED 9284:20230712:142729.862 In refresh_active_checks() host:'192.168.56.201' port:10051 9284:20230712:142729.867 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:3, connection timeout:3] 9284:20230712:142729.868 sending [{"request":"active checks","host":"Windows host","host_metadata":"Q21 Ver. 02.09.01","config_revision":912,"session":"4027be861358abcc6136983f1f36335c"}] 9284:20230712:142729.869 before read 9284:20230712:142729.869 got [{"response":"success"}] 9284:20230712:142729.870 In parse_list_of_checks() 9284:20230712:142729.870 End of parse_list_of_checks():SUCCEED 9284:20230712:142729.871 End of refresh_active_checks():SUCCEED 9284:20230712:142729.872 In process_active_checks() server:'192.168.56.201' port:10051 9284:20230712:142729.872 End of process_active_checks() 9284:20230712:142729.873 In get_min_nextcheck() 9284:20230712:142729.873 End of get_min_nextcheck():1689161259 2184:20230712:142730.158 In collect_perfstat() 2184:20230712:142730.161 End of collect_perfstat() 9284:20230712:142730.876 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142730.879 End of send_buffer():SUCCEED 2184:20230712:142731.163 In collect_perfstat() 2184:20230712:142731.169 End of collect_perfstat() 9284:20230712:142731.883 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142731.885 End of send_buffer():SUCCEED 2184:20230712:142732.173 In collect_perfstat() 2184:20230712:142732.180 End of collect_perfstat() 9284:20230712:142732.887 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142732.888 End of send_buffer():SUCCEED 2184:20230712:142733.184 In collect_perfstat() 2184:20230712:142733.190 End of collect_perfstat() 9284:20230712:142733.891 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142733.893 End of send_buffer():SUCCEED 2184:20230712:142734.193 In collect_perfstat() 2184:20230712:142734.198 End of collect_perfstat() 9284:20230712:142734.896 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142734.897 End of send_buffer():SUCCEED 9284:20230712:142734.898 In refresh_active_checks() host:'192.168.56.201' port:10051 9284:20230712:142734.903 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:3, connection timeout:3] 9284:20230712:142734.904 sending [{"request":"active checks","host":"Windows host","host_metadata":"Q21 Ver. 02.09.01","config_revision":912,"session":"4027be861358abcc6136983f1f36335c"}] 9284:20230712:142734.905 before read 9284:20230712:142734.906 got [{"response":"success","config_revision":918,"data":[{"key":"eventlog[Application]","delay":10,"lastlogsize":25177,"mtime":0}]}] 9284:20230712:142734.906 In parse_list_of_checks() 9284:20230712:142734.907 In add_check() key:'eventlog[Application]' refresh:10 lastlogsize:25177 mtime:0 9284:20230712:142734.908 End of add_check() 9284:20230712:142734.908 End of parse_list_of_checks():SUCCEED 9284:20230712:142734.909 End of refresh_active_checks():SUCCEED 9284:20230712:142734.910 In process_active_checks() server:'192.168.56.201' port:10051 9284:20230712:142734.911 End of process_active_checks() 9284:20230712:142734.911 In get_min_nextcheck() 9284:20230712:142734.912 End of get_min_nextcheck():1689161259 2184:20230712:142735.202 In collect_perfstat() 2184:20230712:142735.210 End of collect_perfstat() 19844:20230712:142735.551 Requested [system.sw.os.get] 19844:20230712:142735.553 [MPLOG] in system_sw_os_get() 19844:20230712:142735.556 [MPLOG] end system_sw_os_get() 19844:20230712:142735.558 Sending back [{"os_type":"windows","product_name":"Windows 10 Pro","architecture":"x86_64","build_number":"19045","build_revision":"3086","build":"19045.3086","edition":"Professional","composition":"Enterprise","display_version":"22H2","version":"6.3","version_pretty":"Windows 10 Pro Build 19045.3086","version_full":"Windows 10 Pro 19041.1.amd64fre.vb_release.191206-1406 Build 19045.3086"}] 9284:20230712:142735.913 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142735.914 End of send_buffer():SUCCEED 2184:20230712:142736.213 In collect_perfstat() 2184:20230712:142736.220 End of collect_perfstat() 9284:20230712:142736.916 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142736.916 End of send_buffer():SUCCEED 2184:20230712:142737.223 In collect_perfstat() 2184:20230712:142737.231 End of collect_perfstat() 14488:20230712:142737.564 Requested [agent.ping] 14488:20230712:142737.566 Sending back [1] 9284:20230712:142737.919 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142737.922 End of send_buffer():SUCCEED 2184:20230712:142738.234 In collect_perfstat() 2184:20230712:142738.237 End of collect_perfstat() 9284:20230712:142738.925 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142738.926 End of send_buffer():SUCCEED 2184:20230712:142739.239 In collect_perfstat() 2184:20230712:142739.242 End of collect_perfstat() 9284:20230712:142739.930 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142739.933 End of send_buffer():SUCCEED 9284:20230712:142739.935 In refresh_active_checks() host:'192.168.56.201' port:10051 9284:20230712:142739.950 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:3, connection timeout:3] 9284:20230712:142739.954 sending [{"request":"active checks","host":"Windows host","host_metadata":"Q21 Ver. 02.09.01","config_revision":918,"session":"4027be861358abcc6136983f1f36335c"}] 9284:20230712:142739.956 before read 9284:20230712:142739.959 got [{"response":"success"}] 9284:20230712:142739.961 In parse_list_of_checks() 9284:20230712:142739.964 End of parse_list_of_checks():SUCCEED 9284:20230712:142739.966 End of refresh_active_checks():SUCCEED 9284:20230712:142739.968 In process_active_checks() server:'192.168.56.201' port:10051 9284:20230712:142739.969 In initialize_eventlog6() source:'Application' previous lastlogsize:25177 9284:20230712:142739.971 In zbx_open_eventlog6() lastlogsize:25177 9284:20230712:142739.973 In get_eventlog6_id() 9284:20230712:142739.975 End of get_eventlog6_id():SUCCEED id:94304984 9284:20230712:142739.976 In get_eventlog6_id() 9284:20230712:142739.977 End of get_eventlog6_id():SUCCEED id:94304976 9284:20230712:142739.979 End of zbx_open_eventlog6():SUCCEED FirstID:24378 LastID:70732 9284:20230712:142739.980 In zbx_get_handle_eventlog6(), previous lastlogsize:25177 9284:20230712:142739.981 End of zbx_get_handle_eventlog6():SUCCEED 9284:20230712:142739.982 End of initialize_eventlog6():SUCCEED 9284:20230712:142739.983 In process_eventslog6() source: 'Application' previous lastlogsize: 25177, FirstID: 24378, LastID: 70732 9284:20230712:142739.989 In zbx_parse_eventlog_message6() EventRecordID:25178 9284:20230712:142739.990 In expand_message6() 9284:20230712:142739.992 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142739.993 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142739.993 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25178 value:'Offline downlevel migration succeeded.' 9284:20230712:142739.994 buffer: new element 0 9284:20230712:142739.995 End of process_value():SUCCEED 9284:20230712:142739.996 In zbx_parse_eventlog_message6() EventRecordID:25179 9284:20230712:142739.996 In expand_message6() 9284:20230712:142739.998 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-06T10:26:37Z. Reason: RulesEngine. 9284:20230712:142739.999 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142740.000 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25179 value:'Successfully scheduled Software Protection service for re-start at 2122-08-06T10:26:37Z. Reason: RulesEngine.' 9284:20230712:142740.000 buffer: new element 1 9284:20230712:142740.001 End of process_value():SUCCEED 9284:20230712:142740.002 In zbx_parse_eventlog_message6() EventRecordID:25180 9284:20230712:142740.002 In expand_message6() 9284:20230712:142740.003 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142740.004 ====== Fatal information: ====== 9284:20230712:142740.004 Program counter: 0x67e2cf19 9284:20230712:142740.005 === Registers: === 9284:20230712:142740.006 r8 = 18 = 24 = 24 9284:20230712:142740.006 r9 = 0 = 0 = 0 9284:20230712:142740.007 r10 = 0 = 0 = 0 9284:20230712:142740.008 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142740.008 r12 = 6af720 = 7010080 = 7010080 9284:20230712:142740.009 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142740.009 r14 = 0 = 0 = 0 9284:20230712:142740.010 r15 = 0 = 0 = 0 9284:20230712:142740.011 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142740.011 rsi = 385f770 = 59111280 = 59111280 9284:20230712:142740.012 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142740.013 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142740.013 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142740.014 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142740.015 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142740.015 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142740.016 efl = 202 = 514 = 514 9284:20230712:142740.017 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142740.017 === Backtrace: === 9284:20230712:142740.177 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142740.178 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142740.179 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142740.179 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142740.180 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142740.182 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142740.183 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142740.184 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142740.185 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142740.186 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142740.187 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142740.188 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142740.188 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142740.189 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142740.194 ================================ 9284:20230712:142740.195 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142740.196 End of expand_message6():(null) 9284:20230712:142740.196 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142740.197 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25180 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started' 9284:20230712:142740.197 buffer: new element 2 9284:20230712:142740.198 End of process_value():SUCCEED 9284:20230712:142740.199 In zbx_parse_eventlog_message6() EventRecordID:25181 9284:20230712:142740.199 In expand_message6() 9284:20230712:142740.200 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142740.201 ====== Fatal information: ====== 9284:20230712:142740.201 Program counter: 0x67e2cf19 9284:20230712:142740.202 === Registers: === 9284:20230712:142740.202 r8 = 18 = 24 = 24 9284:20230712:142740.203 r9 = 0 = 0 = 0 9284:20230712:142740.204 r10 = 0 = 0 = 0 9284:20230712:142740.204 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142740.205 r12 = 6af7f0 = 7010288 = 7010288 9284:20230712:142740.205 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142740.206 r14 = 0 = 0 = 0 9284:20230712:142740.206 r15 = 0 = 0 = 0 9284:20230712:142740.207 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142740.208 rsi = 385f630 = 59110960 = 59110960 9284:20230712:142740.208 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142740.209 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142740.209 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142740.210 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142740.210 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142740.211 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142740.212 efl = 202 = 514 = 514 9284:20230712:142740.212 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142740.213 === Backtrace: === 2184:20230712:142740.244 In collect_perfstat() 2184:20230712:142740.247 End of collect_perfstat() 9284:20230712:142740.376 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142740.376 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142740.377 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142740.378 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142740.378 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142740.381 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142740.382 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142740.382 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142740.383 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142740.384 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142740.385 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142740.386 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142740.387 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142740.387 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142740.392 ================================ 9284:20230712:142740.393 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142740.394 End of expand_message6():(null) 9284:20230712:142740.394 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142740.395 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25181 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142740.396 buffer: new element 3 9284:20230712:142740.396 End of process_value():SUCCEED 9284:20230712:142740.397 In zbx_parse_eventlog_message6() EventRecordID:25182 9284:20230712:142740.397 In expand_message6() 9284:20230712:142740.399 End of expand_message6():The Open procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available. 9284:20230712:142740.400 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142740.400 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25182 value:'The Open procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available.' 9284:20230712:142740.401 buffer: new element 4 9284:20230712:142740.402 End of process_value():SUCCEED 9284:20230712:142740.402 In zbx_parse_eventlog_message6() EventRecordID:25183 9284:20230712:142740.403 In expand_message6() 9284:20230712:142740.404 End of expand_message6():The Open procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available. 9284:20230712:142740.405 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142740.406 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25183 value:'The Open procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available.' 9284:20230712:142740.406 buffer: new element 5 9284:20230712:142740.407 End of process_value():SUCCEED 9284:20230712:142740.407 In zbx_parse_eventlog_message6() EventRecordID:25184 9284:20230712:142740.408 In expand_message6() 9284:20230712:142740.410 End of expand_message6():The Open procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available. 9284:20230712:142740.410 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142740.411 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25184 value:'The Open procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available.' 9284:20230712:142740.411 buffer: new element 6 9284:20230712:142740.412 End of process_value():SUCCEED 9284:20230712:142740.413 In zbx_parse_eventlog_message6() EventRecordID:25185 9284:20230712:142740.413 In expand_message6() 9284:20230712:142740.415 End of expand_message6():The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted. 9284:20230712:142740.415 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142740.416 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25185 value:'The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.' 9284:20230712:142740.417 buffer: new element 7 9284:20230712:142740.417 End of process_value():SUCCEED 9284:20230712:142740.418 In zbx_parse_eventlog_message6() EventRecordID:25186 9284:20230712:142740.418 In expand_message6() 9284:20230712:142740.419 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142740.420 ====== Fatal information: ====== 9284:20230712:142740.420 Program counter: 0x67e2cf19 9284:20230712:142740.421 === Registers: === 9284:20230712:142740.421 r8 = 18 = 24 = 24 9284:20230712:142740.422 r9 = 0 = 0 = 0 9284:20230712:142740.422 r10 = 0 = 0 = 0 9284:20230712:142740.422 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142740.423 r12 = 3862570 = 59123056 = 59123056 9284:20230712:142740.423 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142740.424 r14 = 0 = 0 = 0 9284:20230712:142740.424 r15 = 0 = 0 = 0 9284:20230712:142740.425 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142740.425 rsi = 385e9b0 = 59107760 = 59107760 9284:20230712:142740.426 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142740.426 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142740.427 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142740.427 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142740.428 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142740.428 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142740.429 efl = 202 = 514 = 514 9284:20230712:142740.429 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142740.430 === Backtrace: === 9284:20230712:142740.589 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142740.589 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142740.590 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142740.591 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142740.591 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142740.593 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142740.594 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142740.595 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142740.596 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142740.596 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142740.597 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142740.598 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142740.599 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142740.599 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142740.604 ================================ 9284:20230712:142740.605 provider 'gupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142740.605 End of expand_message6():(null) 9284:20230712:142740.606 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142740.606 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25186 value:'The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142740.607 buffer: new element 8 9284:20230712:142740.608 End of process_value():SUCCEED 9284:20230712:142740.608 In zbx_parse_eventlog_message6() EventRecordID:25187 9284:20230712:142740.609 In expand_message6() 9284:20230712:142740.610 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142740.611 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142740.611 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25187 value:'Offline downlevel migration succeeded.' 9284:20230712:142740.612 buffer: new element 9 9284:20230712:142740.612 End of process_value():SUCCEED 9284:20230712:142740.613 In zbx_parse_eventlog_message6() EventRecordID:25188 9284:20230712:142740.613 In expand_message6() 9284:20230712:142740.615 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142740.615 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142740.616 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25188 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142740.616 buffer: new element 10 9284:20230712:142740.616 End of process_value():SUCCEED 9284:20230712:142740.617 In zbx_parse_eventlog_message6() EventRecordID:25189 9284:20230712:142740.617 In expand_message6() 9284:20230712:142740.619 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-06T12:19:58Z. Reason: RulesEngine. 9284:20230712:142740.619 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142740.620 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25189 value:'Successfully scheduled Software Protection service for re-start at 2122-08-06T12:19:58Z. Reason: RulesEngine.' 9284:20230712:142740.620 buffer: new element 11 9284:20230712:142740.621 End of process_value():SUCCEED 9284:20230712:142740.621 In zbx_parse_eventlog_message6() EventRecordID:25190 9284:20230712:142740.622 In expand_message6() 9284:20230712:142740.623 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142740.624 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142740.624 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25190 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142740.625 buffer: new element 12 9284:20230712:142740.625 End of process_value():SUCCEED 9284:20230712:142740.626 In zbx_parse_eventlog_message6() EventRecordID:25191 9284:20230712:142740.626 In expand_message6() 9284:20230712:142740.628 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142740.628 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142740.629 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25191 value:'Offline downlevel migration succeeded.' 9284:20230712:142740.629 buffer: new element 13 9284:20230712:142740.629 End of process_value():SUCCEED 9284:20230712:142740.630 In zbx_parse_eventlog_message6() EventRecordID:25192 9284:20230712:142740.630 In expand_message6() 9284:20230712:142740.632 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-06T14:21:21Z. Reason: RulesEngine. 9284:20230712:142740.632 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142740.633 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25192 value:'Successfully scheduled Software Protection service for re-start at 2122-08-06T14:21:21Z. Reason: RulesEngine.' 9284:20230712:142740.633 buffer: new element 14 9284:20230712:142740.634 End of process_value():SUCCEED 9284:20230712:142740.634 In zbx_parse_eventlog_message6() EventRecordID:25193 9284:20230712:142740.635 In expand_message6() 9284:20230712:142740.635 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142740.636 ====== Fatal information: ====== 9284:20230712:142740.636 Program counter: 0x67e2cf19 9284:20230712:142740.637 === Registers: === 9284:20230712:142740.637 r8 = 18 = 24 = 24 9284:20230712:142740.638 r9 = 0 = 0 = 0 9284:20230712:142740.638 r10 = 0 = 0 = 0 9284:20230712:142740.639 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142740.639 r12 = 384ecd0 = 59043024 = 59043024 9284:20230712:142740.640 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142740.640 r14 = 0 = 0 = 0 9284:20230712:142740.641 r15 = 0 = 0 = 0 9284:20230712:142740.641 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142740.642 rsi = 385f3b0 = 59110320 = 59110320 9284:20230712:142740.642 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142740.643 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142740.643 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142740.644 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142740.644 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142740.645 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142740.646 efl = 202 = 514 = 514 9284:20230712:142740.646 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142740.647 === Backtrace: === 9284:20230712:142740.806 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142740.807 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142740.808 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142740.809 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142740.809 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142740.812 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142740.812 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142740.813 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142740.814 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142740.815 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142740.816 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142740.817 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142740.817 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142740.818 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142740.824 ================================ 9284:20230712:142740.824 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142740.825 End of expand_message6():(null) 9284:20230712:142740.825 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142740.826 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25193 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test ' 9284:20230712:142740.827 buffer: new element 15 9284:20230712:142740.827 End of process_value():SUCCEED 9284:20230712:142740.828 In zbx_parse_eventlog_message6() EventRecordID:25194 9284:20230712:142740.828 In expand_message6() 9284:20230712:142740.829 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142740.830 ====== Fatal information: ====== 9284:20230712:142740.830 Program counter: 0x67e2cf19 9284:20230712:142740.831 === Registers: === 9284:20230712:142740.831 r8 = 18 = 24 = 24 9284:20230712:142740.832 r9 = 0 = 0 = 0 9284:20230712:142740.833 r10 = 0 = 0 = 0 9284:20230712:142740.833 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142740.834 r12 = 384f210 = 59044368 = 59044368 9284:20230712:142740.834 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142740.835 r14 = 0 = 0 = 0 9284:20230712:142740.835 r15 = 0 = 0 = 0 9284:20230712:142740.836 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142740.837 rsi = 385f9f0 = 59111920 = 59111920 9284:20230712:142740.837 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142740.838 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142740.838 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142740.839 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142740.840 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142740.840 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142740.841 efl = 202 = 514 = 514 9284:20230712:142740.841 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142740.842 === Backtrace: === 9284:20230712:142741.003 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142741.004 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142741.004 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142741.005 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142741.006 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142741.008 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142741.009 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142741.010 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142741.011 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142741.012 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142741.012 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142741.013 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142741.014 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142741.015 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142741.020 ================================ 9284:20230712:142741.021 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142741.021 End of expand_message6():(null) 9284:20230712:142741.022 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.023 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25194 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 ' 9284:20230712:142741.023 buffer: new element 16 9284:20230712:142741.024 End of process_value():SUCCEED 9284:20230712:142741.025 In zbx_parse_eventlog_message6() EventRecordID:25195 9284:20230712:142741.025 In expand_message6() 9284:20230712:142741.027 End of expand_message6():The winlogon notification subscriber was unavailable to handle a notification event. 9284:20230712:142741.027 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.028 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25195 value:'The winlogon notification subscriber was unavailable to handle a notification event.' 9284:20230712:142741.029 buffer: new element 17 9284:20230712:142741.029 End of process_value():SUCCEED 9284:20230712:142741.030 In zbx_parse_eventlog_message6() EventRecordID:25196 9284:20230712:142741.031 In expand_message6() 9284:20230712:142741.032 End of expand_message6():The winlogon notification subscriber was unavailable to handle a notification event. 9284:20230712:142741.033 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.033 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25196 value:'The winlogon notification subscriber was unavailable to handle a notification event.' 9284:20230712:142741.034 buffer: new element 18 9284:20230712:142741.035 End of process_value():SUCCEED 9284:20230712:142741.035 In zbx_parse_eventlog_message6() EventRecordID:25197 9284:20230712:142741.036 In expand_message6() 9284:20230712:142741.037 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142741.037 ====== Fatal information: ====== 9284:20230712:142741.038 Program counter: 0x67e2cf19 9284:20230712:142741.038 === Registers: === 9284:20230712:142741.039 r8 = 18 = 24 = 24 9284:20230712:142741.040 r9 = 0 = 0 = 0 9284:20230712:142741.040 r10 = 0 = 0 = 0 9284:20230712:142741.041 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142741.042 r12 = 384e250 = 59040336 = 59040336 9284:20230712:142741.042 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142741.042 r14 = 0 = 0 = 0 9284:20230712:142741.043 r15 = 0 = 0 = 0 9284:20230712:142741.043 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142741.044 rsi = 385f950 = 59111760 = 59111760 9284:20230712:142741.044 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142741.045 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142741.045 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142741.046 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142741.047 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142741.047 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142741.048 efl = 202 = 514 = 514 9284:20230712:142741.048 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142741.049 === Backtrace: === 9284:20230712:142741.208 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142741.208 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142741.209 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142741.210 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142741.210 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142741.213 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142741.214 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142741.214 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142741.215 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142741.216 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142741.217 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142741.218 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142741.219 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142741.219 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142741.224 ================================ 9284:20230712:142741.225 provider 'BrService_4_3_4_610' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142741.226 End of expand_message6():(null) 9284:20230712:142741.226 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.227 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25197 value:'The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142741.228 buffer: new element 19 9284:20230712:142741.228 End of process_value():SUCCEED 9284:20230712:142741.229 In zbx_parse_eventlog_message6() EventRecordID:25198 9284:20230712:142741.230 In expand_message6() 9284:20230712:142741.231 End of expand_message6():Service has been successfully shut down. 9284:20230712:142741.232 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.232 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25198 value:'Service has been successfully shut down.' 9284:20230712:142741.233 buffer: new element 20 9284:20230712:142741.233 End of process_value():SUCCEED 9284:20230712:142741.234 In zbx_parse_eventlog_message6() EventRecordID:25199 9284:20230712:142741.235 In expand_message6() 9284:20230712:142741.236 End of expand_message6():Service has been successfully shut down. 9284:20230712:142741.236 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.237 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25199 value:'Service has been successfully shut down.' 9284:20230712:142741.238 buffer: new element 21 9284:20230712:142741.238 End of process_value():SUCCEED 9284:20230712:142741.239 In zbx_parse_eventlog_message6() EventRecordID:25200 9284:20230712:142741.239 In expand_message6() 9284:20230712:142741.241 End of expand_message6():Service has been successfully shut down. 9284:20230712:142741.241 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.242 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25200 value:'Service has been successfully shut down.' 9284:20230712:142741.243 buffer: new element 22 9284:20230712:142741.243 End of process_value():SUCCEED 9284:20230712:142741.244 In zbx_parse_eventlog_message6() EventRecordID:25201 9284:20230712:142741.244 In expand_message6() 9284:20230712:142741.246 End of expand_message6():The Windows Security Center Service has stopped. 9284:20230712:142741.247 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.247 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25201 value:'The Windows Security Center Service has stopped.' 9284:20230712:142741.248 buffer: new element 23 9284:20230712:142741.248 End of process_value():SUCCEED 2184:20230712:142741.249 In collect_perfstat() 9284:20230712:142741.250 In zbx_parse_eventlog_message6() EventRecordID:25202 9284:20230712:142741.250 In expand_message6() 2184:20230712:142741.252 End of collect_perfstat() 9284:20230712:142741.252 End of expand_message6():Service stopped (0) 9284:20230712:142741.253 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.254 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25202 value:'Service stopped (0) ' 9284:20230712:142741.254 buffer: new element 24 9284:20230712:142741.255 End of process_value():SUCCEED 9284:20230712:142741.256 In zbx_parse_eventlog_message6() EventRecordID:25203 9284:20230712:142741.256 In expand_message6() 9284:20230712:142741.258 End of expand_message6():The User Profile Service has stopped. 9284:20230712:142741.259 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.259 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25203 value:'The User Profile Service has stopped. ' 9284:20230712:142741.260 buffer: new element 25 9284:20230712:142741.261 End of process_value():SUCCEED 9284:20230712:142741.261 In zbx_parse_eventlog_message6() EventRecordID:25204 9284:20230712:142741.262 In expand_message6() 9284:20230712:142741.263 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142741.263 ====== Fatal information: ====== 9284:20230712:142741.264 Program counter: 0x67e2cf19 9284:20230712:142741.264 === Registers: === 9284:20230712:142741.265 r8 = 18 = 24 = 24 9284:20230712:142741.266 r9 = 0 = 0 = 0 9284:20230712:142741.266 r10 = 0 = 0 = 0 9284:20230712:142741.267 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142741.267 r12 = 33f4620 = 54478368 = 54478368 9284:20230712:142741.268 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142741.268 r14 = 0 = 0 = 0 9284:20230712:142741.269 r15 = 0 = 0 = 0 9284:20230712:142741.270 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142741.270 rsi = 385e5f0 = 59106800 = 59106800 9284:20230712:142741.271 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142741.271 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142741.272 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142741.273 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142741.273 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142741.274 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142741.274 efl = 202 = 514 = 514 9284:20230712:142741.275 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142741.275 === Backtrace: === 9284:20230712:142741.434 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142741.435 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142741.436 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142741.436 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142741.437 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142741.439 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142741.440 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142741.441 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142741.442 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142741.443 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142741.443 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142741.444 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142741.445 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142741.446 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142741.451 ================================ 9284:20230712:142741.451 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142741.452 End of expand_message6():(null) 9284:20230712:142741.452 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.453 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25204 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed' 9284:20230712:142741.453 buffer: new element 26 9284:20230712:142741.454 End of process_value():SUCCEED 9284:20230712:142741.454 In zbx_parse_eventlog_message6() EventRecordID:25205 9284:20230712:142741.455 In expand_message6() 9284:20230712:142741.456 End of expand_message6():The User Profile Service has started successfully. 9284:20230712:142741.457 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.457 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25205 value:'The User Profile Service has started successfully. ' 9284:20230712:142741.458 buffer: new element 27 9284:20230712:142741.458 End of process_value():SUCCEED 9284:20230712:142741.459 In zbx_parse_eventlog_message6() EventRecordID:25206 9284:20230712:142741.459 In expand_message6() 9284:20230712:142741.461 End of expand_message6():Windows Management Instrumentation Service started sucessfully 9284:20230712:142741.461 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.462 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25206 value:'Windows Management Instrumentation Service started sucessfully' 9284:20230712:142741.462 buffer: new element 28 9284:20230712:142741.463 End of process_value():SUCCEED 9284:20230712:142741.463 In zbx_parse_eventlog_message6() EventRecordID:25207 9284:20230712:142741.464 In expand_message6() 9284:20230712:142741.465 End of expand_message6():Intel(R) Dynamic Application Loader Host Interface Service started. 9284:20230712:142741.465 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.466 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25207 value:'Intel(R) Dynamic Application Loader Host Interface Service started.' 9284:20230712:142741.466 buffer: new element 29 9284:20230712:142741.467 End of process_value():SUCCEED 9284:20230712:142741.467 In zbx_parse_eventlog_message6() EventRecordID:25208 9284:20230712:142741.468 In expand_message6() 9284:20230712:142741.469 End of expand_message6():Local Management Service started. 9284:20230712:142741.469 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.470 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25208 value:'Local Management Service started.' 9284:20230712:142741.470 buffer: new element 30 9284:20230712:142741.471 End of process_value():SUCCEED 9284:20230712:142741.471 In zbx_parse_eventlog_message6() EventRecordID:25209 9284:20230712:142741.471 In expand_message6() 9284:20230712:142741.473 End of expand_message6():Service started/resumed 9284:20230712:142741.473 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.473 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25209 value:'Service started/resumed' 9284:20230712:142741.474 buffer: new element 31 9284:20230712:142741.474 End of process_value():SUCCEED 9284:20230712:142741.475 In zbx_parse_eventlog_message6() EventRecordID:25210 9284:20230712:142741.475 In expand_message6() 9284:20230712:142741.477 End of expand_message6():Windows Management Instrumentation Service subsystems initialized successfully 9284:20230712:142741.477 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.478 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25210 value:'Windows Management Instrumentation Service subsystems initialized successfully' 9284:20230712:142741.478 buffer: new element 32 9284:20230712:142741.479 End of process_value():SUCCEED 9284:20230712:142741.480 In zbx_parse_eventlog_message6() EventRecordID:25211 9284:20230712:142741.480 In expand_message6() 9284:20230712:142741.481 End of expand_message6():Service started successfully. 9284:20230712:142741.482 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.483 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25211 value:'Service started successfully.' 9284:20230712:142741.483 buffer: new element 33 9284:20230712:142741.484 End of process_value():SUCCEED 9284:20230712:142741.484 In zbx_parse_eventlog_message6() EventRecordID:25212 9284:20230712:142741.485 In expand_message6() 9284:20230712:142741.487 End of expand_message6():The Software Protection service is starting. Parameters:TriggerStarted:6 9284:20230712:142741.487 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.488 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25212 value:'The Software Protection service is starting. Parameters:TriggerStarted:6' 9284:20230712:142741.488 buffer: new element 34 9284:20230712:142741.489 End of process_value():SUCCEED 9284:20230712:142741.489 In zbx_parse_eventlog_message6() EventRecordID:25213 9284:20230712:142741.490 In expand_message6() 9284:20230712:142741.491 End of expand_message6():Service initializing 9284:20230712:142741.492 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.492 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25213 value:'Service initializing' 9284:20230712:142741.493 buffer: new element 35 9284:20230712:142741.493 End of process_value():SUCCEED 9284:20230712:142741.494 In zbx_parse_eventlog_message6() EventRecordID:25214 9284:20230712:142741.495 In expand_message6() 9284:20230712:142741.496 End of expand_message6():Service started (1.0.24.0). 9284:20230712:142741.496 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.497 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25214 value:'Service started (1.0.24.0).' 9284:20230712:142741.498 buffer: new element 36 9284:20230712:142741.498 End of process_value():SUCCEED 9284:20230712:142741.499 In zbx_parse_eventlog_message6() EventRecordID:25215 9284:20230712:142741.499 In expand_message6() 9284:20230712:142741.500 End of expand_message6():Pipe server thread started. 9284:20230712:142741.501 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.501 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25215 value:'Pipe server thread started.' 9284:20230712:142741.502 buffer: new element 37 9284:20230712:142741.503 End of process_value():SUCCEED 9284:20230712:142741.503 In zbx_parse_eventlog_message6() EventRecordID:25216 9284:20230712:142741.504 In expand_message6() 9284:20230712:142741.505 End of expand_message6():Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying... 9284:20230712:142741.505 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.506 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25216 value:'Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...' 9284:20230712:142741.506 buffer: new element 38 9284:20230712:142741.507 End of process_value():SUCCEED 9284:20230712:142741.507 In zbx_parse_eventlog_message6() EventRecordID:25217 9284:20230712:142741.508 In expand_message6() 9284:20230712:142741.509 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142741.509 ====== Fatal information: ====== 9284:20230712:142741.510 Program counter: 0x67e2cf19 9284:20230712:142741.510 === Registers: === 9284:20230712:142741.511 r8 = 18 = 24 = 24 9284:20230712:142741.511 r9 = 0 = 0 = 0 9284:20230712:142741.512 r10 = 0 = 0 = 0 9284:20230712:142741.512 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142741.513 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142741.513 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142741.514 r14 = 0 = 0 = 0 9284:20230712:142741.514 r15 = 0 = 0 = 0 9284:20230712:142741.515 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142741.515 rsi = 385ef50 = 59109200 = 59109200 9284:20230712:142741.516 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142741.516 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142741.517 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142741.517 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142741.518 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142741.518 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142741.519 efl = 202 = 514 = 514 9284:20230712:142741.519 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142741.520 === Backtrace: === 9284:20230712:142741.680 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142741.681 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142741.682 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142741.683 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142741.683 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142741.686 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142741.686 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142741.687 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142741.688 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142741.689 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142741.690 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142741.691 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142741.692 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142741.692 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142741.698 ================================ 9284:20230712:142741.698 provider 'AdobeARMservice' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142741.699 End of expand_message6():(null) 9284:20230712:142741.699 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.700 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25217 value:'The description for Event ID:0 in Source:'AdobeARMservice' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started' 9284:20230712:142741.701 buffer: new element 39 9284:20230712:142741.701 End of process_value():SUCCEED 9284:20230712:142741.702 In zbx_parse_eventlog_message6() EventRecordID:25218 9284:20230712:142741.702 In expand_message6() 9284:20230712:142741.703 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142741.704 ====== Fatal information: ====== 9284:20230712:142741.704 Program counter: 0x67e2cf19 9284:20230712:142741.705 === Registers: === 9284:20230712:142741.706 r8 = 18 = 24 = 24 9284:20230712:142741.706 r9 = 0 = 0 = 0 9284:20230712:142741.707 r10 = 0 = 0 = 0 9284:20230712:142741.707 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142741.708 r12 = 6787f0 = 6785008 = 6785008 9284:20230712:142741.709 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142741.709 r14 = 0 = 0 = 0 9284:20230712:142741.710 r15 = 0 = 0 = 0 9284:20230712:142741.710 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142741.711 rsi = 385e910 = 59107600 = 59107600 9284:20230712:142741.712 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142741.712 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142741.713 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142741.713 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142741.714 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142741.714 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142741.715 efl = 202 = 514 = 514 9284:20230712:142741.716 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142741.716 === Backtrace: === 9284:20230712:142741.876 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142741.877 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142741.878 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142741.878 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142741.879 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142741.881 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142741.882 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142741.883 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142741.884 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142741.885 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142741.886 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142741.887 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142741.887 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142741.888 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142741.893 ================================ 9284:20230712:142741.894 provider 'LanWlanSwitchingService' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142741.895 End of expand_message6():(null) 9284:20230712:142741.895 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.896 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25218 value:'The description for Event ID:0 in Source:'LanWlanSwitchingService' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: LanWlanSwitchingService; LAN/WLAN | LAN/WWAN Switching Service in OnStart' 9284:20230712:142741.897 buffer: new element 40 9284:20230712:142741.897 End of process_value():SUCCEED 9284:20230712:142741.898 In zbx_parse_eventlog_message6() EventRecordID:25219 9284:20230712:142741.898 In expand_message6() 9284:20230712:142741.900 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142741.901 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.901 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25219 value:'Offline downlevel migration succeeded.' 9284:20230712:142741.902 buffer: new element 41 9284:20230712:142741.902 End of process_value():SUCCEED 9284:20230712:142741.903 In zbx_parse_eventlog_message6() EventRecordID:25220 9284:20230712:142741.904 In expand_message6() 9284:20230712:142741.905 End of expand_message6():Service initialized 9284:20230712:142741.905 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.906 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25220 value:'Service initialized' 9284:20230712:142741.907 buffer: new element 42 9284:20230712:142741.907 End of process_value():SUCCEED 9284:20230712:142741.908 In zbx_parse_eventlog_message6() EventRecordID:25221 9284:20230712:142741.908 In expand_message6() 9284:20230712:142741.910 End of expand_message6():Initialization status for service objects. C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 9284:20230712:142741.911 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.911 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25221 value:'Initialization status for service objects. C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 ' 9284:20230712:142741.912 buffer: new element 43 9284:20230712:142741.912 End of process_value():SUCCEED 9284:20230712:142741.913 In zbx_parse_eventlog_message6() EventRecordID:25222 9284:20230712:142741.914 In expand_message6() 9284:20230712:142741.915 End of expand_message6():Service started 9284:20230712:142741.916 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.916 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25222 value:'Service started ' 9284:20230712:142741.917 buffer: new element 44 9284:20230712:142741.917 End of process_value():SUCCEED 9284:20230712:142741.918 In zbx_parse_eventlog_message6() EventRecordID:25223 9284:20230712:142741.919 In expand_message6() 9284:20230712:142741.920 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142741.921 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.922 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25223 value:'The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142741.922 buffer: new element 45 9284:20230712:142741.923 End of process_value():SUCCEED 9284:20230712:142741.923 In zbx_parse_eventlog_message6() EventRecordID:25224 9284:20230712:142741.924 In expand_message6() 9284:20230712:142741.925 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip. 9284:20230712:142741.926 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.926 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25224 value:'Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.' 9284:20230712:142741.927 buffer: new element 46 9284:20230712:142741.927 End of process_value():SUCCEED 9284:20230712:142741.928 In zbx_parse_eventlog_message6() EventRecordID:25225 9284:20230712:142741.928 In expand_message6() 9284:20230712:142741.930 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip. 9284:20230712:142741.930 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.931 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25225 value:'Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.' 9284:20230712:142741.931 buffer: new element 47 9284:20230712:142741.932 End of process_value():SUCCEED 9284:20230712:142741.932 In zbx_parse_eventlog_message6() EventRecordID:25226 9284:20230712:142741.933 In expand_message6() 9284:20230712:142741.934 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip. 9284:20230712:142741.935 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.935 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25226 value:'Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.' 9284:20230712:142741.936 buffer: new element 48 9284:20230712:142741.936 End of process_value():SUCCEED 9284:20230712:142741.937 In zbx_parse_eventlog_message6() EventRecordID:25227 9284:20230712:142741.937 In expand_message6() 9284:20230712:142741.939 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip. 9284:20230712:142741.939 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.940 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25227 value:'Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.' 9284:20230712:142741.940 buffer: new element 49 9284:20230712:142741.941 In send_buffer() host:'192.168.56.201' port:10051 entries:50/100 9284:20230712:142741.941 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:60, connection timeout:3] 9284:20230712:142741.942 JSON before sending [{"request":"agent data","session":"4027be861358abcc6136983f1f36335c","data":[{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25178,"timestamp":1661855166,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":201,"clock":1689161259,"ns":994696500},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-06T10:26:37Z. Reason: RulesEngine.","lastlogsize":25179,"timestamp":1661855197,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":202,"clock":1689161260,"ns":886000},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started","lastlogsize":25180,"timestamp":1661858627,"source":"dbupdate","severity":1,"id":203,"clock":1689161260,"ns":198100800},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25181,"timestamp":1661858627,"source":"dbupdate","severity":1,"id":204,"clock":1689161260,"ns":396322300},{"host":"Windows host","key":"eventlog[Application]","value":"The Open procedure for service \"ASP.NET\" in DLL \"C:\\Windows\\System32\\aspnet_counters.dll\" failed with error code The parameter is incorrect.. Performance data for this service will not be available.","lastlogsize":25182,"timestamp":1661860814,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":1008,"id":205,"clock":1689161260,"ns":401697900},{"host":"Windows host","key":"eventlog[Application]","value":"The Open procedure for service \"ASP.NET_4.0.30319\" in DLL \"C:\\Windows\\System32\\aspnet_counters.dll\" failed with error code The parameter is incorrect.. Performance data for this service will not be available.","lastlogsize":25183,"timestamp":1661860814,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":1008,"id":206,"clock":1689161260,"ns":406864900},{"host":"Windows host","key":"eventlog[Application]","value":"The Open procedure for service \"aspnet_state\" in DLL \"C:\\Windows\\System32\\aspnet_counters.dll\" failed with error code The parameter is incorrect.. Performance data for this service will not be available.","lastlogsize":25184,"timestamp":1661860814,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":1008,"id":207,"clock":1689161260,"ns":412032900},{"host":"Windows host","key":"eventlog[Application]","value":"The configuration information of the performance library \"C:\\Windows\\System32\\perfts.dll\" for the \"TermService\" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.","lastlogsize":25185,"timestamp":1661860818,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":2003,"id":208,"clock":1689161260,"ns":417190100},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25186,"timestamp":1661861177,"source":"gupdate","severity":1,"id":209,"clock":1689161260,"ns":607631100},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25187,"timestamp":1661861960,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":210,"clock":1689161260,"ns":612242900},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25188,"timestamp":1661861980,"source":"SecurityCenter","severity":1,"eventid":15,"id":211,"clock":1689161260,"ns":616594100},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-06T12:19:58Z. Reason: RulesEngine.","lastlogsize":25189,"timestamp":1661861998,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":212,"clock":1689161260,"ns":621009900},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":25190,"timestamp":1661868640,"source":"Outlook","severity":1,"eventid":63,"id":213,"clock":1689161260,"ns":625136400},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25191,"timestamp":1661869250,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":214,"clock":1689161260,"ns":629557500},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-06T14:21:21Z. Reason: RulesEngine.","lastlogsize":25192,"timestamp":1661869281,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":215,"clock":1689161260,"ns":633968400},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test\n","lastlogsize":25193,"timestamp":1661872358,"source":"igfxCUIService2.0.0.0","severity":1,"id":216,"clock":1689161260,"ns":827287300},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1\n","lastlogsize":25194,"timestamp":1661872358,"source":"igfxCUIService2.0.0.0","severity":1,"id":217,"clock":1689161261,"ns":23938000},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a notification event.","lastlogsize":25195,"timestamp":1661872358,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6000,"id":218,"clock":1689161261,"ns":29297800},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a notification event.","lastlogsize":25196,"timestamp":1661872358,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6000,"id":219,"clock":1689161261,"ns":34639900},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25197,"timestamp":1661872358,"source":"BrService_4_3_4_610","severity":1,"id":220,"clock":1689161261,"ns":228311400},{"host":"Windows host","key":"eventlog[Application]","value":"Service has been successfully shut down.","lastlogsize":25198,"timestamp":1661872362,"source":"IAStorDataMgrSvc","severity":1,"id":221,"clock":1689161261,"ns":233390700},{"host":"Windows host","key":"eventlog[Application]","value":"Service has been successfully shut down.","lastlogsize":25199,"timestamp":1661872362,"source":"HP Comm Recovery","severity":1,"id":222,"clock":1689161261,"ns":238274400},{"host":"Windows host","key":"eventlog[Application]","value":"Service has been successfully shut down.","lastlogsize":25200,"timestamp":1661872362,"source":"XTUService","severity":1,"id":223,"clock":1689161261,"ns":243174300},{"host":"Windows host","key":"eventlog[Application]","value":"The Windows Security Center Service has stopped.","lastlogsize":25201,"timestamp":1661872362,"source":"SecurityCenter","severity":1,"eventid":2,"id":224,"clock":1689161261,"ns":248296800},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped (0)\n","lastlogsize":25202,"timestamp":1661872362,"source":"Bonjour Service","severity":1,"eventid":100,"id":225,"clock":1689161261,"ns":254941700},{"host":"Windows host","key":"eventlog[Application]","value":"The User Profile Service has stopped. \r\n\r\n","lastlogsize":25203,"timestamp":1661872362,"source":"Microsoft-Windows-User Profiles Service","severity":1,"eventid":1532,"id":226,"clock":1689161261,"ns":260513600},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed","lastlogsize":25204,"timestamp":1661925801,"source":"igfxCUIService2.0.0.0","severity":1,"id":227,"clock":1689161261,"ns":453879900},{"host":"Windows host","key":"eventlog[Application]","value":"The User Profile Service has started successfully. \r\n\r\n","lastlogsize":25205,"timestamp":1661925800,"source":"Microsoft-Windows-User Profiles Service","severity":1,"eventid":1531,"id":228,"clock":1689161261,"ns":458396400},{"host":"Windows host","key":"eventlog[Application]","value":"Windows Management Instrumentation Service started sucessfully","lastlogsize":25206,"timestamp":1661925801,"source":"Microsoft-Windows-WMI","severity":1,"eventid":5615,"id":229,"clock":1689161261,"ns":462813200},{"host":"Windows host","key":"eventlog[Application]","value":"Intel(R) Dynamic Application Loader Host Interface Service started.","lastlogsize":25207,"timestamp":1661925801,"source":"IntelDalJhi","severity":1,"id":230,"clock":1689161261,"ns":466707400},{"host":"Windows host","key":"eventlog[Application]","value":"Local Management Service started.","lastlogsize":25208,"timestamp":1661925801,"source":"LMS","severity":1,"eventid":2000,"id":231,"clock":1689161261,"ns":470621900},{"host":"Windows host","key":"eventlog[Application]","value":"Service started/resumed","lastlogsize":25209,"timestamp":1661925802,"source":"LMS","severity":1,"id":232,"clock":1689161261,"ns":474527800},{"host":"Windows host","key":"eventlog[Application]","value":"Windows Management Instrumentation Service subsystems initialized successfully","lastlogsize":25210,"timestamp":1661925801,"source":"Microsoft-Windows-WMI","severity":1,"eventid":5617,"id":233,"clock":1689161261,"ns":479043600},{"host":"Windows host","key":"eventlog[Application]","value":"Service started successfully.","lastlogsize":25211,"timestamp":1661925806,"source":"XTUService","severity":1,"id":234,"clock":1689161261,"ns":483781500},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service is starting.\r\nParameters:TriggerStarted:6","lastlogsize":25212,"timestamp":1661925808,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":900,"id":235,"clock":1689161261,"ns":488854300},{"host":"Windows host","key":"eventlog[Application]","value":"Service initializing","lastlogsize":25213,"timestamp":1661925808,"source":"Bonjour Service","severity":1,"eventid":100,"id":236,"clock":1689161261,"ns":493528900},{"host":"Windows host","key":"eventlog[Application]","value":"Service started (1.0.24.0).","lastlogsize":25214,"timestamp":1661925808,"source":"DbxSvc","severity":1,"eventid":336,"id":237,"clock":1689161261,"ns":498101800},{"host":"Windows host","key":"eventlog[Application]","value":"Pipe server thread started.","lastlogsize":25215,"timestamp":1661925808,"source":"DbxSvc","severity":1,"eventid":258,"id":238,"clock":1689161261,"ns":502556100},{"host":"Windows host","key":"eventlog[Application]","value":"Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...","lastlogsize":25216,"timestamp":1661925808,"source":"DbxSvc","severity":1,"eventid":320,"id":239,"clock":1689161261,"ns":506974000},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'AdobeARMservice' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started","lastlogsize":25217,"timestamp":1661925808,"source":"AdobeARMservice","severity":1,"id":240,"clock":1689161261,"ns":701294500},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'LanWlanSwitchingService' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: LanWlanSwitchingService; LAN/WLAN | LAN/WWAN Switching Service in OnStart","lastlogsize":25218,"timestamp":1661925808,"source":"LanWlanSwitchingService","severity":1,"id":241,"clock":1689161261,"ns":897141400},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25219,"timestamp":1661925808,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":242,"clock":1689161261,"ns":902382300},{"host":"Windows host","key":"eventlog[Application]","value":"Service initialized","lastlogsize":25220,"timestamp":1661925808,"source":"Bonjour Service","severity":1,"eventid":100,"id":243,"clock":1689161261,"ns":907188200},{"host":"Windows host","key":"eventlog[Application]","value":"Initialization status for service objects.\r\nC:\\WINDOWS\\system32\\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000\n","lastlogsize":25221,"timestamp":1661925808,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1066,"id":244,"clock":1689161261,"ns":912463000},{"host":"Windows host","key":"eventlog[Application]","value":"Service started\n","lastlogsize":25222,"timestamp":1661925808,"source":"Bonjour Service","severity":1,"eventid":100,"id":245,"clock":1689161261,"ns":917286600},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=55c92734-d682-4d71-983e-d6ec3f16059f\r\nLicensing Status=\n1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]\n38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25223,"timestamp":1661925808,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":246,"clock":1689161261,"ns":922804300},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.","lastlogsize":25224,"timestamp":1661925808,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":247,"clock":1689161261,"ns":927290700},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.","lastlogsize":25225,"timestamp":1661925808,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":248,"clock":1689161261,"ns":931834500},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.","lastlogsize":25226,"timestamp":1661925808,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":249,"clock":1689161261,"ns":936256800},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.","lastlogsize":25227,"timestamp":1661925808,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":250,"clock":1689161261,"ns":940720900}],"clock":1689161261,"ns":942334700}] 9284:20230712:142741.946 JSON back [{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.001466"}] 9284:20230712:142741.946 In check_response() response:'{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.001466"}' 9284:20230712:142741.947 info from server: 'processed: 50; failed: 0; total: 50; seconds spent: 0.001466' 9284:20230712:142741.947 End of check_response():SUCCEED 9284:20230712:142741.948 OK 9284:20230712:142741.948 End of send_buffer():SUCCEED 9284:20230712:142741.949 End of process_value():SUCCEED 9284:20230712:142741.949 In zbx_parse_eventlog_message6() EventRecordID:25228 9284:20230712:142741.950 In expand_message6() 9284:20230712:142741.952 End of expand_message6():Updated policy Kernel-RegisteredProcessors with value of 2 from Clip. 9284:20230712:142741.952 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.953 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25228 value:'Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.' 9284:20230712:142741.953 buffer: new element 0 9284:20230712:142741.954 End of process_value():SUCCEED 9284:20230712:142741.955 In zbx_parse_eventlog_message6() EventRecordID:25229 9284:20230712:142741.955 In expand_message6() 9284:20230712:142741.957 End of expand_message6():The Software Protection service has started. 10.0.19041.1889 9284:20230712:142741.957 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142741.958 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25229 value:'The Software Protection service has started. 10.0.19041.1889' 9284:20230712:142741.958 buffer: new element 1 9284:20230712:142741.959 End of process_value():SUCCEED 9284:20230712:142741.959 In zbx_parse_eventlog_message6() EventRecordID:25230 9284:20230712:142741.960 In expand_message6() 9284:20230712:142741.961 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142741.961 ====== Fatal information: ====== 9284:20230712:142741.962 Program counter: 0x67e2cf19 9284:20230712:142741.962 === Registers: === 9284:20230712:142741.963 r8 = 18 = 24 = 24 9284:20230712:142741.963 r9 = 0 = 0 = 0 9284:20230712:142741.964 r10 = 0 = 0 = 0 9284:20230712:142741.964 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142741.965 r12 = 384ebf0 = 59042800 = 59042800 9284:20230712:142741.965 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142741.966 r14 = 0 = 0 = 0 9284:20230712:142741.966 r15 = 0 = 0 = 0 9284:20230712:142741.967 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142741.968 rsi = 385f270 = 59110000 = 59110000 9284:20230712:142741.968 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142741.969 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142741.969 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142741.970 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142741.970 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142741.971 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142741.971 efl = 202 = 514 = 514 9284:20230712:142741.972 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142741.972 === Backtrace: === 9284:20230712:142742.133 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142742.134 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142742.135 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142742.135 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142742.136 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142742.138 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142742.139 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142742.140 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142742.141 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142742.142 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142742.143 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142742.144 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142742.144 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142742.145 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142742.151 ================================ 9284:20230712:142742.152 provider 'hpqcaslwmiex' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142742.152 End of expand_message6():(null) 9284:20230712:142742.153 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142742.154 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25230 value:'The description for Event ID:0 in Source:'hpqcaslwmiex' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed' 9284:20230712:142742.155 buffer: new element 2 9284:20230712:142742.155 End of process_value():SUCCEED 9284:20230712:142742.156 In zbx_parse_eventlog_message6() EventRecordID:25231 9284:20230712:142742.156 In expand_message6() 9284:20230712:142742.158 End of expand_message6():The winlogon notification subscriber was unavailable to handle a critical notification event. 9284:20230712:142742.159 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142742.159 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25231 value:'The winlogon notification subscriber was unavailable to handle a critical notification event.' 9284:20230712:142742.160 buffer: new element 3 9284:20230712:142742.160 End of process_value():SUCCEED 9284:20230712:142742.161 In zbx_parse_eventlog_message6() EventRecordID:25232 9284:20230712:142742.162 In expand_message6() 9284:20230712:142742.163 End of expand_message6():Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying... 9284:20230712:142742.164 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142742.165 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25232 value:'Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...' 9284:20230712:142742.165 buffer: new element 4 9284:20230712:142742.166 End of process_value():SUCCEED 9284:20230712:142742.167 In zbx_parse_eventlog_message6() EventRecordID:25233 9284:20230712:142742.167 In expand_message6() 9284:20230712:142742.168 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142742.169 ====== Fatal information: ====== 9284:20230712:142742.170 Program counter: 0x67e2cf19 9284:20230712:142742.171 === Registers: === 9284:20230712:142742.171 r8 = 18 = 24 = 24 9284:20230712:142742.172 r9 = 0 = 0 = 0 9284:20230712:142742.173 r10 = 0 = 0 = 0 9284:20230712:142742.173 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142742.174 r12 = 63b9e0 = 6535648 = 6535648 9284:20230712:142742.175 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142742.176 r14 = 0 = 0 = 0 9284:20230712:142742.176 r15 = 0 = 0 = 0 9284:20230712:142742.177 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142742.178 rsi = 385e5f0 = 59106800 = 59106800 9284:20230712:142742.179 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142742.179 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142742.180 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142742.181 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142742.181 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142742.182 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142742.183 efl = 202 = 514 = 514 9284:20230712:142742.183 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142742.184 === Backtrace: === 2184:20230712:142742.253 In collect_perfstat() 2184:20230712:142742.256 End of collect_perfstat() 9284:20230712:142742.344 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142742.345 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142742.346 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142742.347 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142742.347 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142742.350 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142742.350 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142742.351 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142742.352 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142742.353 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142742.354 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142742.355 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142742.355 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142742.356 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142742.361 ================================ 9284:20230712:142742.362 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142742.363 End of expand_message6():(null) 9284:20230712:142742.363 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142742.364 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25233 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 ' 9284:20230712:142742.364 buffer: new element 5 9284:20230712:142742.365 End of process_value():SUCCEED 9284:20230712:142742.366 In zbx_parse_eventlog_message6() EventRecordID:25234 9284:20230712:142742.366 In expand_message6() 9284:20230712:142742.367 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142742.368 ====== Fatal information: ====== 9284:20230712:142742.368 Program counter: 0x67e2cf19 9284:20230712:142742.369 === Registers: === 9284:20230712:142742.369 r8 = 18 = 24 = 24 9284:20230712:142742.370 r9 = 0 = 0 = 0 9284:20230712:142742.371 r10 = 0 = 0 = 0 9284:20230712:142742.371 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142742.372 r12 = 384e170 = 59040112 = 59040112 9284:20230712:142742.372 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142742.373 r14 = 0 = 0 = 0 9284:20230712:142742.374 r15 = 0 = 0 = 0 9284:20230712:142742.374 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142742.375 rsi = 385e5f0 = 59106800 = 59106800 9284:20230712:142742.376 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142742.376 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142742.377 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142742.377 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142742.378 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142742.379 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142742.379 efl = 202 = 514 = 514 9284:20230712:142742.380 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142742.380 === Backtrace: === 9284:20230712:142742.541 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142742.541 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142742.542 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142742.543 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142742.543 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142742.546 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142742.546 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142742.547 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142742.548 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142742.549 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142742.549 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142742.550 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142742.551 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142742.551 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142742.556 ================================ 9284:20230712:142742.557 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142742.558 End of expand_message6():(null) 9284:20230712:142742.558 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142742.559 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25234 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 ' 9284:20230712:142742.559 buffer: new element 6 9284:20230712:142742.560 End of process_value():SUCCEED 9284:20230712:142742.560 In zbx_parse_eventlog_message6() EventRecordID:25235 9284:20230712:142742.561 In expand_message6() 9284:20230712:142742.562 End of expand_message6():The winlogon notification subscriber was unavailable to handle a notification event. 9284:20230712:142742.563 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142742.563 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25235 value:'The winlogon notification subscriber was unavailable to handle a notification event.' 9284:20230712:142742.564 buffer: new element 7 9284:20230712:142742.565 End of process_value():SUCCEED 9284:20230712:142742.565 In zbx_parse_eventlog_message6() EventRecordID:25236 9284:20230712:142742.566 In expand_message6() 9284:20230712:142742.566 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142742.567 ====== Fatal information: ====== 9284:20230712:142742.568 Program counter: 0x67e2cf19 9284:20230712:142742.568 === Registers: === 9284:20230712:142742.569 r8 = 18 = 24 = 24 9284:20230712:142742.569 r9 = 0 = 0 = 0 9284:20230712:142742.570 r10 = 0 = 0 = 0 9284:20230712:142742.570 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142742.571 r12 = 63cbe0 = 6540256 = 6540256 9284:20230712:142742.571 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142742.572 r14 = 0 = 0 = 0 9284:20230712:142742.572 r15 = 0 = 0 = 0 9284:20230712:142742.573 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142742.573 rsi = 385fef0 = 59113200 = 59113200 9284:20230712:142742.574 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142742.574 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142742.575 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142742.575 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142742.576 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142742.576 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142742.577 efl = 202 = 514 = 514 9284:20230712:142742.577 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142742.578 === Backtrace: === 9284:20230712:142742.740 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142742.741 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142742.741 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142742.742 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142742.743 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142742.745 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142742.746 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142742.747 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142742.748 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142742.749 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142742.750 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142742.751 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142742.752 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142742.753 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142742.758 ================================ 9284:20230712:142742.759 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142742.759 End of expand_message6():(null) 9284:20230712:142742.760 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142742.761 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25236 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 ' 9284:20230712:142742.762 buffer: new element 8 9284:20230712:142742.762 End of process_value():SUCCEED 9284:20230712:142742.763 In zbx_parse_eventlog_message6() EventRecordID:25237 9284:20230712:142742.764 In expand_message6() 9284:20230712:142742.765 End of expand_message6():SearchIndexer (1172,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0). 9284:20230712:142742.766 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142742.767 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25237 value:'SearchIndexer (1172,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0).' 9284:20230712:142742.767 buffer: new element 9 9284:20230712:142742.768 End of process_value():SUCCEED 9284:20230712:142742.769 In zbx_parse_eventlog_message6() EventRecordID:25238 9284:20230712:142742.769 In expand_message6() 9284:20230712:142742.771 End of expand_message6():SearchIndexer (1172,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.002426 +J(0) +M(C:0K, Fs:318, WS:1244K # 1244K, PF:5392K # 5392K, P:5392K) [2] 0.000301 +J(0) +M(C:0K, Fs:126, WS:504K # 504K, PF:448K # 448K, P:448K) [3] 0.000713 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K) [4] 0.000098 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:348K # 348K, P:348K) [5] 0.001030 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:28K # 36K, P:28K) [6] 0.008032 +J(0) +M(C:0K, Fs:24, WS:92K # 92K, PF:16K # 8K, P:16K) [7] 0.005307 -0.002210 (2) WT +J(0) +M(C:0K, Fs:268, WS:1068K # 1068K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.010219 -0.000222 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1024K # 12K, P:-1024K) [14] 0.000027 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:4K # 0K, P:4K) [15] 0.000084 +J(0) +M(C:0K, Fs:65, WS:260K # 0K, PF:64K # 0K, P:64K) [16] 0.000231 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K). 9284:20230712:142742.772 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142742.772 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25238 value:'SearchIndexer (1172,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.002426 +J(0) +M(C:0K, Fs:318, WS:1244K # 1244K, PF:5392K # 5392K, P:5392K) [2] 0.000301 +J(0) +M(C:0K, Fs:126, WS:504K # 504K, PF:448K # 448K, P:448K) [3] 0.000713 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K) [4] 0.000098 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:348K # 348K, P:348K) [5] 0.001030 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:28K # 36K, P:28K) [6] 0.008032 +J(0) +M(C:0K, Fs:24, WS:92K # 92K, PF:16K # 8K, P:16K) [7] 0.005307 -0.002210 (2) WT +J(0) +M(C:0K, Fs:268, WS:1068K # 1068K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.010219 -0.000222 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1024K # 12K, P:-1024K) [14] 0.000027 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:4K # 0K, P:4K) [15] 0.000084 +J(0) +M(C:0K, Fs:65, WS:260K # 0K, PF:64K # 0K, P:64K) [16] 0.000231 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).' 9284:20230712:142742.773 buffer: new element 10 9284:20230712:142742.774 End of process_value():SUCCEED 9284:20230712:142742.774 In zbx_parse_eventlog_message6() EventRecordID:25239 9284:20230712:142742.775 In expand_message6() 9284:20230712:142742.776 End of expand_message6():SearchIndexer (1172,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000BBF:0047:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000004 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [2] 0.001227 -0.000447 (1) WT +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.004914 -0.000783 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:124K # 0K, PF:144K # 0K, P:144K) [4] 0.000252 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] - [8] 0.001129 -0.000814 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:52, WS:204K # 0K, PF:696K # 0K, P:696K) [9] 0.005767 -0.000776 (5) CM -0.004747 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:288K # 200K, P:288K) [10] 0.000258 -0.000176 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 4K, PF:96K # 96K, P:96K) [11] 0.000009 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000030 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K) [13] 0.0 +J(0) [14] 0.0 +J(0) [15] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0). 9284:20230712:142742.777 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142742.778 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25239 value:'SearchIndexer (1172,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000BBF:0047:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000004 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [2] 0.001227 -0.000447 (1) WT +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.004914 -0.000783 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:124K # 0K, PF:144K # 0K, P:144K) [4] 0.000252 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] - [8] 0.001129 -0.000814 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:52, WS:204K # 0K, PF:696K # 0K, P:696K) [9] 0.005767 -0.000776 (5) CM -0.004747 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:288K # 200K, P:288K) [10] 0.000258 -0.000176 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 4K, PF:96K # 96K, P:96K) [11] 0.000009 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000030 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K) [13] 0.0 +J(0) [14] 0.0 +J(0) [15] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).' 9284:20230712:142742.778 buffer: new element 11 9284:20230712:142742.779 End of process_value():SUCCEED 9284:20230712:142742.780 In zbx_parse_eventlog_message6() EventRecordID:25240 9284:20230712:142742.780 In expand_message6() 9284:20230712:142742.782 End of expand_message6():The Windows Search Service started. 9284:20230712:142742.783 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142742.783 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25240 value:'The Windows Search Service started. ' 9284:20230712:142742.784 buffer: new element 12 9284:20230712:142742.785 End of process_value():SUCCEED 9284:20230712:142742.785 In zbx_parse_eventlog_message6() EventRecordID:25241 9284:20230712:142742.786 In expand_message6() 9284:20230712:142742.787 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142742.787 ====== Fatal information: ====== 9284:20230712:142742.788 Program counter: 0x67e2cf19 9284:20230712:142742.789 === Registers: === 9284:20230712:142742.789 r8 = 18 = 24 = 24 9284:20230712:142742.790 r9 = 0 = 0 = 0 9284:20230712:142742.791 r10 = 0 = 0 = 0 9284:20230712:142742.791 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142742.792 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142742.793 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142742.793 r14 = 0 = 0 = 0 9284:20230712:142742.794 r15 = 0 = 0 = 0 9284:20230712:142742.795 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142742.795 rsi = 385f270 = 59110000 = 59110000 9284:20230712:142742.796 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142742.797 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142742.797 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142742.798 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142742.799 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142742.799 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142742.800 efl = 202 = 514 = 514 9284:20230712:142742.801 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142742.801 === Backtrace: === 9284:20230712:142742.961 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142742.962 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142742.963 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142742.964 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142742.965 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142742.967 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142742.968 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142742.969 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142742.970 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142742.971 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142742.972 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142742.973 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142742.974 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142742.975 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142742.981 ================================ 9284:20230712:142742.981 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142742.982 End of expand_message6():(null) 9284:20230712:142742.983 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142742.984 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25241 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started' 9284:20230712:142742.985 buffer: new element 13 9284:20230712:142742.986 End of process_value():SUCCEED 9284:20230712:142742.987 In zbx_parse_eventlog_message6() EventRecordID:25242 9284:20230712:142742.987 In expand_message6() 9284:20230712:142742.988 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142742.989 ====== Fatal information: ====== 9284:20230712:142742.989 Program counter: 0x67e2cf19 9284:20230712:142742.990 === Registers: === 9284:20230712:142742.991 r8 = 18 = 24 = 24 9284:20230712:142742.991 r9 = 0 = 0 = 0 9284:20230712:142742.992 r10 = 0 = 0 = 0 9284:20230712:142742.993 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142742.993 r12 = 33f3db0 = 54476208 = 54476208 9284:20230712:142742.994 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142742.995 r14 = 0 = 0 = 0 9284:20230712:142742.995 r15 = 0 = 0 = 0 9284:20230712:142742.996 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142742.996 rsi = 385eff0 = 59109360 = 59109360 9284:20230712:142742.997 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142742.998 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142742.998 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142742.999 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142742.999 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142743.000 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142743.001 efl = 202 = 514 = 514 9284:20230712:142743.001 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142743.002 === Backtrace: === 9284:20230712:142743.161 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142743.162 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142743.162 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142743.163 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142743.164 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142743.166 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142743.167 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142743.168 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142743.168 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142743.169 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142743.170 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142743.171 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142743.172 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142743.173 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142743.178 ================================ 9284:20230712:142743.179 provider 'BrService_4_3_4_610' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142743.179 End of expand_message6():(null) 9284:20230712:142743.180 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.180 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25242 value:'The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed' 9284:20230712:142743.181 buffer: new element 14 9284:20230712:142743.182 End of process_value():SUCCEED 9284:20230712:142743.182 In zbx_parse_eventlog_message6() EventRecordID:25243 9284:20230712:142743.183 In expand_message6() 9284:20230712:142743.185 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142743.186 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.186 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25243 value:'The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142743.187 buffer: new element 15 9284:20230712:142743.187 End of process_value():SUCCEED 9284:20230712:142743.188 In zbx_parse_eventlog_message6() EventRecordID:25244 9284:20230712:142743.188 In expand_message6() 9284:20230712:142743.190 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip. 9284:20230712:142743.191 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.191 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25244 value:'Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.' 9284:20230712:142743.192 buffer: new element 16 9284:20230712:142743.192 End of process_value():SUCCEED 9284:20230712:142743.193 In zbx_parse_eventlog_message6() EventRecordID:25245 9284:20230712:142743.194 In expand_message6() 9284:20230712:142743.195 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip. 9284:20230712:142743.196 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.196 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25245 value:'Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.' 9284:20230712:142743.197 buffer: new element 17 9284:20230712:142743.198 End of process_value():SUCCEED 9284:20230712:142743.198 In zbx_parse_eventlog_message6() EventRecordID:25246 9284:20230712:142743.199 In expand_message6() 9284:20230712:142743.201 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip. 9284:20230712:142743.201 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.202 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25246 value:'Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.' 9284:20230712:142743.202 buffer: new element 18 9284:20230712:142743.203 End of process_value():SUCCEED 9284:20230712:142743.204 In zbx_parse_eventlog_message6() EventRecordID:25247 9284:20230712:142743.204 In expand_message6() 9284:20230712:142743.206 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip. 9284:20230712:142743.206 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.207 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25247 value:'Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.' 9284:20230712:142743.208 buffer: new element 19 9284:20230712:142743.208 End of process_value():SUCCEED 9284:20230712:142743.209 In zbx_parse_eventlog_message6() EventRecordID:25248 9284:20230712:142743.209 In expand_message6() 9284:20230712:142743.211 End of expand_message6():Updated policy Kernel-RegisteredProcessors with value of 2 from Clip. 9284:20230712:142743.212 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.212 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25248 value:'Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.' 9284:20230712:142743.213 buffer: new element 20 9284:20230712:142743.213 End of process_value():SUCCEED 9284:20230712:142743.214 In zbx_parse_eventlog_message6() EventRecordID:25249 9284:20230712:142743.215 In expand_message6() 9284:20230712:142743.216 End of expand_message6():12606 9284:20230712:142743.217 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.217 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25249 value:'12606' 9284:20230712:142743.218 buffer: new element 21 9284:20230712:142743.219 End of process_value():SUCCEED 9284:20230712:142743.219 In zbx_parse_eventlog_message6() EventRecordID:25250 9284:20230712:142743.220 In expand_message6() 9284:20230712:142743.221 End of expand_message6():Outlook loaded the following add-in(s): Name: Microsoft Exchange Add-in Description: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability. ProgID: UmOutlookAddin.FormRegionAddin GUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\UmOutlookAddin.dll Boot Time (Milliseconds): 15 Name: Microsoft Teams Meeting Add-in for Microsoft Office Description: Microsoft Teams Meeting Add-in for Microsoft Office ProgID: TeamsAddin.FastConnect GUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D} Load Behavior: 3 HKLM: 0 Location: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22209.4\x64\Microsoft.Teams.AddinLoader.dll Boot Time (Milliseconds): 16 Name: Outlook Social Connector 2016 Description: Connects to social networking sites and provides people, activity, and status information. ProgID: OscAddin.Connect GUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\SOCIALCONNECTOR.DLL Boot Time (Milliseconds): 47 Name: OneNote Notes about Outlook Items Description: Adds Send to OneNote and Notes about this Item buttons to the command bar ProgID: OneNote.OutlookAddin GUID: {93E5752E-B889-47C5-8545-654EE2533C64} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll Boot Time (Milliseconds): 15 Name: Microsoft VBA for Outlook Addin Description: ProgID: Microsoft.VbaAddinForOutlook.1 GUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2} Load Behavior: 9 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\OUTLVBA.DLL Boot Time (Milliseconds): 0 Name: Microsoft SharePoint Server Colleague Import Add-in Description: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content ProgID: ColleagueImport.ColleagueImportAddin GUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120} Load Behavior: 3 HKLM: 0 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\ColleagueImport.dll Boot Time (Milliseconds): 16 Name: HP Sure Click Outlook Add-in 4.3.4.610 Description: HP Sure Click Outlook Add-in 4.3.4.610 ProgID: Bromium.vSentry.OutlookAddin GUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\HP\Sure Click\4.3.4.610\servers\BrOutlookAddin.dll Boot Time (Milliseconds): 219 9284:20230712:142743.222 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.222 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25250 value:'Outlook loaded the following add-in(s): Name: Microsoft Exchange Add-in Description: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability. ProgID: UmOutlookAddin.FormRegionAddin GUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\UmOutlookAddin.dll Boot Time (Milliseconds): 15 Name: Microsoft Teams Meeting Add-in for Microsoft Office Description: Microsoft Teams Meeting Add-in for Microsoft Office ProgID: TeamsAddin.FastConnect GUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D} Load Behavior: 3 HKLM: 0 Location: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22209.4\x64\Microsoft.Teams.AddinLoader.dll Boot Time (Milliseconds): 16 Name: Outlook Social Connector 2016 Description: Connects to social networking sites and provides people, activity, and status information. ProgID: OscAddin.Connect GUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\SOCIALCONNECTOR.DLL Boot Time (Milliseconds): 47 Name: OneNote Notes about Outlook Items Description: Adds Send to OneNote and Notes about this Item buttons to the command bar ProgID: OneNote.OutlookAddin GUID: {93E5752E-B889-47C5-8545-654EE2533C64} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll Boot Time (Milliseconds): 15 Name: Microsoft VBA for Outlook Addin Description: ProgID: Microsoft.VbaAddinForOutlook.1 GUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2} Load Behavior: 9 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\OUTLVBA.DLL Boot Time (Milliseconds): 0 Name: Microsoft SharePoint Server Colleague Import Add-in Description: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content ProgID: ColleagueImport.ColleagueImportAddin GUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120} Load Behavior: 3 HKLM: 0 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\ColleagueImport.dll Boot Time (Milliseconds): 16 Name: HP Sure Click Outlook Add-in 4.3.4.610 Description: HP Sure Click Outlook Add-in 4.3.4.610 ProgID: Bromium.vSentry.OutlookAddin GUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\HP\Sure Click\4.3.4.610\servers\BrOutlookAddin.dll Boot Time (Milliseconds): 219 ' 9284:20230712:142743.223 buffer: new element 22 9284:20230712:142743.224 End of process_value():SUCCEED 9284:20230712:142743.224 In zbx_parse_eventlog_message6() EventRecordID:25251 9284:20230712:142743.225 In expand_message6() 9284:20230712:142743.226 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142743.227 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.228 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25251 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142743.228 buffer: new element 23 9284:20230712:142743.229 End of process_value():SUCCEED 9284:20230712:142743.229 In zbx_parse_eventlog_message6() EventRecordID:25252 9284:20230712:142743.230 In expand_message6() 9284:20230712:142743.232 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142743.233 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.233 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25252 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142743.234 buffer: new element 24 9284:20230712:142743.234 End of process_value():SUCCEED 9284:20230712:142743.235 In zbx_parse_eventlog_message6() EventRecordID:25253 9284:20230712:142743.236 In expand_message6() 9284:20230712:142743.237 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 9284:20230712:142743.238 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.239 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25253 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] ' 9284:20230712:142743.239 buffer: new element 25 9284:20230712:142743.240 End of process_value():SUCCEED 9284:20230712:142743.241 In zbx_parse_eventlog_message6() EventRecordID:25254 9284:20230712:142743.241 In expand_message6() 9284:20230712:142743.242 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142743.242 ====== Fatal information: ====== 9284:20230712:142743.243 Program counter: 0x67e2cf19 9284:20230712:142743.243 === Registers: === 9284:20230712:142743.244 r8 = 18 = 24 = 24 9284:20230712:142743.244 r9 = 0 = 0 = 0 9284:20230712:142743.245 r10 = 0 = 0 = 0 9284:20230712:142743.245 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142743.246 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142743.246 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142743.247 r14 = 0 = 0 = 0 9284:20230712:142743.247 r15 = 0 = 0 = 0 9284:20230712:142743.248 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142743.248 rsi = 385f6d0 = 59111120 = 59111120 9284:20230712:142743.249 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142743.249 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142743.250 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142743.250 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142743.251 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142743.251 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142743.252 efl = 202 = 514 = 514 9284:20230712:142743.252 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142743.253 === Backtrace: === 2184:20230712:142743.257 In collect_perfstat() 2184:20230712:142743.260 End of collect_perfstat() 9284:20230712:142743.411 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142743.412 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142743.412 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142743.413 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142743.414 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142743.416 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142743.416 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142743.417 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142743.418 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142743.419 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142743.419 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142743.420 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142743.421 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142743.421 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142743.427 ================================ 9284:20230712:142743.427 provider 'dbupdatem' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142743.428 End of expand_message6():(null) 9284:20230712:142743.428 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.429 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25254 value:'The description for Event ID:0 in Source:'dbupdatem' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started' 9284:20230712:142743.429 buffer: new element 26 9284:20230712:142743.430 End of process_value():SUCCEED 9284:20230712:142743.430 In zbx_parse_eventlog_message6() EventRecordID:25255 9284:20230712:142743.431 In expand_message6() 9284:20230712:142743.432 End of expand_message6():Service stopped. 9284:20230712:142743.433 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.433 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25255 value:'Service stopped.' 9284:20230712:142743.434 buffer: new element 27 9284:20230712:142743.434 End of process_value():SUCCEED 9284:20230712:142743.435 In zbx_parse_eventlog_message6() EventRecordID:25256 9284:20230712:142743.435 In expand_message6() 9284:20230712:142743.436 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142743.436 ====== Fatal information: ====== 9284:20230712:142743.437 Program counter: 0x67e2cf19 9284:20230712:142743.437 === Registers: === 9284:20230712:142743.438 r8 = 18 = 24 = 24 9284:20230712:142743.438 r9 = 0 = 0 = 0 9284:20230712:142743.439 r10 = 0 = 0 = 0 9284:20230712:142743.439 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142743.440 r12 = 3863ef0 = 59129584 = 59129584 9284:20230712:142743.440 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142743.441 r14 = 0 = 0 = 0 9284:20230712:142743.441 r15 = 0 = 0 = 0 9284:20230712:142743.442 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142743.442 rsi = 385ee10 = 59108880 = 59108880 9284:20230712:142743.443 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142743.443 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142743.444 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142743.444 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142743.445 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142743.445 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142743.446 efl = 202 = 514 = 514 9284:20230712:142743.447 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142743.447 === Backtrace: === 9284:20230712:142743.607 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142743.608 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142743.608 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142743.609 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142743.610 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142743.612 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142743.613 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142743.613 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142743.614 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142743.615 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142743.616 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142743.617 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142743.617 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142743.618 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142743.623 ================================ 9284:20230712:142743.624 provider 'gupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142743.624 End of expand_message6():(null) 9284:20230712:142743.625 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.625 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25256 value:'The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142743.626 buffer: new element 28 9284:20230712:142743.626 End of process_value():SUCCEED 9284:20230712:142743.627 In zbx_parse_eventlog_message6() EventRecordID:25257 9284:20230712:142743.627 In expand_message6() 9284:20230712:142743.629 End of expand_message6():Service started successfully. 9284:20230712:142743.629 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.630 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25257 value:'Service started successfully.' 9284:20230712:142743.630 buffer: new element 29 9284:20230712:142743.631 End of process_value():SUCCEED 9284:20230712:142743.631 In zbx_parse_eventlog_message6() EventRecordID:25258 9284:20230712:142743.632 In expand_message6() 9284:20230712:142743.633 End of expand_message6():Service started successfully. 9284:20230712:142743.633 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.634 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25258 value:'Service started successfully.' 9284:20230712:142743.634 buffer: new element 30 9284:20230712:142743.635 End of process_value():SUCCEED 9284:20230712:142743.635 In zbx_parse_eventlog_message6() EventRecordID:25259 9284:20230712:142743.636 In expand_message6() 9284:20230712:142743.637 End of expand_message6():Started event manager Started event manager 9284:20230712:142743.637 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.638 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25259 value:'Started event manager Started event manager' 9284:20230712:142743.638 buffer: new element 31 9284:20230712:142743.639 End of process_value():SUCCEED 9284:20230712:142743.639 In zbx_parse_eventlog_message6() EventRecordID:25260 9284:20230712:142743.640 In expand_message6() 9284:20230712:142743.641 End of expand_message6():The Windows Security Center Service has started. 9284:20230712:142743.642 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.642 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25260 value:'The Windows Security Center Service has started.' 9284:20230712:142743.643 buffer: new element 32 9284:20230712:142743.643 End of process_value():SUCCEED 9284:20230712:142743.644 In zbx_parse_eventlog_message6() EventRecordID:25261 9284:20230712:142743.644 In expand_message6() 9284:20230712:142743.646 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142743.646 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.647 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25261 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142743.647 buffer: new element 33 9284:20230712:142743.648 End of process_value():SUCCEED 9284:20230712:142743.649 In zbx_parse_eventlog_message6() EventRecordID:25262 9284:20230712:142743.649 In expand_message6() 9284:20230712:142743.650 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142743.650 ====== Fatal information: ====== 9284:20230712:142743.651 Program counter: 0x67e2cf19 9284:20230712:142743.652 === Registers: === 9284:20230712:142743.652 r8 = 18 = 24 = 24 9284:20230712:142743.653 r9 = 0 = 0 = 0 9284:20230712:142743.653 r10 = 0 = 0 = 0 9284:20230712:142743.654 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142743.655 r12 = 38630b0 = 59125936 = 59125936 9284:20230712:142743.655 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142743.656 r14 = 0 = 0 = 0 9284:20230712:142743.656 r15 = 0 = 0 = 0 9284:20230712:142743.657 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142743.657 rsi = 385f270 = 59110000 = 59110000 9284:20230712:142743.658 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142743.659 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142743.659 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142743.660 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142743.660 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142743.661 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142743.662 efl = 202 = 514 = 514 9284:20230712:142743.662 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142743.663 === Backtrace: === 9284:20230712:142743.822 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142743.823 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142743.824 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142743.824 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142743.825 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142743.827 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142743.828 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142743.829 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142743.830 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142743.831 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142743.832 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142743.833 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142743.833 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142743.834 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142743.839 ================================ 9284:20230712:142743.840 provider 'gupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142743.841 End of expand_message6():(null) 9284:20230712:142743.841 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.842 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25262 value:'The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142743.843 buffer: new element 34 9284:20230712:142743.843 End of process_value():SUCCEED 9284:20230712:142743.844 In zbx_parse_eventlog_message6() EventRecordID:25263 9284:20230712:142743.844 In expand_message6() 9284:20230712:142743.846 End of expand_message6():The file is signed and the signature was verified: C:\Program Files (x86)\Dropbox\Client_156.4.4908\Dropbox.exe 9284:20230712:142743.847 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.847 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25263 value:'The file is signed and the signature was verified: C:\Program Files (x86)\Dropbox\Client_156.4.4908\Dropbox.exe' 9284:20230712:142743.848 buffer: new element 35 9284:20230712:142743.849 End of process_value():SUCCEED 9284:20230712:142743.849 In zbx_parse_eventlog_message6() EventRecordID:25264 9284:20230712:142743.850 In expand_message6() 9284:20230712:142743.852 End of expand_message6():CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property. 9284:20230712:142743.852 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.853 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25264 value:'CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property. ' 9284:20230712:142743.854 buffer: new element 36 9284:20230712:142743.854 End of process_value():SUCCEED 9284:20230712:142743.855 In zbx_parse_eventlog_message6() EventRecordID:25265 9284:20230712:142743.856 In expand_message6() 9284:20230712:142743.857 End of expand_message6():Accepting connection from client: C:\Program Files (x86)\Dropbox\Client_156.4.4908\Dropbox.exe 9284:20230712:142743.858 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.858 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25265 value:'Accepting connection from client: C:\Program Files (x86)\Dropbox\Client_156.4.4908\Dropbox.exe' 9284:20230712:142743.859 buffer: new element 37 9284:20230712:142743.860 End of process_value():SUCCEED 9284:20230712:142743.860 In zbx_parse_eventlog_message6() EventRecordID:25266 9284:20230712:142743.861 In expand_message6() 9284:20230712:142743.862 End of expand_message6():Filter Unload failed with: (-2145452013) The system could not find the filter specified. 9284:20230712:142743.863 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.863 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25266 value:'Filter Unload failed with: (-2145452013) The system could not find the filter specified. ' 9284:20230712:142743.864 buffer: new element 38 9284:20230712:142743.864 End of process_value():SUCCEED 9284:20230712:142743.865 In zbx_parse_eventlog_message6() EventRecordID:25267 9284:20230712:142743.866 In expand_message6() 9284:20230712:142743.867 End of expand_message6():The file is signed and the signature was verified: C:\Program Files (x86)\Dropbox\Client_156.4.4908\Dropbox.exe 9284:20230712:142743.868 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.868 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25267 value:'The file is signed and the signature was verified: C:\Program Files (x86)\Dropbox\Client_156.4.4908\Dropbox.exe' 9284:20230712:142743.869 buffer: new element 39 9284:20230712:142743.870 End of process_value():SUCCEED 9284:20230712:142743.870 In zbx_parse_eventlog_message6() EventRecordID:25268 9284:20230712:142743.871 In expand_message6() 9284:20230712:142743.872 End of expand_message6():CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property. 9284:20230712:142743.873 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.873 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25268 value:'CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property. ' 9284:20230712:142743.874 buffer: new element 40 9284:20230712:142743.874 End of process_value():SUCCEED 9284:20230712:142743.875 In zbx_parse_eventlog_message6() EventRecordID:25269 9284:20230712:142743.876 In expand_message6() 9284:20230712:142743.877 End of expand_message6():Accepting connection from client: C:\Program Files (x86)\Dropbox\Client_156.4.4908\Dropbox.exe 9284:20230712:142743.878 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.878 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25269 value:'Accepting connection from client: C:\Program Files (x86)\Dropbox\Client_156.4.4908\Dropbox.exe' 9284:20230712:142743.879 buffer: new element 41 9284:20230712:142743.879 End of process_value():SUCCEED 9284:20230712:142743.880 In zbx_parse_eventlog_message6() EventRecordID:25270 9284:20230712:142743.881 In expand_message6() 9284:20230712:142743.882 End of expand_message6():Pipe server thread stopped. 9284:20230712:142743.882 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.883 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25270 value:'Pipe server thread stopped.' 9284:20230712:142743.883 buffer: new element 42 9284:20230712:142743.884 End of process_value():SUCCEED 9284:20230712:142743.885 In zbx_parse_eventlog_message6() EventRecordID:25271 9284:20230712:142743.885 In expand_message6() 9284:20230712:142743.886 End of expand_message6():Service stopped. 9284:20230712:142743.887 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.887 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25271 value:'Service stopped.' 9284:20230712:142743.888 buffer: new element 43 9284:20230712:142743.888 End of process_value():SUCCEED 9284:20230712:142743.889 In zbx_parse_eventlog_message6() EventRecordID:25272 9284:20230712:142743.889 In expand_message6() 9284:20230712:142743.890 End of expand_message6():Service started (1.0.24.0). 9284:20230712:142743.891 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.891 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25272 value:'Service started (1.0.24.0).' 9284:20230712:142743.892 buffer: new element 44 9284:20230712:142743.892 End of process_value():SUCCEED 9284:20230712:142743.893 In zbx_parse_eventlog_message6() EventRecordID:25273 9284:20230712:142743.893 In expand_message6() 9284:20230712:142743.894 End of expand_message6():Pipe server thread started. 9284:20230712:142743.895 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.895 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25273 value:'Pipe server thread started.' 9284:20230712:142743.896 buffer: new element 45 9284:20230712:142743.896 End of process_value():SUCCEED 9284:20230712:142743.897 In zbx_parse_eventlog_message6() EventRecordID:25274 9284:20230712:142743.897 In expand_message6() 9284:20230712:142743.899 End of expand_message6():Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying... 9284:20230712:142743.899 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.899 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25274 value:'Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...' 9284:20230712:142743.900 buffer: new element 46 9284:20230712:142743.900 End of process_value():SUCCEED 9284:20230712:142743.901 In zbx_parse_eventlog_message6() EventRecordID:25275 9284:20230712:142743.901 In expand_message6() 9284:20230712:142743.903 End of expand_message6():Version : 2.0.11.0 9284:20230712:142743.903 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.904 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25275 value:'Version : 2.0.11.0' 9284:20230712:142743.904 buffer: new element 47 9284:20230712:142743.905 End of process_value():SUCCEED 9284:20230712:142743.905 In zbx_parse_eventlog_message6() EventRecordID:25276 9284:20230712:142743.906 In expand_message6() 9284:20230712:142743.907 End of expand_message6():Cloud logging is enabled. 9284:20230712:142743.907 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.908 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25276 value:'Cloud logging is enabled.' 9284:20230712:142743.908 buffer: new element 48 9284:20230712:142743.909 End of process_value():SUCCEED 9284:20230712:142743.909 In zbx_parse_eventlog_message6() EventRecordID:25277 9284:20230712:142743.910 In expand_message6() 9284:20230712:142743.911 End of expand_message6():Load Balance is enabled. 9284:20230712:142743.912 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.912 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25277 value:'Load Balance is enabled.' 9284:20230712:142743.913 buffer: new element 49 9284:20230712:142743.913 In send_buffer() host:'192.168.56.201' port:10051 entries:50/100 9284:20230712:142743.914 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:60, connection timeout:3] 9284:20230712:142743.915 JSON before sending [{"request":"agent data","session":"4027be861358abcc6136983f1f36335c","data":[{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.","lastlogsize":25228,"timestamp":1661925808,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":251,"clock":1689161261,"ns":953955300},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has started.\r\n10.0.19041.1889","lastlogsize":25229,"timestamp":1661925808,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":902,"id":252,"clock":1689161261,"ns":958841000},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'hpqcaslwmiex' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed","lastlogsize":25230,"timestamp":1661925820,"source":"hpqcaslwmiex","severity":1,"id":253,"clock":1689161262,"ns":155172400},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a critical notification event.","lastlogsize":25231,"timestamp":1661925832,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6003,"id":254,"clock":1689161262,"ns":160453400},{"host":"Windows host","key":"eventlog[Application]","value":"Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...","lastlogsize":25232,"timestamp":1661925838,"source":"DbxSvc","severity":1,"eventid":320,"id":255,"clock":1689161262,"ns":165794500},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1\n","lastlogsize":25233,"timestamp":1661925848,"source":"igfxCUIService2.0.0.0","severity":1,"id":256,"clock":1689161262,"ns":365075900},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1\n","lastlogsize":25234,"timestamp":1661925848,"source":"igfxCUIService2.0.0.0","severity":1,"id":257,"clock":1689161262,"ns":559771900},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a notification event.","lastlogsize":25235,"timestamp":1661925848,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6000,"id":258,"clock":1689161262,"ns":564575700},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1\n","lastlogsize":25236,"timestamp":1661925848,"source":"igfxCUIService2.0.0.0","severity":1,"id":259,"clock":1689161262,"ns":762212400},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (1172,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0).","lastlogsize":25237,"timestamp":1661925849,"source":"ESENT","severity":1,"eventid":102,"id":260,"clock":1689161262,"ns":767934500},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (1172,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) \r\n \r\nAdditional Data:\r\n \r\n \r\nInternal Timing Sequence: \n[1] 0.002426 +J(0) +M(C:0K, Fs:318, WS:1244K # 1244K, PF:5392K # 5392K, P:5392K)\n[2] 0.000301 +J(0) +M(C:0K, Fs:126, WS:504K # 504K, PF:448K # 448K, P:448K)\n[3] 0.000713 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K)\n[4] 0.000098 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:348K # 348K, P:348K)\n[5] 0.001030 +J(0) +M(C:0K, Fs:13, WS:52K # 52K, PF:28K # 36K, P:28K)\n[6] 0.008032 +J(0) +M(C:0K, Fs:24, WS:92K # 92K, PF:16K # 8K, P:16K)\n[7] 0.005307 -0.002210 (2) WT +J(0) +M(C:0K, Fs:268, WS:1068K # 1068K, PF:1028K # 1028K, P:1028K)\n[8] -\n[9] -\n[10] -\n[11] -\n[12] -\n[13] 0.010219 -0.000222 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1024K # 12K, P:-1024K)\n[14] 0.000027 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:4K # 0K, P:4K)\n[15] 0.000084 +J(0) +M(C:0K, Fs:65, WS:260K # 0K, PF:64K # 0K, P:64K)\n[16] 0.000231 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).","lastlogsize":25238,"timestamp":1661925849,"source":"ESENT","severity":1,"eventid":105,"id":261,"clock":1689161262,"ns":773546000},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (1172,D,50) Windows: The database engine attached a database (1, C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb). (Time=0 seconds) \r\n \r\nSaved Cache: 0 0 \r\nAdditional Data: lgposAttach = 00000BBF:0047:0268,\ndbv = 1568.110.240 \r\n \r\nInternal Timing Sequence: \n[1] 0.000004 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[2] 0.001227 -0.000447 (1) WT +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K)\n[3] 0.004914 -0.000783 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:124K # 0K, PF:144K # 0K, P:144K)\n[4] 0.000252 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[5] -\n[6] -\n[7] -\n[8] 0.001129 -0.000814 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:52, WS:204K # 0K, PF:696K # 0K, P:696K)\n[9] 0.005767 -0.000776 (5) CM -0.004747 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:288K # 200K, P:288K)\n[10] 0.000258 -0.000176 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 4K, PF:96K # 96K, P:96K)\n[11] 0.000009 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K)\n[12] 0.000030 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K)\n[13] 0.0 +J(0)\n[14] 0.0 +J(0)\n[15] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).","lastlogsize":25239,"timestamp":1661925849,"source":"ESENT","severity":1,"eventid":326,"id":262,"clock":1689161262,"ns":779024600},{"host":"Windows host","key":"eventlog[Application]","value":"The Windows Search Service started.\n","lastlogsize":25240,"timestamp":1661925849,"source":"Microsoft-Windows-Search","severity":1,"eventid":1003,"id":263,"clock":1689161262,"ns":784646400},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started","lastlogsize":25241,"timestamp":1661925850,"source":"dbupdate","severity":1,"id":264,"clock":1689161262,"ns":985506400},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed","lastlogsize":25242,"timestamp":1661925850,"source":"BrService_4_3_4_610","severity":1,"id":265,"clock":1689161263,"ns":181606500},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=55c92734-d682-4d71-983e-d6ec3f16059f\r\nLicensing Status=\n1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]\n38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25243,"timestamp":1661925855,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":266,"clock":1689161263,"ns":187331800},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.","lastlogsize":25244,"timestamp":1661925855,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":267,"clock":1689161263,"ns":192467700},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.","lastlogsize":25245,"timestamp":1661925855,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":268,"clock":1689161263,"ns":197675600},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.","lastlogsize":25246,"timestamp":1661925855,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":269,"clock":1689161263,"ns":202995100},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.","lastlogsize":25247,"timestamp":1661925855,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":270,"clock":1689161263,"ns":208235400},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.","lastlogsize":25248,"timestamp":1661925855,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":271,"clock":1689161263,"ns":213381800},{"host":"Windows host","key":"eventlog[Application]","value":"12606","lastlogsize":25249,"timestamp":1661925867,"source":"SensorFramework-LogonTask-{100ee514-48c8-f419-6760-6fb8cb2767cd}","severity":1,"eventid":92,"id":272,"clock":1689161263,"ns":218572500},{"host":"Windows host","key":"eventlog[Application]","value":"Outlook loaded the following add-in(s):\n\n\nName: Microsoft Exchange Add-in\nDescription: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability.\nProgID: UmOutlookAddin.FormRegionAddin\nGUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\UmOutlookAddin.dll\nBoot Time (Milliseconds): 15\n\nName: Microsoft Teams Meeting Add-in for Microsoft Office\nDescription: Microsoft Teams Meeting Add-in for Microsoft Office\nProgID: TeamsAddin.FastConnect\nGUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D}\nLoad Behavior: 3\nHKLM: 0\nLocation: C:\\Users\\MihailsPrihodko\\AppData\\Local\\Microsoft\\TeamsMeetingAddin\\1.0.22209.4\\x64\\Microsoft.Teams.AddinLoader.dll\nBoot Time (Milliseconds): 16\n\nName: Outlook Social Connector 2016\nDescription: Connects to social networking sites and provides people, activity, and status information.\nProgID: OscAddin.Connect\nGUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\SOCIALCONNECTOR.DLL\nBoot Time (Milliseconds): 47\n\nName: OneNote Notes about Outlook Items\nDescription: Adds Send to OneNote and Notes about this Item buttons to the command bar\nProgID: OneNote.OutlookAddin\nGUID: {93E5752E-B889-47C5-8545-654EE2533C64}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ONBttnOL.dll\nBoot Time (Milliseconds): 15\n\nName: Microsoft VBA for Outlook Addin\nDescription: \nProgID: Microsoft.VbaAddinForOutlook.1\nGUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2}\nLoad Behavior: 9\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\OUTLVBA.DLL\nBoot Time (Milliseconds): 0\n\nName: Microsoft SharePoint Server Colleague Import Add-in\nDescription: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content\nProgID: ColleagueImport.ColleagueImportAddin\nGUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120}\nLoad Behavior: 3\nHKLM: 0\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\ColleagueImport.dll\nBoot Time (Milliseconds): 16\n\nName: HP Sure Click Outlook Add-in 4.3.4.610\nDescription: HP Sure Click Outlook Add-in 4.3.4.610\nProgID: Bromium.vSentry.OutlookAddin\nGUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\HP\\Sure Click\\4.3.4.610\\servers\\BrOutlookAddin.dll\nBoot Time (Milliseconds): 219\n","lastlogsize":25250,"timestamp":1661925879,"source":"Outlook","severity":1,"eventid":45,"id":273,"clock":1689161263,"ns":223672500},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":25251,"timestamp":1661925879,"source":"Outlook","severity":1,"eventid":63,"id":274,"clock":1689161263,"ns":228771100},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25252,"timestamp":1661925879,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":275,"clock":1689161263,"ns":234467300},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n\n","lastlogsize":25253,"timestamp":1661925879,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":276,"clock":1689161263,"ns":239877500},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdatem' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started","lastlogsize":25254,"timestamp":1661925909,"source":"dbupdatem","severity":1,"id":277,"clock":1689161263,"ns":429991500},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped.","lastlogsize":25255,"timestamp":1661925928,"source":"edgeupdate","severity":1,"id":278,"clock":1689161263,"ns":434428500},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25256,"timestamp":1661925928,"source":"gupdate","severity":1,"id":279,"clock":1689161263,"ns":626364600},{"host":"Windows host","key":"eventlog[Application]","value":"Service started successfully.","lastlogsize":25257,"timestamp":1661925928,"source":"HP Comm Recovery","severity":1,"id":280,"clock":1689161263,"ns":630675100},{"host":"Windows host","key":"eventlog[Application]","value":"Service started successfully.","lastlogsize":25258,"timestamp":1661925929,"source":"IAStorDataMgrSvc","severity":1,"id":281,"clock":1689161263,"ns":634797900},{"host":"Windows host","key":"eventlog[Application]","value":"Started event manager\nStarted event manager","lastlogsize":25259,"timestamp":1661925929,"source":"IAStorDataMgrSvc","severity":1,"eventid":7303,"id":282,"clock":1689161263,"ns":639064100},{"host":"Windows host","key":"eventlog[Application]","value":"The Windows Security Center Service has started.","lastlogsize":25260,"timestamp":1661925931,"source":"SecurityCenter","severity":1,"eventid":1,"id":283,"clock":1689161263,"ns":643367700},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25261,"timestamp":1661925933,"source":"SecurityCenter","severity":1,"eventid":15,"id":284,"clock":1689161263,"ns":648093300},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25262,"timestamp":1661925934,"source":"gupdate","severity":1,"id":285,"clock":1689161263,"ns":843127500},{"host":"Windows host","key":"eventlog[Application]","value":"The file is signed and the signature was verified: C:\\Program Files (x86)\\Dropbox\\Client_156.4.4908\\Dropbox.exe","lastlogsize":25263,"timestamp":1661925952,"source":"DbxSvc","severity":1,"eventid":284,"id":286,"clock":1689161263,"ns":848588200},{"host":"Windows host","key":"eventlog[Application]","value":"CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property. ","lastlogsize":25264,"timestamp":1661925952,"source":"DbxSvc","severity":4,"eventid":281,"id":287,"clock":1689161263,"ns":854205600},{"host":"Windows host","key":"eventlog[Application]","value":"Accepting connection from client: C:\\Program Files (x86)\\Dropbox\\Client_156.4.4908\\Dropbox.exe","lastlogsize":25265,"timestamp":1661925952,"source":"DbxSvc","severity":1,"eventid":294,"id":288,"clock":1689161263,"ns":859496100},{"host":"Windows host","key":"eventlog[Application]","value":"Filter Unload failed with: (-2145452013) The system could not find the filter specified. ","lastlogsize":25266,"timestamp":1661925952,"source":"DbxSvc","severity":1,"eventid":270,"id":289,"clock":1689161263,"ns":864540800},{"host":"Windows host","key":"eventlog[Application]","value":"The file is signed and the signature was verified: C:\\Program Files (x86)\\Dropbox\\Client_156.4.4908\\Dropbox.exe","lastlogsize":25267,"timestamp":1661925953,"source":"DbxSvc","severity":1,"eventid":284,"id":290,"clock":1689161263,"ns":869563600},{"host":"Windows host","key":"eventlog[Application]","value":"CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property. ","lastlogsize":25268,"timestamp":1661925953,"source":"DbxSvc","severity":4,"eventid":281,"id":291,"clock":1689161263,"ns":874519700},{"host":"Windows host","key":"eventlog[Application]","value":"Accepting connection from client: C:\\Program Files (x86)\\Dropbox\\Client_156.4.4908\\Dropbox.exe","lastlogsize":25269,"timestamp":1661925953,"source":"DbxSvc","severity":1,"eventid":294,"id":292,"clock":1689161263,"ns":879459900},{"host":"Windows host","key":"eventlog[Application]","value":"Pipe server thread stopped.","lastlogsize":25270,"timestamp":1661925953,"source":"DbxSvc","severity":1,"eventid":259,"id":293,"clock":1689161263,"ns":884008800},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped.","lastlogsize":25271,"timestamp":1661925953,"source":"DbxSvc","severity":1,"eventid":257,"id":294,"clock":1689161263,"ns":888230900},{"host":"Windows host","key":"eventlog[Application]","value":"Service started (1.0.24.0).","lastlogsize":25272,"timestamp":1661925953,"source":"DbxSvc","severity":1,"eventid":336,"id":295,"clock":1689161263,"ns":892301700},{"host":"Windows host","key":"eventlog[Application]","value":"Pipe server thread started.","lastlogsize":25273,"timestamp":1661925953,"source":"DbxSvc","severity":1,"eventid":258,"id":296,"clock":1689161263,"ns":896455900},{"host":"Windows host","key":"eventlog[Application]","value":"Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...","lastlogsize":25274,"timestamp":1661925953,"source":"DbxSvc","severity":1,"eventid":320,"id":297,"clock":1689161263,"ns":900542700},{"host":"Windows host","key":"eventlog[Application]","value":"Version : 2.0.11.0","lastlogsize":25275,"timestamp":1661925958,"source":"HP Comm Recovery","severity":1,"id":298,"clock":1689161263,"ns":904762900},{"host":"Windows host","key":"eventlog[Application]","value":"Cloud logging is enabled.","lastlogsize":25276,"timestamp":1661925958,"source":"HP Comm Recovery","severity":1,"id":299,"clock":1689161263,"ns":908868000},{"host":"Windows host","key":"eventlog[Application]","value":"Load Balance is enabled.","lastlogsize":25277,"timestamp":1661925958,"source":"HP Comm Recovery","severity":1,"id":300,"clock":1689161263,"ns":913103200}],"clock":1689161263,"ns":914953400}] 9284:20230712:142743.920 JSON back [{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002536"}] 9284:20230712:142743.920 In check_response() response:'{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002536"}' 9284:20230712:142743.921 info from server: 'processed: 50; failed: 0; total: 50; seconds spent: 0.002536' 9284:20230712:142743.922 End of check_response():SUCCEED 9284:20230712:142743.922 OK 9284:20230712:142743.923 End of send_buffer():SUCCEED 9284:20230712:142743.923 End of process_value():SUCCEED 9284:20230712:142743.926 In zbx_parse_eventlog_message6() EventRecordID:25278 9284:20230712:142743.926 In expand_message6() 9284:20230712:142743.928 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-07T06:06:21Z. Reason: RulesEngine. 9284:20230712:142743.929 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.929 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25278 value:'Successfully scheduled Software Protection service for re-start at 2122-08-07T06:06:21Z. Reason: RulesEngine.' 9284:20230712:142743.930 buffer: new element 0 9284:20230712:142743.930 End of process_value():SUCCEED 9284:20230712:142743.931 In zbx_parse_eventlog_message6() EventRecordID:25279 9284:20230712:142743.931 In expand_message6() 9284:20230712:142743.933 End of expand_message6():The Software Protection service has stopped. 9284:20230712:142743.934 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.934 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25279 value:'The Software Protection service has stopped. ' 9284:20230712:142743.935 buffer: new element 1 9284:20230712:142743.935 End of process_value():SUCCEED 9284:20230712:142743.936 In zbx_parse_eventlog_message6() EventRecordID:25280 9284:20230712:142743.936 In expand_message6() 9284:20230712:142743.938 End of expand_message6():Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying... 9284:20230712:142743.938 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.939 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25280 value:'Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...' 9284:20230712:142743.939 buffer: new element 2 9284:20230712:142743.940 End of process_value():SUCCEED 9284:20230712:142743.940 In zbx_parse_eventlog_message6() EventRecordID:25281 9284:20230712:142743.941 In expand_message6() 9284:20230712:142743.942 End of expand_message6():Service stopped. 9284:20230712:142743.943 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.943 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25281 value:'Service stopped.' 9284:20230712:142743.944 buffer: new element 3 9284:20230712:142743.944 End of process_value():SUCCEED 9284:20230712:142743.945 In zbx_parse_eventlog_message6() EventRecordID:25282 9284:20230712:142743.946 In expand_message6() 9284:20230712:142743.947 End of expand_message6():The file is signed and the signature was verified: C:\Program Files (x86)\Dropbox\Client_156.4.4908\Dropbox.exe 9284:20230712:142743.947 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.948 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25282 value:'The file is signed and the signature was verified: C:\Program Files (x86)\Dropbox\Client_156.4.4908\Dropbox.exe' 9284:20230712:142743.948 buffer: new element 4 9284:20230712:142743.949 End of process_value():SUCCEED 9284:20230712:142743.949 In zbx_parse_eventlog_message6() EventRecordID:25283 9284:20230712:142743.950 In expand_message6() 9284:20230712:142743.951 End of expand_message6():CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property. 9284:20230712:142743.952 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.952 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25283 value:'CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property. ' 9284:20230712:142743.953 buffer: new element 5 9284:20230712:142743.953 End of process_value():SUCCEED 9284:20230712:142743.954 In zbx_parse_eventlog_message6() EventRecordID:25284 9284:20230712:142743.955 In expand_message6() 9284:20230712:142743.956 End of expand_message6():Accepting connection from client: C:\Program Files (x86)\Dropbox\Client_156.4.4908\Dropbox.exe 9284:20230712:142743.956 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.957 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25284 value:'Accepting connection from client: C:\Program Files (x86)\Dropbox\Client_156.4.4908\Dropbox.exe' 9284:20230712:142743.958 buffer: new element 6 9284:20230712:142743.958 End of process_value():SUCCEED 9284:20230712:142743.959 In zbx_parse_eventlog_message6() EventRecordID:25285 9284:20230712:142743.959 In expand_message6() 9284:20230712:142743.961 End of expand_message6():Filter Unload failed with: (-2145452013) The system could not find the filter specified. 9284:20230712:142743.961 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.962 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25285 value:'Filter Unload failed with: (-2145452013) The system could not find the filter specified. ' 9284:20230712:142743.962 buffer: new element 7 9284:20230712:142743.963 End of process_value():SUCCEED 9284:20230712:142743.963 In zbx_parse_eventlog_message6() EventRecordID:25286 9284:20230712:142743.964 In expand_message6() 9284:20230712:142743.965 End of expand_message6():The file is signed and the signature was verified: C:\Program Files (x86)\Dropbox\Client_156.4.4908\Dropbox.exe 9284:20230712:142743.966 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.966 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25286 value:'The file is signed and the signature was verified: C:\Program Files (x86)\Dropbox\Client_156.4.4908\Dropbox.exe' 9284:20230712:142743.967 buffer: new element 8 9284:20230712:142743.967 End of process_value():SUCCEED 9284:20230712:142743.968 In zbx_parse_eventlog_message6() EventRecordID:25287 9284:20230712:142743.968 In expand_message6() 9284:20230712:142743.969 End of expand_message6():CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property. 9284:20230712:142743.970 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.970 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25287 value:'CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property. ' 9284:20230712:142743.971 buffer: new element 9 9284:20230712:142743.971 End of process_value():SUCCEED 9284:20230712:142743.972 In zbx_parse_eventlog_message6() EventRecordID:25288 9284:20230712:142743.973 In expand_message6() 9284:20230712:142743.974 End of expand_message6():Accepting connection from client: C:\Program Files (x86)\Dropbox\Client_156.4.4908\Dropbox.exe 9284:20230712:142743.974 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.975 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25288 value:'Accepting connection from client: C:\Program Files (x86)\Dropbox\Client_156.4.4908\Dropbox.exe' 9284:20230712:142743.976 buffer: new element 10 9284:20230712:142743.976 End of process_value():SUCCEED 9284:20230712:142743.977 In zbx_parse_eventlog_message6() EventRecordID:25289 9284:20230712:142743.977 In expand_message6() 9284:20230712:142743.978 End of expand_message6():Pipe server thread stopped. 9284:20230712:142743.979 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.980 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25289 value:'Pipe server thread stopped.' 9284:20230712:142743.980 buffer: new element 11 9284:20230712:142743.981 End of process_value():SUCCEED 9284:20230712:142743.981 In zbx_parse_eventlog_message6() EventRecordID:25290 9284:20230712:142743.982 In expand_message6() 9284:20230712:142743.983 End of expand_message6():Service stopped. 9284:20230712:142743.983 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.984 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25290 value:'Service stopped.' 9284:20230712:142743.985 buffer: new element 12 9284:20230712:142743.985 End of process_value():SUCCEED 9284:20230712:142743.986 In zbx_parse_eventlog_message6() EventRecordID:25291 9284:20230712:142743.986 In expand_message6() 9284:20230712:142743.988 End of expand_message6():Service started (1.0.24.0). 9284:20230712:142743.988 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.989 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25291 value:'Service started (1.0.24.0).' 9284:20230712:142743.989 buffer: new element 13 9284:20230712:142743.990 End of process_value():SUCCEED 9284:20230712:142743.990 In zbx_parse_eventlog_message6() EventRecordID:25292 9284:20230712:142743.991 In expand_message6() 9284:20230712:142743.992 End of expand_message6():Pipe server thread started. 9284:20230712:142743.992 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.993 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25292 value:'Pipe server thread started.' 9284:20230712:142743.994 buffer: new element 14 9284:20230712:142743.994 End of process_value():SUCCEED 9284:20230712:142743.995 In zbx_parse_eventlog_message6() EventRecordID:25293 9284:20230712:142743.995 In expand_message6() 9284:20230712:142743.996 End of expand_message6():Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying... 9284:20230712:142743.997 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142743.997 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25293 value:'Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...' 9284:20230712:142743.998 buffer: new element 15 9284:20230712:142743.998 End of process_value():SUCCEED 9284:20230712:142743.999 In zbx_parse_eventlog_message6() EventRecordID:25294 9284:20230712:142743.999 In expand_message6() 9284:20230712:142744.000 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142744.001 ====== Fatal information: ====== 9284:20230712:142744.001 Program counter: 0x67e2cf19 9284:20230712:142744.002 === Registers: === 9284:20230712:142744.002 r8 = 18 = 24 = 24 9284:20230712:142744.003 r9 = 0 = 0 = 0 9284:20230712:142744.003 r10 = 0 = 0 = 0 9284:20230712:142744.004 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142744.004 r12 = 6af650 = 7009872 = 7009872 9284:20230712:142744.005 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142744.005 r14 = 0 = 0 = 0 9284:20230712:142744.006 r15 = 0 = 0 = 0 9284:20230712:142744.006 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142744.007 rsi = 385fbd0 = 59112400 = 59112400 9284:20230712:142744.007 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142744.008 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142744.009 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142744.009 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142744.010 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142744.010 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142744.011 efl = 202 = 514 = 514 9284:20230712:142744.011 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142744.012 === Backtrace: === 9284:20230712:142744.171 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142744.172 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142744.172 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142744.173 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142744.174 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142744.176 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142744.177 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142744.178 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142744.179 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142744.180 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142744.180 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142744.181 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142744.182 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142744.183 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142744.188 ================================ 9284:20230712:142744.189 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142744.190 End of expand_message6():(null) 9284:20230712:142744.190 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.191 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25294 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142744.192 buffer: new element 16 9284:20230712:142744.192 End of process_value():SUCCEED 9284:20230712:142744.193 In zbx_parse_eventlog_message6() EventRecordID:25295 9284:20230712:142744.193 In expand_message6() 9284:20230712:142744.194 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142744.195 ====== Fatal information: ====== 9284:20230712:142744.195 Program counter: 0x67e2cf19 9284:20230712:142744.196 === Registers: === 9284:20230712:142744.196 r8 = 18 = 24 = 24 9284:20230712:142744.197 r9 = 0 = 0 = 0 9284:20230712:142744.198 r10 = 0 = 0 = 0 9284:20230712:142744.198 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142744.199 r12 = 6af650 = 7009872 = 7009872 9284:20230712:142744.199 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142744.200 r14 = 0 = 0 = 0 9284:20230712:142744.201 r15 = 0 = 0 = 0 9284:20230712:142744.201 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142744.202 rsi = 385e370 = 59106160 = 59106160 9284:20230712:142744.202 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142744.203 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142744.203 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142744.204 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142744.205 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142744.205 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142744.206 efl = 202 = 514 = 514 9284:20230712:142744.206 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142744.207 === Backtrace: === 2184:20230712:142744.261 In collect_perfstat() 2184:20230712:142744.264 End of collect_perfstat() 9284:20230712:142744.366 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142744.367 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142744.367 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142744.368 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142744.369 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142744.371 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142744.372 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142744.373 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142744.374 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142744.374 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142744.375 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142744.376 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142744.377 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142744.377 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142744.383 ================================ 9284:20230712:142744.384 provider 'dbupdatem' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142744.384 End of expand_message6():(null) 9284:20230712:142744.385 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.385 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25295 value:'The description for Event ID:0 in Source:'dbupdatem' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142744.386 buffer: new element 17 9284:20230712:142744.387 End of process_value():SUCCEED 9284:20230712:142744.387 In zbx_parse_eventlog_message6() EventRecordID:25296 9284:20230712:142744.388 In expand_message6() 9284:20230712:142744.389 End of expand_message6():Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying... 9284:20230712:142744.390 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.391 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25296 value:'Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...' 9284:20230712:142744.391 buffer: new element 18 9284:20230712:142744.392 End of process_value():SUCCEED 9284:20230712:142744.392 In zbx_parse_eventlog_message6() EventRecordID:25297 9284:20230712:142744.393 In expand_message6() 9284:20230712:142744.395 End of expand_message6():Finish Device Check 9284:20230712:142744.395 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.396 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25297 value:'Finish Device Check' 9284:20230712:142744.396 buffer: new element 19 9284:20230712:142744.397 End of process_value():SUCCEED 9284:20230712:142744.398 In zbx_parse_eventlog_message6() EventRecordID:25298 9284:20230712:142744.398 In expand_message6() 9284:20230712:142744.400 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142744.400 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.401 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25298 value:'Offline downlevel migration succeeded.' 9284:20230712:142744.402 buffer: new element 20 9284:20230712:142744.402 End of process_value():SUCCEED 9284:20230712:142744.403 In zbx_parse_eventlog_message6() EventRecordID:25299 9284:20230712:142744.403 In expand_message6() 9284:20230712:142744.405 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142744.406 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.407 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25299 value:'The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142744.407 buffer: new element 21 9284:20230712:142744.408 End of process_value():SUCCEED 9284:20230712:142744.409 In zbx_parse_eventlog_message6() EventRecordID:25300 9284:20230712:142744.409 In expand_message6() 9284:20230712:142744.411 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip. 9284:20230712:142744.412 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.413 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25300 value:'Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.' 9284:20230712:142744.414 buffer: new element 22 9284:20230712:142744.414 End of process_value():SUCCEED 9284:20230712:142744.415 In zbx_parse_eventlog_message6() EventRecordID:25301 9284:20230712:142744.416 In expand_message6() 9284:20230712:142744.417 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip. 9284:20230712:142744.418 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.419 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25301 value:'Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.' 9284:20230712:142744.419 buffer: new element 23 9284:20230712:142744.420 End of process_value():SUCCEED 9284:20230712:142744.420 In zbx_parse_eventlog_message6() EventRecordID:25302 9284:20230712:142744.421 In expand_message6() 9284:20230712:142744.423 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip. 9284:20230712:142744.423 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.424 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25302 value:'Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.' 9284:20230712:142744.424 buffer: new element 24 9284:20230712:142744.425 End of process_value():SUCCEED 9284:20230712:142744.425 In zbx_parse_eventlog_message6() EventRecordID:25303 9284:20230712:142744.426 In expand_message6() 9284:20230712:142744.428 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip. 9284:20230712:142744.428 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.429 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25303 value:'Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.' 9284:20230712:142744.430 buffer: new element 25 9284:20230712:142744.430 End of process_value():SUCCEED 9284:20230712:142744.431 In zbx_parse_eventlog_message6() EventRecordID:25304 9284:20230712:142744.431 In expand_message6() 9284:20230712:142744.433 End of expand_message6():Updated policy Kernel-RegisteredProcessors with value of 2 from Clip. 9284:20230712:142744.434 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.434 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25304 value:'Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.' 9284:20230712:142744.435 buffer: new element 26 9284:20230712:142744.435 End of process_value():SUCCEED 9284:20230712:142744.436 In zbx_parse_eventlog_message6() EventRecordID:25305 9284:20230712:142744.436 In expand_message6() 9284:20230712:142744.438 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-07T06:12:03Z. Reason: RulesEngine. 9284:20230712:142744.439 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.440 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25305 value:'Successfully scheduled Software Protection service for re-start at 2122-08-07T06:12:03Z. Reason: RulesEngine.' 9284:20230712:142744.440 buffer: new element 27 9284:20230712:142744.441 End of process_value():SUCCEED 9284:20230712:142744.441 In zbx_parse_eventlog_message6() EventRecordID:25306 9284:20230712:142744.442 In expand_message6() 9284:20230712:142744.444 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142744.444 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.445 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25306 value:'Offline downlevel migration succeeded.' 9284:20230712:142744.446 buffer: new element 28 9284:20230712:142744.446 End of process_value():SUCCEED 9284:20230712:142744.447 In zbx_parse_eventlog_message6() EventRecordID:25307 9284:20230712:142744.447 In expand_message6() 9284:20230712:142744.449 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-07T06:12:40Z. Reason: RulesEngine. 9284:20230712:142744.450 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.450 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25307 value:'Successfully scheduled Software Protection service for re-start at 2122-08-07T06:12:40Z. Reason: RulesEngine.' 9284:20230712:142744.451 buffer: new element 29 9284:20230712:142744.451 End of process_value():SUCCEED 9284:20230712:142744.452 In zbx_parse_eventlog_message6() EventRecordID:25308 9284:20230712:142744.453 In expand_message6() 9284:20230712:142744.454 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142744.455 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.455 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25308 value:'Offline downlevel migration succeeded.' 9284:20230712:142744.456 buffer: new element 30 9284:20230712:142744.457 End of process_value():SUCCEED 9284:20230712:142744.457 In zbx_parse_eventlog_message6() EventRecordID:25309 9284:20230712:142744.458 In expand_message6() 9284:20230712:142744.459 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142744.460 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.461 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25309 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142744.461 buffer: new element 31 9284:20230712:142744.462 End of process_value():SUCCEED 9284:20230712:142744.462 In zbx_parse_eventlog_message6() EventRecordID:25310 9284:20230712:142744.463 In expand_message6() 9284:20230712:142744.465 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-07T06:13:59Z. Reason: RulesEngine. 9284:20230712:142744.465 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.466 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25310 value:'Successfully scheduled Software Protection service for re-start at 2122-08-07T06:13:59Z. Reason: RulesEngine.' 9284:20230712:142744.466 buffer: new element 32 9284:20230712:142744.467 End of process_value():SUCCEED 9284:20230712:142744.468 In zbx_parse_eventlog_message6() EventRecordID:25311 9284:20230712:142744.468 In expand_message6() 9284:20230712:142744.470 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142744.470 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.471 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25311 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142744.472 buffer: new element 33 9284:20230712:142744.472 End of process_value():SUCCEED 9284:20230712:142744.473 In zbx_parse_eventlog_message6() EventRecordID:25312 9284:20230712:142744.473 In expand_message6() 9284:20230712:142744.475 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142744.476 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.476 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25312 value:'Offline downlevel migration succeeded.' 9284:20230712:142744.477 buffer: new element 34 9284:20230712:142744.477 End of process_value():SUCCEED 9284:20230712:142744.478 In zbx_parse_eventlog_message6() EventRecordID:25313 9284:20230712:142744.478 In expand_message6() 9284:20230712:142744.480 End of expand_message6():svchost (4256,P,98) DS_Token_DB: The database engine (10.00.19044.0000) is starting a new instance (0). 9284:20230712:142744.481 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.481 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25313 value:'svchost (4256,P,98) DS_Token_DB: The database engine (10.00.19044.0000) is starting a new instance (0).' 9284:20230712:142744.482 buffer: new element 35 9284:20230712:142744.482 End of process_value():SUCCEED 9284:20230712:142744.483 In zbx_parse_eventlog_message6() EventRecordID:25314 9284:20230712:142744.483 In expand_message6() 9284:20230712:142744.485 End of expand_message6():svchost (4256,R,98) DS_Token_DB: The database engine is initiating recovery steps. 9284:20230712:142744.485 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.486 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25314 value:'svchost (4256,R,98) DS_Token_DB: The database engine is initiating recovery steps.' 9284:20230712:142744.486 buffer: new element 36 9284:20230712:142744.487 End of process_value():SUCCEED 9284:20230712:142744.487 In zbx_parse_eventlog_message6() EventRecordID:25315 9284:20230712:142744.488 In expand_message6() 9284:20230712:142744.489 End of expand_message6():svchost (4256,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Processing Stats: [1] 0.020062 -0.005235 (7) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:16224/11) +M(C:0K, Fs:70, WS:204K # 156K, PF:148K # 84K, P:148K). Log record of type 'AttachDB ' was seen most frequently (1 times) 9284:20230712:142744.490 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.491 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25315 value:'svchost (4256,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Processing Stats: [1] 0.020062 -0.005235 (7) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:16224/11) +M(C:0K, Fs:70, WS:204K # 156K, PF:148K # 84K, P:148K). Log record of type 'AttachDB ' was seen most frequently (1 times)' 9284:20230712:142744.491 buffer: new element 37 9284:20230712:142744.492 End of process_value():SUCCEED 9284:20230712:142744.492 In zbx_parse_eventlog_message6() EventRecordID:25316 9284:20230712:142744.493 In expand_message6() 9284:20230712:142744.495 End of expand_message6():svchost (4256,U,98) DS_Token_DB: The database engine has successfully completed recovery steps. 9284:20230712:142744.495 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.496 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25316 value:'svchost (4256,U,98) DS_Token_DB: The database engine has successfully completed recovery steps.' 9284:20230712:142744.496 buffer: new element 38 9284:20230712:142744.497 End of process_value():SUCCEED 9284:20230712:142744.497 In zbx_parse_eventlog_message6() EventRecordID:25317 9284:20230712:142744.498 In expand_message6() 9284:20230712:142744.499 End of expand_message6():svchost (4256,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 0000001F:0001:0000 - 0000001F:0004:0039 - 0000001F:0005:0000 - 0000001F:0005:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.001024 +J(0) +M(C:0K, Fs:148, WS:568K # 568K, PF:2772K # 2772K, P:2772K) [2] 0.000447 +J(0) +M(C:8K, Fs:230, WS:912K # 912K, PF:1208K # 1208K, P:1208K) [3] 0.000024 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K) [4] 0.000164 +J(0) +M(C:0K, Fs:41, WS:164K # 164K, PF:164K # 164K, P:164K) [5] 0.002502 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K) [6] 0.006773 +J(0) +M(C:0K, Fs:26, WS:104K # 104K, PF:12K # 12K, P:12K) [7] 0.004808 -0.000306 (2) WT +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:64K # 64K, P:64K) [8] 0.034227 -0.005904 (11) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:16224/11) +M(C:0K, Fs:130, WS:368K # 372K, PF:244K # 248K, P:244K) [9] 0.000802 +J(0) +M(C:0K, Fs:7, WS:28K # 24K, PF:0K # 0K, P:0K) [10] 0.000928 -0.000209 (1) WT +J(0) +M(C:0K, Fs:14, WS:-4K # 12K, PF:8K # 48K, P:8K) [11] 0.000022 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [12] 0.009316 -0.000507 (1) WT +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.050774 -0.000314 (2) CM -0.005729 (23) WT +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:52, WS:88K # 144K, PF:160K # 184K, P:160K) [14] 0.000023 +J(0) [15] 0.000011 +J(0) [16] 0.000841 -0.000069 (1) WT +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K). 9284:20230712:142744.500 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.501 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25317 value:'svchost (4256,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 0000001F:0001:0000 - 0000001F:0004:0039 - 0000001F:0005:0000 - 0000001F:0005:0000 (00000000:0000:0000) cReInits = 1 Internal Timing Sequence: [1] 0.001024 +J(0) +M(C:0K, Fs:148, WS:568K # 568K, PF:2772K # 2772K, P:2772K) [2] 0.000447 +J(0) +M(C:8K, Fs:230, WS:912K # 912K, PF:1208K # 1208K, P:1208K) [3] 0.000024 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K) [4] 0.000164 +J(0) +M(C:0K, Fs:41, WS:164K # 164K, PF:164K # 164K, P:164K) [5] 0.002502 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K) [6] 0.006773 +J(0) +M(C:0K, Fs:26, WS:104K # 104K, PF:12K # 12K, P:12K) [7] 0.004808 -0.000306 (2) WT +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:64K # 64K, P:64K) [8] 0.034227 -0.005904 (11) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:16224/11) +M(C:0K, Fs:130, WS:368K # 372K, PF:244K # 248K, P:244K) [9] 0.000802 +J(0) +M(C:0K, Fs:7, WS:28K # 24K, PF:0K # 0K, P:0K) [10] 0.000928 -0.000209 (1) WT +J(0) +M(C:0K, Fs:14, WS:-4K # 12K, PF:8K # 48K, P:8K) [11] 0.000022 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [12] 0.009316 -0.000507 (1) WT +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.050774 -0.000314 (2) CM -0.005729 (23) WT +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:52, WS:88K # 144K, PF:160K # 184K, P:160K) [14] 0.000023 +J(0) [15] 0.000011 +J(0) [16] 0.000841 -0.000069 (1) WT +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).' 9284:20230712:142744.501 buffer: new element 39 9284:20230712:142744.502 End of process_value():SUCCEED 9284:20230712:142744.502 In zbx_parse_eventlog_message6() EventRecordID:25318 9284:20230712:142744.503 In expand_message6() 9284:20230712:142744.505 End of expand_message6():svchost (4256,D,50) DS_Token_DB: The database engine attached a database (1, C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 0000001F:0007:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000005 +J(0) [2] 0.001433 -0.000616 (1) WT +J(0) +M(C:0K, Fs:17, WS:4K # 8K, PF:4K # 0K, P:4K) [3] 0.017535 -0.001123 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:11, WS:40K # 0K, PF:36K # 0K, P:36K) [4] 0.001794 +J(0) [5] - [6] - [7] - [8] 0.000517 -0.000345 (2) CM -0.000256 (2) WT +J(CM:2, PgRf:2, Rd:4/2, Dy:0/0, Lg:54/1) +M(C:8K, Fs:5, WS:20K # 0K, PF:28K # 0K, P:28K) [9] 0.001121 -0.000692 (3) CM -0.000571 (3) WT +J(CM:3, PgRf:23, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:27, WS:100K # 96K, PF:196K # 204K, P:196K) [10] 0.000430 -0.000314 (2) CM -0.000236 (2) WT +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:64K # 56K, P:64K) [11] 0.000022 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000053 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [13] 0.0 +J(0) [14] 0.0 +J(0) [15] 0.000006 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0). 9284:20230712:142744.505 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.506 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25318 value:'svchost (4256,D,50) DS_Token_DB: The database engine attached a database (1, C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 0000001F:0007:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000005 +J(0) [2] 0.001433 -0.000616 (1) WT +J(0) +M(C:0K, Fs:17, WS:4K # 8K, PF:4K # 0K, P:4K) [3] 0.017535 -0.001123 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:11, WS:40K # 0K, PF:36K # 0K, P:36K) [4] 0.001794 +J(0) [5] - [6] - [7] - [8] 0.000517 -0.000345 (2) CM -0.000256 (2) WT +J(CM:2, PgRf:2, Rd:4/2, Dy:0/0, Lg:54/1) +M(C:8K, Fs:5, WS:20K # 0K, PF:28K # 0K, P:28K) [9] 0.001121 -0.000692 (3) CM -0.000571 (3) WT +J(CM:3, PgRf:23, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:27, WS:100K # 96K, PF:196K # 204K, P:196K) [10] 0.000430 -0.000314 (2) CM -0.000236 (2) WT +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:64K # 56K, P:64K) [11] 0.000022 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000053 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [13] 0.0 +J(0) [14] 0.0 +J(0) [15] 0.000006 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).' 9284:20230712:142744.506 buffer: new element 40 9284:20230712:142744.507 End of process_value():SUCCEED 9284:20230712:142744.508 In zbx_parse_eventlog_message6() EventRecordID:25319 9284:20230712:142744.508 In expand_message6() 9284:20230712:142744.510 End of expand_message6():Starting session 1 - ‎2022‎-‎08‎-‎31T08:00:04.566413100Z. 9284:20230712:142744.511 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.512 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25319 value:'Starting session 1 - ‎2022‎-‎08‎-‎31T08:00:04.566413100Z.' 9284:20230712:142744.512 buffer: new element 41 9284:20230712:142744.513 End of process_value():SUCCEED 9284:20230712:142744.513 In zbx_parse_eventlog_message6() EventRecordID:25320 9284:20230712:142744.514 In expand_message6() 9284:20230712:142744.516 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-07T08:00:31Z. Reason: RulesEngine. 9284:20230712:142744.516 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.517 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25320 value:'Successfully scheduled Software Protection service for re-start at 2122-08-07T08:00:31Z. Reason: RulesEngine.' 9284:20230712:142744.517 buffer: new element 42 9284:20230712:142744.518 End of process_value():SUCCEED 9284:20230712:142744.518 In zbx_parse_eventlog_message6() EventRecordID:25321 9284:20230712:142744.519 In expand_message6() 9284:20230712:142744.521 End of expand_message6():Ending session 1 started ‎2022‎-‎08‎-‎31T08:00:04.566413100Z. 9284:20230712:142744.521 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.522 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25321 value:'Ending session 1 started ‎2022‎-‎08‎-‎31T08:00:04.566413100Z.' 9284:20230712:142744.522 buffer: new element 43 9284:20230712:142744.523 End of process_value():SUCCEED 9284:20230712:142744.523 In zbx_parse_eventlog_message6() EventRecordID:25322 9284:20230712:142744.524 In expand_message6() 9284:20230712:142744.525 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142744.526 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.526 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25322 value:'Offline downlevel migration succeeded.' 9284:20230712:142744.527 buffer: new element 44 9284:20230712:142744.527 End of process_value():SUCCEED 9284:20230712:142744.528 In zbx_parse_eventlog_message6() EventRecordID:25323 9284:20230712:142744.528 In expand_message6() 9284:20230712:142744.530 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-07T08:08:52Z. Reason: RulesEngine. 9284:20230712:142744.530 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.531 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25323 value:'Successfully scheduled Software Protection service for re-start at 2122-08-07T08:08:52Z. Reason: RulesEngine.' 9284:20230712:142744.531 buffer: new element 45 9284:20230712:142744.532 End of process_value():SUCCEED 9284:20230712:142744.532 In zbx_parse_eventlog_message6() EventRecordID:25324 9284:20230712:142744.533 In expand_message6() 9284:20230712:142744.535 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142744.535 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.535 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25324 value:'Offline downlevel migration succeeded.' 9284:20230712:142744.536 buffer: new element 46 9284:20230712:142744.536 End of process_value():SUCCEED 9284:20230712:142744.537 In zbx_parse_eventlog_message6() EventRecordID:25325 9284:20230712:142744.537 In expand_message6() 9284:20230712:142744.539 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-07T08:12:42Z. Reason: RulesEngine. 9284:20230712:142744.540 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.540 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25325 value:'Successfully scheduled Software Protection service for re-start at 2122-08-07T08:12:42Z. Reason: RulesEngine.' 9284:20230712:142744.541 buffer: new element 47 9284:20230712:142744.541 End of process_value():SUCCEED 9284:20230712:142744.542 In zbx_parse_eventlog_message6() EventRecordID:25326 9284:20230712:142744.542 In expand_message6() 9284:20230712:142744.544 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142744.544 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.545 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25326 value:'Offline downlevel migration succeeded.' 9284:20230712:142744.545 buffer: new element 48 9284:20230712:142744.546 End of process_value():SUCCEED 9284:20230712:142744.546 In zbx_parse_eventlog_message6() EventRecordID:25327 9284:20230712:142744.547 In expand_message6() 9284:20230712:142744.548 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142744.549 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.549 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25327 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142744.550 buffer: new element 49 9284:20230712:142744.550 In send_buffer() host:'192.168.56.201' port:10051 entries:50/100 9284:20230712:142744.551 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:60, connection timeout:3] 9284:20230712:142744.552 JSON before sending [{"request":"agent data","session":"4027be861358abcc6136983f1f36335c","data":[{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-07T06:06:21Z. Reason: RulesEngine.","lastlogsize":25278,"timestamp":1661925981,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":301,"clock":1689161263,"ns":930362900},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has stopped.\r\n","lastlogsize":25279,"timestamp":1661925981,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":903,"id":302,"clock":1689161263,"ns":935277400},{"host":"Windows host","key":"eventlog[Application]","value":"Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...","lastlogsize":25280,"timestamp":1661925983,"source":"DbxSvc","severity":1,"eventid":320,"id":303,"clock":1689161263,"ns":939819300},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped.","lastlogsize":25281,"timestamp":1661926041,"source":"edgeupdate","severity":1,"id":304,"clock":1689161263,"ns":944543200},{"host":"Windows host","key":"eventlog[Application]","value":"The file is signed and the signature was verified: C:\\Program Files (x86)\\Dropbox\\Client_156.4.4908\\Dropbox.exe","lastlogsize":25282,"timestamp":1661926052,"source":"DbxSvc","severity":1,"eventid":284,"id":305,"clock":1689161263,"ns":948960000},{"host":"Windows host","key":"eventlog[Application]","value":"CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property. ","lastlogsize":25283,"timestamp":1661926052,"source":"DbxSvc","severity":4,"eventid":281,"id":306,"clock":1689161263,"ns":953530700},{"host":"Windows host","key":"eventlog[Application]","value":"Accepting connection from client: C:\\Program Files (x86)\\Dropbox\\Client_156.4.4908\\Dropbox.exe","lastlogsize":25284,"timestamp":1661926052,"source":"DbxSvc","severity":1,"eventid":294,"id":307,"clock":1689161263,"ns":958185900},{"host":"Windows host","key":"eventlog[Application]","value":"Filter Unload failed with: (-2145452013) The system could not find the filter specified. ","lastlogsize":25285,"timestamp":1661926052,"source":"DbxSvc","severity":1,"eventid":270,"id":308,"clock":1689161263,"ns":962748300},{"host":"Windows host","key":"eventlog[Application]","value":"The file is signed and the signature was verified: C:\\Program Files (x86)\\Dropbox\\Client_156.4.4908\\Dropbox.exe","lastlogsize":25286,"timestamp":1661926052,"source":"DbxSvc","severity":1,"eventid":284,"id":309,"clock":1689161263,"ns":967150800},{"host":"Windows host","key":"eventlog[Application]","value":"CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property. ","lastlogsize":25287,"timestamp":1661926052,"source":"DbxSvc","severity":4,"eventid":281,"id":310,"clock":1689161263,"ns":971548400},{"host":"Windows host","key":"eventlog[Application]","value":"Accepting connection from client: C:\\Program Files (x86)\\Dropbox\\Client_156.4.4908\\Dropbox.exe","lastlogsize":25288,"timestamp":1661926052,"source":"DbxSvc","severity":1,"eventid":294,"id":311,"clock":1689161263,"ns":976108400},{"host":"Windows host","key":"eventlog[Application]","value":"Pipe server thread stopped.","lastlogsize":25289,"timestamp":1661926052,"source":"DbxSvc","severity":1,"eventid":259,"id":312,"clock":1689161263,"ns":980632800},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped.","lastlogsize":25290,"timestamp":1661926052,"source":"DbxSvc","severity":1,"eventid":257,"id":313,"clock":1689161263,"ns":985218800},{"host":"Windows host","key":"eventlog[Application]","value":"Service started (1.0.24.0).","lastlogsize":25291,"timestamp":1661926052,"source":"DbxSvc","severity":1,"eventid":336,"id":314,"clock":1689161263,"ns":989687100},{"host":"Windows host","key":"eventlog[Application]","value":"Pipe server thread started.","lastlogsize":25292,"timestamp":1661926052,"source":"DbxSvc","severity":1,"eventid":258,"id":315,"clock":1689161263,"ns":994092700},{"host":"Windows host","key":"eventlog[Application]","value":"Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...","lastlogsize":25293,"timestamp":1661926052,"source":"DbxSvc","severity":1,"eventid":320,"id":316,"clock":1689161263,"ns":998491400},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25294,"timestamp":1661926067,"source":"dbupdate","severity":1,"id":317,"clock":1689161264,"ns":192259100},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdatem' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25295,"timestamp":1661926067,"source":"dbupdatem","severity":1,"id":318,"clock":1689161264,"ns":386800300},{"host":"Windows host","key":"eventlog[Application]","value":"Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...","lastlogsize":25296,"timestamp":1661926082,"source":"DbxSvc","severity":1,"eventid":320,"id":319,"clock":1689161264,"ns":391858900},{"host":"Windows host","key":"eventlog[Application]","value":"Finish Device Check","lastlogsize":25297,"timestamp":1661926139,"source":"HP Comm Recovery","severity":1,"eventid":1,"id":320,"clock":1689161264,"ns":397033200},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25298,"timestamp":1661926281,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":321,"clock":1689161264,"ns":402279100},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=55c92734-d682-4d71-983e-d6ec3f16059f\r\nLicensing Status=\n1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]\n38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25299,"timestamp":1661926282,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":322,"clock":1689161264,"ns":407986100},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.","lastlogsize":25300,"timestamp":1661926282,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":323,"clock":1689161264,"ns":414338400},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.","lastlogsize":25301,"timestamp":1661926282,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":324,"clock":1689161264,"ns":419734400},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.","lastlogsize":25302,"timestamp":1661926282,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":325,"clock":1689161264,"ns":424931000},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.","lastlogsize":25303,"timestamp":1661926282,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":326,"clock":1689161264,"ns":430088300},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.","lastlogsize":25304,"timestamp":1661926282,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":327,"clock":1689161264,"ns":435364400},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-07T06:12:03Z. Reason: RulesEngine.","lastlogsize":25305,"timestamp":1661926323,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":328,"clock":1689161264,"ns":440877600},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25306,"timestamp":1661926330,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":329,"clock":1689161264,"ns":446133600},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-07T06:12:40Z. Reason: RulesEngine.","lastlogsize":25307,"timestamp":1661926360,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":330,"clock":1689161264,"ns":451475900},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25308,"timestamp":1661926407,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":331,"clock":1689161264,"ns":456619900},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25309,"timestamp":1661926408,"source":"SecurityCenter","severity":1,"eventid":15,"id":332,"clock":1689161264,"ns":461890800},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-07T06:13:59Z. Reason: RulesEngine.","lastlogsize":25310,"timestamp":1661926439,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":333,"clock":1689161264,"ns":467055800},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25311,"timestamp":1661926465,"source":"SecurityCenter","severity":1,"eventid":15,"id":334,"clock":1689161264,"ns":472215200},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25312,"timestamp":1661932760,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":335,"clock":1689161264,"ns":477264700},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (4256,P,98) DS_Token_DB: The database engine (10.00.19044.0000) is starting a new instance (0).","lastlogsize":25313,"timestamp":1661932760,"source":"ESENT","severity":1,"eventid":102,"id":336,"clock":1689161264,"ns":482255700},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (4256,R,98) DS_Token_DB: The database engine is initiating recovery steps.","lastlogsize":25314,"timestamp":1661932761,"source":"ESENT","severity":1,"eventid":300,"id":337,"clock":1689161264,"ns":486936300},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (4256,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\\WINDOWS\\system32\\config\\systemprofile\\AppData\\Local\\DataSharing\\Storage\\DSS.log. \r\n \r\nProcessing Stats: \n[1] 0.020062 -0.005235 (7) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:16224/11) +M(C:0K, Fs:70, WS:204K # 156K, PF:148K # 84K, P:148K). \r\nLog record of type 'AttachDB ' was seen most frequently (1 times)","lastlogsize":25315,"timestamp":1661932761,"source":"ESENT","severity":1,"eventid":301,"id":338,"clock":1689161264,"ns":491796000},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (4256,U,98) DS_Token_DB: The database engine has successfully completed recovery steps.","lastlogsize":25316,"timestamp":1661932761,"source":"ESENT","severity":1,"eventid":302,"id":339,"clock":1689161264,"ns":496752900},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (4256,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) \r\n \r\nAdditional Data:\r\n lgposV2[] = 0000001F:0001:0000 - 0000001F:0004:0039 - 0000001F:0005:0000 - 0000001F:0005:0000 (00000000:0000:0000)\ncReInits = 1\n \r\n \r\nInternal Timing Sequence: \n[1] 0.001024 +J(0) +M(C:0K, Fs:148, WS:568K # 568K, PF:2772K # 2772K, P:2772K)\n[2] 0.000447 +J(0) +M(C:8K, Fs:230, WS:912K # 912K, PF:1208K # 1208K, P:1208K)\n[3] 0.000024 +J(0) +M(C:0K, Fs:6, WS:20K # 20K, PF:68K # 68K, P:68K)\n[4] 0.000164 +J(0) +M(C:0K, Fs:41, WS:164K # 164K, PF:164K # 164K, P:164K)\n[5] 0.002502 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K)\n[6] 0.006773 +J(0) +M(C:0K, Fs:26, WS:104K # 104K, PF:12K # 12K, P:12K)\n[7] 0.004808 -0.000306 (2) WT +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:64K # 64K, P:64K)\n[8] 0.034227 -0.005904 (11) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:16224/11) +M(C:0K, Fs:130, WS:368K # 372K, PF:244K # 248K, P:244K)\n[9] 0.000802 +J(0) +M(C:0K, Fs:7, WS:28K # 24K, PF:0K # 0K, P:0K)\n[10] 0.000928 -0.000209 (1) WT +J(0) +M(C:0K, Fs:14, WS:-4K # 12K, PF:8K # 48K, P:8K)\n[11] 0.000022 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[12] 0.009316 -0.000507 (1) WT +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[13] 0.050774 -0.000314 (2) CM -0.005729 (23) WT +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:52, WS:88K # 144K, PF:160K # 184K, P:160K)\n[14] 0.000023 +J(0)\n[15] 0.000011 +J(0)\n[16] 0.000841 -0.000069 (1) WT +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).","lastlogsize":25317,"timestamp":1661932761,"source":"ESENT","severity":1,"eventid":105,"id":340,"clock":1689161264,"ns":501827200},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (4256,D,50) DS_Token_DB: The database engine attached a database (1, C:\\WINDOWS\\system32\\config\\systemprofile\\AppData\\Local\\DataSharing\\Storage\\DSTokenDB2.dat). (Time=0 seconds) \r\n \r\nSaved Cache: 1 0 \r\nAdditional Data: lgposAttach = 0000001F:0007:0268,\ndbv = 1568.110.240 \r\n \r\nInternal Timing Sequence: \n[1] 0.000005 +J(0)\n[2] 0.001433 -0.000616 (1) WT +J(0) +M(C:0K, Fs:17, WS:4K # 8K, PF:4K # 0K, P:4K)\n[3] 0.017535 -0.001123 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:11, WS:40K # 0K, PF:36K # 0K, P:36K)\n[4] 0.001794 +J(0)\n[5] -\n[6] -\n[7] -\n[8] 0.000517 -0.000345 (2) CM -0.000256 (2) WT +J(CM:2, PgRf:2, Rd:4/2, Dy:0/0, Lg:54/1) +M(C:8K, Fs:5, WS:20K # 0K, PF:28K # 0K, P:28K)\n[9] 0.001121 -0.000692 (3) CM -0.000571 (3) WT +J(CM:3, PgRf:23, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:27, WS:100K # 96K, PF:196K # 204K, P:196K)\n[10] 0.000430 -0.000314 (2) CM -0.000236 (2) WT +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:64K # 56K, P:64K)\n[11] 0.000022 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K)\n[12] 0.000053 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K)\n[13] 0.0 +J(0)\n[14] 0.0 +J(0)\n[15] 0.000006 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).","lastlogsize":25318,"timestamp":1661932761,"source":"ESENT","severity":1,"eventid":326,"id":341,"clock":1689161264,"ns":507073400},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 1 - ‎2022‎-‎08‎-‎31T08:00:04.566413100Z.","lastlogsize":25319,"timestamp":1661932804,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":342,"clock":1689161264,"ns":512776400},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-07T08:00:31Z. Reason: RulesEngine.","lastlogsize":25320,"timestamp":1661932831,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":343,"clock":1689161264,"ns":517800600},{"host":"Windows host","key":"eventlog[Application]","value":"Ending session 1 started ‎2022‎-‎08‎-‎31T08:00:04.566413100Z.","lastlogsize":25321,"timestamp":1661932922,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10001,"id":344,"clock":1689161264,"ns":522662600},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25322,"timestamp":1661933302,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":345,"clock":1689161264,"ns":527275400},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-07T08:08:52Z. Reason: RulesEngine.","lastlogsize":25323,"timestamp":1661933332,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":346,"clock":1689161264,"ns":531867000},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25324,"timestamp":1661933532,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":347,"clock":1689161264,"ns":536546700},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-07T08:12:42Z. Reason: RulesEngine.","lastlogsize":25325,"timestamp":1661933563,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":348,"clock":1689161264,"ns":541116400},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25326,"timestamp":1661937206,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":349,"clock":1689161264,"ns":545857700},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25327,"timestamp":1661937224,"source":"SecurityCenter","severity":1,"eventid":15,"id":350,"clock":1689161264,"ns":550474900}],"clock":1689161264,"ns":552100700}] 9284:20230712:142744.556 JSON back [{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002003"}] 9284:20230712:142744.557 In check_response() response:'{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002003"}' 9284:20230712:142744.557 info from server: 'processed: 50; failed: 0; total: 50; seconds spent: 0.002003' 9284:20230712:142744.558 End of check_response():SUCCEED 9284:20230712:142744.558 OK 9284:20230712:142744.559 End of send_buffer():SUCCEED 9284:20230712:142744.560 End of process_value():SUCCEED 9284:20230712:142744.560 In zbx_parse_eventlog_message6() EventRecordID:25328 9284:20230712:142744.561 In expand_message6() 9284:20230712:142744.563 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-07T09:14:06Z. Reason: RulesEngine. 9284:20230712:142744.563 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.564 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25328 value:'Successfully scheduled Software Protection service for re-start at 2122-08-07T09:14:06Z. Reason: RulesEngine.' 9284:20230712:142744.564 buffer: new element 0 9284:20230712:142744.565 End of process_value():SUCCEED 9284:20230712:142744.565 In zbx_parse_eventlog_message6() EventRecordID:25329 9284:20230712:142744.566 In expand_message6() 9284:20230712:142744.567 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142744.568 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.569 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25329 value:'Offline downlevel migration succeeded.' 9284:20230712:142744.569 buffer: new element 1 9284:20230712:142744.570 End of process_value():SUCCEED 9284:20230712:142744.571 In zbx_parse_eventlog_message6() EventRecordID:25330 9284:20230712:142744.571 In expand_message6() 9284:20230712:142744.573 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-07T09:41:44Z. Reason: RulesEngine. 9284:20230712:142744.574 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.574 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25330 value:'Successfully scheduled Software Protection service for re-start at 2122-08-07T09:41:44Z. Reason: RulesEngine.' 9284:20230712:142744.575 buffer: new element 2 9284:20230712:142744.575 End of process_value():SUCCEED 9284:20230712:142744.576 In zbx_parse_eventlog_message6() EventRecordID:25331 9284:20230712:142744.576 In expand_message6() 9284:20230712:142744.578 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142744.578 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.579 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25331 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142744.579 buffer: new element 3 9284:20230712:142744.580 End of process_value():SUCCEED 9284:20230712:142744.581 In zbx_parse_eventlog_message6() EventRecordID:25332 9284:20230712:142744.581 In expand_message6() 9284:20230712:142744.582 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142744.582 ====== Fatal information: ====== 9284:20230712:142744.583 Program counter: 0x67e2cf19 9284:20230712:142744.583 === Registers: === 9284:20230712:142744.584 r8 = 18 = 24 = 24 9284:20230712:142744.585 r9 = 0 = 0 = 0 9284:20230712:142744.585 r10 = 0 = 0 = 0 9284:20230712:142744.586 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142744.586 r12 = 3862630 = 59123248 = 59123248 9284:20230712:142744.587 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142744.587 r14 = 0 = 0 = 0 9284:20230712:142744.588 r15 = 0 = 0 = 0 9284:20230712:142744.589 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142744.589 rsi = 385ee10 = 59108880 = 59108880 9284:20230712:142744.590 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142744.590 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142744.591 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142744.591 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142744.592 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142744.592 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142744.593 efl = 202 = 514 = 514 9284:20230712:142744.594 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142744.594 === Backtrace: === 9284:20230712:142744.756 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142744.756 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142744.757 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142744.758 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142744.759 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142744.761 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142744.762 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142744.763 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142744.764 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142744.765 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142744.766 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142744.766 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142744.767 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142744.768 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142744.773 ================================ 9284:20230712:142744.774 provider 'gupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142744.775 End of expand_message6():(null) 9284:20230712:142744.775 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.776 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25332 value:'The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142744.777 buffer: new element 4 9284:20230712:142744.777 End of process_value():SUCCEED 9284:20230712:142744.778 In zbx_parse_eventlog_message6() EventRecordID:25333 9284:20230712:142744.778 In expand_message6() 9284:20230712:142744.779 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142744.780 ====== Fatal information: ====== 9284:20230712:142744.781 Program counter: 0x67e2cf19 9284:20230712:142744.781 === Registers: === 9284:20230712:142744.782 r8 = 18 = 24 = 24 9284:20230712:142744.782 r9 = 0 = 0 = 0 9284:20230712:142744.783 r10 = 0 = 0 = 0 9284:20230712:142744.784 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142744.784 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142744.785 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142744.785 r14 = 0 = 0 = 0 9284:20230712:142744.786 r15 = 0 = 0 = 0 9284:20230712:142744.787 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142744.787 rsi = 385f950 = 59111760 = 59111760 9284:20230712:142744.788 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142744.789 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142744.789 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142744.790 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142744.791 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142744.791 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142744.792 efl = 202 = 514 = 514 9284:20230712:142744.793 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142744.793 === Backtrace: === 9284:20230712:142744.952 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142744.953 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142744.953 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142744.954 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142744.955 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142744.957 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142744.958 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142744.959 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142744.960 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142744.961 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142744.961 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142744.962 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142744.963 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142744.964 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142744.969 ================================ 9284:20230712:142744.970 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142744.971 End of expand_message6():(null) 9284:20230712:142744.971 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142744.972 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25333 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started' 9284:20230712:142744.973 buffer: new element 5 9284:20230712:142744.973 End of process_value():SUCCEED 9284:20230712:142744.974 In zbx_parse_eventlog_message6() EventRecordID:25334 9284:20230712:142744.975 In expand_message6() 9284:20230712:142744.976 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142744.976 ====== Fatal information: ====== 9284:20230712:142744.977 Program counter: 0x67e2cf19 9284:20230712:142744.977 === Registers: === 9284:20230712:142744.978 r8 = 18 = 24 = 24 9284:20230712:142744.979 r9 = 0 = 0 = 0 9284:20230712:142744.979 r10 = 0 = 0 = 0 9284:20230712:142744.980 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142744.981 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142744.981 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142744.982 r14 = 0 = 0 = 0 9284:20230712:142744.983 r15 = 0 = 0 = 0 9284:20230712:142744.984 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142744.984 rsi = 385e190 = 59105680 = 59105680 9284:20230712:142744.985 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142744.985 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142744.986 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142744.987 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142744.987 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142744.988 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142744.989 efl = 202 = 514 = 514 9284:20230712:142744.989 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142744.990 === Backtrace: === 9284:20230712:142745.149 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142745.150 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142745.151 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142745.151 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142745.152 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142745.154 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142745.155 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142745.156 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142745.157 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142745.158 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142745.158 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142745.159 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142745.160 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142745.160 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142745.165 ================================ 9284:20230712:142745.166 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142745.166 End of expand_message6():(null) 9284:20230712:142745.167 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.167 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25334 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142745.168 buffer: new element 6 9284:20230712:142745.168 End of process_value():SUCCEED 9284:20230712:142745.169 In zbx_parse_eventlog_message6() EventRecordID:25335 9284:20230712:142745.169 In expand_message6() 9284:20230712:142745.171 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142745.172 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.172 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25335 value:'Offline downlevel migration succeeded.' 9284:20230712:142745.173 buffer: new element 7 9284:20230712:142745.181 End of process_value():SUCCEED 9284:20230712:142745.182 In zbx_parse_eventlog_message6() EventRecordID:25336 9284:20230712:142745.182 In expand_message6() 9284:20230712:142745.184 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142745.185 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.185 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25336 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142745.186 buffer: new element 8 9284:20230712:142745.187 End of process_value():SUCCEED 9284:20230712:142745.187 In zbx_parse_eventlog_message6() EventRecordID:25337 9284:20230712:142745.188 In expand_message6() 9284:20230712:142745.190 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 9284:20230712:142745.190 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.191 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25337 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] ' 9284:20230712:142745.191 buffer: new element 9 9284:20230712:142745.192 End of process_value():SUCCEED 9284:20230712:142745.193 In zbx_parse_eventlog_message6() EventRecordID:25338 9284:20230712:142745.193 In expand_message6() 9284:20230712:142745.195 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-07T11:23:22Z. Reason: RulesEngine. 9284:20230712:142745.196 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.196 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25338 value:'Successfully scheduled Software Protection service for re-start at 2122-08-07T11:23:22Z. Reason: RulesEngine.' 9284:20230712:142745.197 buffer: new element 10 9284:20230712:142745.198 End of process_value():SUCCEED 9284:20230712:142745.198 In zbx_parse_eventlog_message6() EventRecordID:25339 9284:20230712:142745.199 In expand_message6() 9284:20230712:142745.201 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142745.201 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.202 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25339 value:'Offline downlevel migration succeeded.' 9284:20230712:142745.202 buffer: new element 11 9284:20230712:142745.203 End of process_value():SUCCEED 9284:20230712:142745.204 In zbx_parse_eventlog_message6() EventRecordID:25340 9284:20230712:142745.204 In expand_message6() 9284:20230712:142745.206 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142745.207 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.207 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25340 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142745.208 buffer: new element 12 9284:20230712:142745.209 End of process_value():SUCCEED 9284:20230712:142745.209 In zbx_parse_eventlog_message6() EventRecordID:25341 9284:20230712:142745.210 In expand_message6() 9284:20230712:142745.212 End of expand_message6():The Open procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available. 9284:20230712:142745.213 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.213 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25341 value:'The Open procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available.' 9284:20230712:142745.214 buffer: new element 13 9284:20230712:142745.215 End of process_value():SUCCEED 9284:20230712:142745.215 In zbx_parse_eventlog_message6() EventRecordID:25342 9284:20230712:142745.216 In expand_message6() 9284:20230712:142745.217 End of expand_message6():The Open procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available. 9284:20230712:142745.218 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.219 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25342 value:'The Open procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available.' 9284:20230712:142745.219 buffer: new element 14 9284:20230712:142745.220 End of process_value():SUCCEED 9284:20230712:142745.220 In zbx_parse_eventlog_message6() EventRecordID:25343 9284:20230712:142745.221 In expand_message6() 9284:20230712:142745.223 End of expand_message6():The Open procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available. 9284:20230712:142745.223 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.224 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25343 value:'The Open procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available.' 9284:20230712:142745.224 buffer: new element 15 9284:20230712:142745.225 End of process_value():SUCCEED 9284:20230712:142745.226 In zbx_parse_eventlog_message6() EventRecordID:25344 9284:20230712:142745.226 In expand_message6() 9284:20230712:142745.228 End of expand_message6():The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted. 9284:20230712:142745.228 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.229 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25344 value:'The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.' 9284:20230712:142745.230 buffer: new element 16 9284:20230712:142745.230 End of process_value():SUCCEED 9284:20230712:142745.231 In zbx_parse_eventlog_message6() EventRecordID:25345 9284:20230712:142745.232 In expand_message6() 9284:20230712:142745.234 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-07T12:14:09Z. Reason: RulesEngine. 9284:20230712:142745.234 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.235 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25345 value:'Successfully scheduled Software Protection service for re-start at 2122-08-07T12:14:09Z. Reason: RulesEngine.' 9284:20230712:142745.236 buffer: new element 17 9284:20230712:142745.236 End of process_value():SUCCEED 9284:20230712:142745.237 In zbx_parse_eventlog_message6() EventRecordID:25346 9284:20230712:142745.237 In expand_message6() 9284:20230712:142745.239 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142745.240 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.240 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25346 value:'Offline downlevel migration succeeded.' 9284:20230712:142745.241 buffer: new element 18 9284:20230712:142745.241 End of process_value():SUCCEED 9284:20230712:142745.242 In zbx_parse_eventlog_message6() EventRecordID:25347 9284:20230712:142745.243 In expand_message6() 9284:20230712:142745.244 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-07T12:36:33Z. Reason: RulesEngine. 9284:20230712:142745.245 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.245 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25347 value:'Successfully scheduled Software Protection service for re-start at 2122-08-07T12:36:33Z. Reason: RulesEngine.' 9284:20230712:142745.246 buffer: new element 19 9284:20230712:142745.247 End of process_value():SUCCEED 9284:20230712:142745.247 In zbx_parse_eventlog_message6() EventRecordID:25348 9284:20230712:142745.248 In expand_message6() 9284:20230712:142745.249 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142745.250 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.251 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25348 value:'Offline downlevel migration succeeded.' 9284:20230712:142745.251 buffer: new element 20 9284:20230712:142745.252 End of process_value():SUCCEED 9284:20230712:142745.252 In zbx_parse_eventlog_message6() EventRecordID:25349 9284:20230712:142745.253 In expand_message6() 9284:20230712:142745.255 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-07T13:16:26Z. Reason: RulesEngine. 9284:20230712:142745.255 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.256 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25349 value:'Successfully scheduled Software Protection service for re-start at 2122-08-07T13:16:26Z. Reason: RulesEngine.' 9284:20230712:142745.256 buffer: new element 21 9284:20230712:142745.257 End of process_value():SUCCEED 9284:20230712:142745.257 In zbx_parse_eventlog_message6() EventRecordID:25350 9284:20230712:142745.258 In expand_message6() 9284:20230712:142745.259 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142745.260 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.260 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25350 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142745.261 buffer: new element 22 9284:20230712:142745.261 End of process_value():SUCCEED 9284:20230712:142745.262 In zbx_parse_eventlog_message6() EventRecordID:25351 9284:20230712:142745.262 In expand_message6() 9284:20230712:142745.264 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142745.264 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.265 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25351 value:'Offline downlevel migration succeeded.' 9284:20230712:142745.265 buffer: new element 23 2184:20230712:142745.266 In collect_perfstat() 9284:20230712:142745.266 End of process_value():SUCCEED 9284:20230712:142745.267 In zbx_parse_eventlog_message6() EventRecordID:25352 9284:20230712:142745.267 In expand_message6() 2184:20230712:142745.268 End of collect_perfstat() 9284:20230712:142745.269 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-07T14:31:26Z. Reason: RulesEngine. 9284:20230712:142745.270 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.270 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25352 value:'Successfully scheduled Software Protection service for re-start at 2122-08-07T14:31:26Z. Reason: RulesEngine.' 9284:20230712:142745.271 buffer: new element 24 9284:20230712:142745.271 End of process_value():SUCCEED 9284:20230712:142745.272 In zbx_parse_eventlog_message6() EventRecordID:25353 9284:20230712:142745.272 In expand_message6() 9284:20230712:142745.273 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142745.274 ====== Fatal information: ====== 9284:20230712:142745.274 Program counter: 0x67e2cf19 9284:20230712:142745.275 === Registers: === 9284:20230712:142745.275 r8 = 18 = 24 = 24 9284:20230712:142745.275 r9 = 0 = 0 = 0 9284:20230712:142745.276 r10 = 0 = 0 = 0 9284:20230712:142745.276 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142745.277 r12 = 384e410 = 59040784 = 59040784 9284:20230712:142745.278 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142745.278 r14 = 0 = 0 = 0 9284:20230712:142745.279 r15 = 0 = 0 = 0 9284:20230712:142745.279 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142745.279 rsi = 385e690 = 59106960 = 59106960 9284:20230712:142745.280 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142745.280 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142745.281 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142745.281 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142745.282 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142745.282 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142745.283 efl = 202 = 514 = 514 9284:20230712:142745.283 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142745.284 === Backtrace: === 9284:20230712:142745.442 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142745.443 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142745.444 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142745.444 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142745.445 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142745.447 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142745.448 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142745.448 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142745.449 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142745.450 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142745.451 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142745.452 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142745.452 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142745.453 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142745.458 ================================ 9284:20230712:142745.459 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142745.459 End of expand_message6():(null) 9284:20230712:142745.460 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.461 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25353 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test ' 9284:20230712:142745.461 buffer: new element 25 9284:20230712:142745.462 End of process_value():SUCCEED 9284:20230712:142745.462 In zbx_parse_eventlog_message6() EventRecordID:25354 9284:20230712:142745.463 In expand_message6() 9284:20230712:142745.463 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142745.464 ====== Fatal information: ====== 9284:20230712:142745.464 Program counter: 0x67e2cf19 9284:20230712:142745.465 === Registers: === 9284:20230712:142745.465 r8 = 18 = 24 = 24 9284:20230712:142745.466 r9 = 0 = 0 = 0 9284:20230712:142745.467 r10 = 0 = 0 = 0 9284:20230712:142745.467 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142745.468 r12 = 384f050 = 59043920 = 59043920 9284:20230712:142745.468 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142745.469 r14 = 0 = 0 = 0 9284:20230712:142745.469 r15 = 0 = 0 = 0 9284:20230712:142745.470 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142745.470 rsi = 385e5f0 = 59106800 = 59106800 9284:20230712:142745.471 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142745.471 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142745.472 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142745.472 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142745.473 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142745.473 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142745.474 efl = 202 = 514 = 514 9284:20230712:142745.475 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142745.475 === Backtrace: === 17028:20230712:142745.573 Requested [system.sw.os.get] 17028:20230712:142745.573 [MPLOG] in system_sw_os_get() 17028:20230712:142745.574 [MPLOG] end system_sw_os_get() 17028:20230712:142745.575 Sending back [{"os_type":"windows","product_name":"Windows 10 Pro","architecture":"x86_64","build_number":"19045","build_revision":"3086","build":"19045.3086","edition":"Professional","composition":"Enterprise","display_version":"22H2","version":"6.3","version_pretty":"Windows 10 Pro Build 19045.3086","version_full":"Windows 10 Pro 19041.1.amd64fre.vb_release.191206-1406 Build 19045.3086"}] 9284:20230712:142745.638 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142745.638 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142745.639 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142745.639 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142745.640 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142745.642 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142745.643 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142745.644 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142745.645 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142745.645 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142745.646 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142745.647 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142745.647 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142745.648 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142745.653 ================================ 9284:20230712:142745.653 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142745.654 End of expand_message6():(null) 9284:20230712:142745.654 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.655 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25354 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 ' 9284:20230712:142745.655 buffer: new element 26 9284:20230712:142745.656 End of process_value():SUCCEED 9284:20230712:142745.656 In zbx_parse_eventlog_message6() EventRecordID:25355 9284:20230712:142745.657 In expand_message6() 9284:20230712:142745.658 End of expand_message6():The winlogon notification subscriber was unavailable to handle a notification event. 9284:20230712:142745.658 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.659 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25355 value:'The winlogon notification subscriber was unavailable to handle a notification event.' 9284:20230712:142745.659 buffer: new element 27 9284:20230712:142745.660 End of process_value():SUCCEED 9284:20230712:142745.660 In zbx_parse_eventlog_message6() EventRecordID:25356 9284:20230712:142745.661 In expand_message6() 9284:20230712:142745.662 End of expand_message6():The winlogon notification subscriber was unavailable to handle a notification event. 9284:20230712:142745.663 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.663 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25356 value:'The winlogon notification subscriber was unavailable to handle a notification event.' 9284:20230712:142745.664 buffer: new element 28 9284:20230712:142745.664 End of process_value():SUCCEED 9284:20230712:142745.665 In zbx_parse_eventlog_message6() EventRecordID:25357 9284:20230712:142745.665 In expand_message6() 9284:20230712:142745.666 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142745.666 ====== Fatal information: ====== 9284:20230712:142745.667 Program counter: 0x67e2cf19 9284:20230712:142745.667 === Registers: === 9284:20230712:142745.668 r8 = 18 = 24 = 24 9284:20230712:142745.668 r9 = 0 = 0 = 0 9284:20230712:142745.669 r10 = 0 = 0 = 0 9284:20230712:142745.669 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142745.669 r12 = 384e6b0 = 59041456 = 59041456 9284:20230712:142745.670 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142745.670 r14 = 0 = 0 = 0 9284:20230712:142745.671 r15 = 0 = 0 = 0 9284:20230712:142745.671 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142745.672 rsi = 385f770 = 59111280 = 59111280 9284:20230712:142745.672 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142745.673 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142745.674 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142745.674 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142745.675 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142745.675 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142745.676 efl = 202 = 514 = 514 9284:20230712:142745.676 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142745.677 === Backtrace: === 9284:20230712:142745.837 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142745.837 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142745.838 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142745.839 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142745.840 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142745.842 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142745.843 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142745.844 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142745.844 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142745.845 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142745.846 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142745.847 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142745.848 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142745.849 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142745.855 ================================ 9284:20230712:142745.855 provider 'BrService_4_3_4_610' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142745.856 End of expand_message6():(null) 9284:20230712:142745.857 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.857 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25357 value:'The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142745.858 buffer: new element 29 9284:20230712:142745.859 End of process_value():SUCCEED 9284:20230712:142745.859 In zbx_parse_eventlog_message6() EventRecordID:25358 9284:20230712:142745.860 In expand_message6() 9284:20230712:142745.862 End of expand_message6():Service has been successfully shut down. 9284:20230712:142745.862 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.863 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25358 value:'Service has been successfully shut down.' 9284:20230712:142745.864 buffer: new element 30 9284:20230712:142745.864 End of process_value():SUCCEED 9284:20230712:142745.865 In zbx_parse_eventlog_message6() EventRecordID:25359 9284:20230712:142745.866 In expand_message6() 9284:20230712:142745.867 End of expand_message6():Service has been successfully shut down. 9284:20230712:142745.868 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.868 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25359 value:'Service has been successfully shut down.' 9284:20230712:142745.869 buffer: new element 31 9284:20230712:142745.869 End of process_value():SUCCEED 9284:20230712:142745.870 In zbx_parse_eventlog_message6() EventRecordID:25360 9284:20230712:142745.871 In expand_message6() 9284:20230712:142745.872 End of expand_message6():Service has been successfully shut down. 9284:20230712:142745.873 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.873 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25360 value:'Service has been successfully shut down.' 9284:20230712:142745.874 buffer: new element 32 9284:20230712:142745.875 End of process_value():SUCCEED 9284:20230712:142745.875 In zbx_parse_eventlog_message6() EventRecordID:25361 9284:20230712:142745.876 In expand_message6() 9284:20230712:142745.877 End of expand_message6():Service stopped (0) 9284:20230712:142745.878 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.878 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25361 value:'Service stopped (0) ' 9284:20230712:142745.879 buffer: new element 33 9284:20230712:142745.880 End of process_value():SUCCEED 9284:20230712:142745.880 In zbx_parse_eventlog_message6() EventRecordID:25362 9284:20230712:142745.881 In expand_message6() 9284:20230712:142745.882 End of expand_message6():The Windows Security Center Service has stopped. 9284:20230712:142745.883 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.884 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25362 value:'The Windows Security Center Service has stopped.' 9284:20230712:142745.884 buffer: new element 34 9284:20230712:142745.885 End of process_value():SUCCEED 9284:20230712:142745.886 In zbx_parse_eventlog_message6() EventRecordID:25363 9284:20230712:142745.886 In expand_message6() 9284:20230712:142745.888 End of expand_message6():The User Profile Service has stopped. 9284:20230712:142745.889 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142745.889 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25363 value:'The User Profile Service has stopped. ' 9284:20230712:142745.890 buffer: new element 35 9284:20230712:142745.890 End of process_value():SUCCEED 9284:20230712:142745.891 In zbx_parse_eventlog_message6() EventRecordID:25364 9284:20230712:142745.891 In expand_message6() 9284:20230712:142745.892 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142745.893 ====== Fatal information: ====== 9284:20230712:142745.893 Program counter: 0x67e2cf19 9284:20230712:142745.894 === Registers: === 9284:20230712:142745.894 r8 = 18 = 24 = 24 9284:20230712:142745.895 r9 = 0 = 0 = 0 9284:20230712:142745.896 r10 = 0 = 0 = 0 9284:20230712:142745.896 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142745.897 r12 = 33f48f0 = 54479088 = 54479088 9284:20230712:142745.897 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142745.898 r14 = 0 = 0 = 0 9284:20230712:142745.899 r15 = 0 = 0 = 0 9284:20230712:142745.899 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142745.900 rsi = 385eff0 = 59109360 = 59109360 9284:20230712:142745.900 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142745.901 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142745.902 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142745.902 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142745.903 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142745.903 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142745.904 efl = 202 = 514 = 514 9284:20230712:142745.904 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142745.905 === Backtrace: === 9284:20230712:142746.065 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142746.066 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142746.066 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142746.067 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142746.068 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142746.070 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142746.071 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142746.072 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142746.073 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142746.073 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142746.074 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142746.075 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142746.076 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142746.076 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142746.078 ================================ 9284:20230712:142746.078 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142746.079 End of expand_message6():(null) 9284:20230712:142746.079 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142746.080 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25364 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed' 9284:20230712:142746.080 buffer: new element 36 9284:20230712:142746.081 End of process_value():SUCCEED 9284:20230712:142746.081 In zbx_parse_eventlog_message6() EventRecordID:25365 9284:20230712:142746.082 In expand_message6() 9284:20230712:142746.083 End of expand_message6():The User Profile Service has started successfully. 9284:20230712:142746.084 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142746.084 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25365 value:'The User Profile Service has started successfully. ' 9284:20230712:142746.085 buffer: new element 37 9284:20230712:142746.085 End of process_value():SUCCEED 9284:20230712:142746.086 In zbx_parse_eventlog_message6() EventRecordID:25366 9284:20230712:142746.086 In expand_message6() 9284:20230712:142746.088 End of expand_message6():Windows Management Instrumentation Service started sucessfully 9284:20230712:142746.088 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142746.089 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25366 value:'Windows Management Instrumentation Service started sucessfully' 9284:20230712:142746.089 buffer: new element 38 9284:20230712:142746.090 End of process_value():SUCCEED 9284:20230712:142746.090 In zbx_parse_eventlog_message6() EventRecordID:25367 9284:20230712:142746.091 In expand_message6() 9284:20230712:142746.092 End of expand_message6():Intel(R) Dynamic Application Loader Host Interface Service started. 9284:20230712:142746.092 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142746.093 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25367 value:'Intel(R) Dynamic Application Loader Host Interface Service started.' 9284:20230712:142746.093 buffer: new element 39 9284:20230712:142746.094 End of process_value():SUCCEED 9284:20230712:142746.094 In zbx_parse_eventlog_message6() EventRecordID:25368 9284:20230712:142746.094 In expand_message6() 9284:20230712:142746.096 End of expand_message6():Local Management Service started. 9284:20230712:142746.096 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142746.096 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25368 value:'Local Management Service started.' 9284:20230712:142746.097 buffer: new element 40 9284:20230712:142746.097 End of process_value():SUCCEED 9284:20230712:142746.098 In zbx_parse_eventlog_message6() EventRecordID:25369 9284:20230712:142746.098 In expand_message6() 9284:20230712:142746.099 End of expand_message6():Service started/resumed 9284:20230712:142746.100 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142746.100 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25369 value:'Service started/resumed' 9284:20230712:142746.101 buffer: new element 41 9284:20230712:142746.101 End of process_value():SUCCEED 9284:20230712:142746.102 In zbx_parse_eventlog_message6() EventRecordID:25370 9284:20230712:142746.102 In expand_message6() 9284:20230712:142746.104 End of expand_message6():Windows Management Instrumentation Service subsystems initialized successfully 9284:20230712:142746.104 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142746.105 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25370 value:'Windows Management Instrumentation Service subsystems initialized successfully' 9284:20230712:142746.105 buffer: new element 42 9284:20230712:142746.106 End of process_value():SUCCEED 9284:20230712:142746.106 In zbx_parse_eventlog_message6() EventRecordID:25371 9284:20230712:142746.107 In expand_message6() 9284:20230712:142746.108 End of expand_message6():Service started successfully. 9284:20230712:142746.108 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142746.109 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25371 value:'Service started successfully.' 9284:20230712:142746.109 buffer: new element 43 9284:20230712:142746.110 End of process_value():SUCCEED 9284:20230712:142746.110 In zbx_parse_eventlog_message6() EventRecordID:25372 9284:20230712:142746.111 In expand_message6() 9284:20230712:142746.112 End of expand_message6():Service started (1.0.24.0). 9284:20230712:142746.113 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142746.113 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25372 value:'Service started (1.0.24.0).' 9284:20230712:142746.114 buffer: new element 44 9284:20230712:142746.114 End of process_value():SUCCEED 9284:20230712:142746.114 In zbx_parse_eventlog_message6() EventRecordID:25373 9284:20230712:142746.115 In expand_message6() 9284:20230712:142746.116 End of expand_message6():Pipe server thread started. 9284:20230712:142746.117 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142746.117 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25373 value:'Pipe server thread started.' 9284:20230712:142746.118 buffer: new element 45 9284:20230712:142746.118 End of process_value():SUCCEED 9284:20230712:142746.119 In zbx_parse_eventlog_message6() EventRecordID:25374 9284:20230712:142746.119 In expand_message6() 9284:20230712:142746.120 End of expand_message6():Service initializing 9284:20230712:142746.121 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142746.121 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25374 value:'Service initializing' 9284:20230712:142746.122 buffer: new element 46 9284:20230712:142746.122 End of process_value():SUCCEED 9284:20230712:142746.123 In zbx_parse_eventlog_message6() EventRecordID:25375 9284:20230712:142746.123 In expand_message6() 9284:20230712:142746.124 End of expand_message6():Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying... 9284:20230712:142746.125 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142746.125 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25375 value:'Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...' 9284:20230712:142746.126 buffer: new element 47 9284:20230712:142746.126 End of process_value():SUCCEED 9284:20230712:142746.127 In zbx_parse_eventlog_message6() EventRecordID:25376 9284:20230712:142746.127 In expand_message6() 9284:20230712:142746.128 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142746.128 ====== Fatal information: ====== 9284:20230712:142746.129 Program counter: 0x67e2cf19 9284:20230712:142746.129 === Registers: === 9284:20230712:142746.130 r8 = 18 = 24 = 24 9284:20230712:142746.130 r9 = 0 = 0 = 0 9284:20230712:142746.131 r10 = 0 = 0 = 0 9284:20230712:142746.131 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142746.132 r12 = 6af650 = 7009872 = 7009872 9284:20230712:142746.132 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142746.133 r14 = 0 = 0 = 0 9284:20230712:142746.133 r15 = 0 = 0 = 0 9284:20230712:142746.133 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142746.134 rsi = 385e910 = 59107600 = 59107600 9284:20230712:142746.135 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142746.135 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142746.136 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142746.136 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142746.137 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142746.137 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142746.138 efl = 202 = 514 = 514 9284:20230712:142746.139 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142746.139 === Backtrace: === 2184:20230712:142746.270 In collect_perfstat() 2184:20230712:142746.272 End of collect_perfstat() 9284:20230712:142746.301 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142746.301 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142746.302 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142746.303 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142746.304 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142746.306 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142746.307 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142746.307 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142746.308 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142746.309 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142746.310 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142746.311 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142746.312 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142746.313 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142746.317 ================================ 9284:20230712:142746.318 provider 'AdobeARMservice' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142746.318 End of expand_message6():(null) 9284:20230712:142746.319 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142746.320 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25376 value:'The description for Event ID:0 in Source:'AdobeARMservice' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started' 9284:20230712:142746.320 buffer: new element 48 9284:20230712:142746.321 End of process_value():SUCCEED 9284:20230712:142746.322 In zbx_parse_eventlog_message6() EventRecordID:25377 9284:20230712:142746.322 In expand_message6() 9284:20230712:142746.323 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142746.323 ====== Fatal information: ====== 9284:20230712:142746.324 Program counter: 0x67e2cf19 9284:20230712:142746.325 === Registers: === 9284:20230712:142746.325 r8 = 18 = 24 = 24 9284:20230712:142746.326 r9 = 0 = 0 = 0 9284:20230712:142746.326 r10 = 0 = 0 = 0 9284:20230712:142746.327 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142746.328 r12 = 6787f0 = 6785008 = 6785008 9284:20230712:142746.328 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142746.329 r14 = 0 = 0 = 0 9284:20230712:142746.329 r15 = 0 = 0 = 0 9284:20230712:142746.330 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142746.330 rsi = 385ee10 = 59108880 = 59108880 9284:20230712:142746.331 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142746.332 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142746.332 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142746.333 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142746.333 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142746.334 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142746.334 efl = 202 = 514 = 514 9284:20230712:142746.335 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142746.336 === Backtrace: === 9284:20230712:142746.495 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142746.495 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142746.496 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142746.497 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142746.498 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142746.500 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142746.501 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142746.502 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142746.503 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142746.504 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142746.505 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142746.506 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142746.507 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142746.507 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142746.513 ================================ 9284:20230712:142746.514 provider 'LanWlanSwitchingService' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142746.514 End of expand_message6():(null) 9284:20230712:142746.515 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142746.516 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25377 value:'The description for Event ID:0 in Source:'LanWlanSwitchingService' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: LanWlanSwitchingService; LAN/WLAN | LAN/WWAN Switching Service in OnStart' 9284:20230712:142746.516 buffer: new element 49 9284:20230712:142746.517 In send_buffer() host:'192.168.56.201' port:10051 entries:50/100 9284:20230712:142746.518 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:60, connection timeout:3] 9284:20230712:142746.519 JSON before sending [{"request":"agent data","session":"4027be861358abcc6136983f1f36335c","data":[{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-07T09:14:06Z. Reason: RulesEngine.","lastlogsize":25328,"timestamp":1661937246,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":351,"clock":1689161264,"ns":564688600},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25329,"timestamp":1661938873,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":352,"clock":1689161264,"ns":569867300},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-07T09:41:44Z. Reason: RulesEngine.","lastlogsize":25330,"timestamp":1661938904,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":353,"clock":1689161264,"ns":575179200},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":25331,"timestamp":1661940279,"source":"Outlook","severity":1,"eventid":63,"id":354,"clock":1689161264,"ns":580021800},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25332,"timestamp":1661943927,"source":"gupdate","severity":1,"id":355,"clock":1689161264,"ns":777202000},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started","lastlogsize":25333,"timestamp":1661944194,"source":"dbupdate","severity":1,"id":356,"clock":1689161264,"ns":973362500},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25334,"timestamp":1661944195,"source":"dbupdate","severity":1,"id":357,"clock":1689161265,"ns":168583600},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25335,"timestamp":1661944972,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":358,"clock":1689161265,"ns":180709600},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25336,"timestamp":1661944972,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":359,"clock":1689161265,"ns":186769200},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n\n","lastlogsize":25337,"timestamp":1661944972,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":360,"clock":1689161265,"ns":192070500},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-07T11:23:22Z. Reason: RulesEngine.","lastlogsize":25338,"timestamp":1661945002,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":361,"clock":1689161265,"ns":197482200},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25339,"timestamp":1661948005,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":362,"clock":1689161265,"ns":202886300},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25340,"timestamp":1661948030,"source":"SecurityCenter","severity":1,"eventid":15,"id":363,"clock":1689161265,"ns":208718000},{"host":"Windows host","key":"eventlog[Application]","value":"The Open procedure for service \"ASP.NET\" in DLL \"C:\\Windows\\System32\\aspnet_counters.dll\" failed with error code The parameter is incorrect.. Performance data for this service will not be available.","lastlogsize":25341,"timestamp":1661948040,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":1008,"id":364,"clock":1689161265,"ns":214576000},{"host":"Windows host","key":"eventlog[Application]","value":"The Open procedure for service \"ASP.NET_4.0.30319\" in DLL \"C:\\Windows\\System32\\aspnet_counters.dll\" failed with error code The parameter is incorrect.. Performance data for this service will not be available.","lastlogsize":25342,"timestamp":1661948040,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":1008,"id":365,"clock":1689161265,"ns":219776600},{"host":"Windows host","key":"eventlog[Application]","value":"The Open procedure for service \"aspnet_state\" in DLL \"C:\\Windows\\System32\\aspnet_counters.dll\" failed with error code The parameter is incorrect.. Performance data for this service will not be available.","lastlogsize":25343,"timestamp":1661948040,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":1008,"id":366,"clock":1689161265,"ns":225014500},{"host":"Windows host","key":"eventlog[Application]","value":"The configuration information of the performance library \"C:\\Windows\\System32\\perfts.dll\" for the \"TermService\" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.","lastlogsize":25344,"timestamp":1661948045,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":2003,"id":367,"clock":1689161265,"ns":230383200},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-07T12:14:09Z. Reason: RulesEngine.","lastlogsize":25345,"timestamp":1661948049,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":368,"clock":1689161265,"ns":236128900},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25346,"timestamp":1661949363,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":369,"clock":1689161265,"ns":241365100},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-07T12:36:33Z. Reason: RulesEngine.","lastlogsize":25347,"timestamp":1661949393,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":370,"clock":1689161265,"ns":246582200},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25348,"timestamp":1661951755,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":371,"clock":1689161265,"ns":251784800},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-07T13:16:26Z. Reason: RulesEngine.","lastlogsize":25349,"timestamp":1661951786,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":372,"clock":1689161265,"ns":257012200},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":25350,"timestamp":1661954683,"source":"Outlook","severity":1,"eventid":63,"id":373,"clock":1689161265,"ns":261182700},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25351,"timestamp":1661956255,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":374,"clock":1689161265,"ns":265796900},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-07T14:31:26Z. Reason: RulesEngine.","lastlogsize":25352,"timestamp":1661956286,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":375,"clock":1689161265,"ns":271287500},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test\n","lastlogsize":25353,"timestamp":1661958399,"source":"igfxCUIService2.0.0.0","severity":1,"id":376,"clock":1689161265,"ns":461686100},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1\n","lastlogsize":25354,"timestamp":1661958399,"source":"igfxCUIService2.0.0.0","severity":1,"id":377,"clock":1689161265,"ns":655804600},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a notification event.","lastlogsize":25355,"timestamp":1661958399,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6000,"id":378,"clock":1689161265,"ns":659949300},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a notification event.","lastlogsize":25356,"timestamp":1661958399,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6000,"id":379,"clock":1689161265,"ns":664232100},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25357,"timestamp":1661958399,"source":"BrService_4_3_4_610","severity":1,"id":380,"clock":1689161265,"ns":858737000},{"host":"Windows host","key":"eventlog[Application]","value":"Service has been successfully shut down.","lastlogsize":25358,"timestamp":1661958403,"source":"IAStorDataMgrSvc","severity":1,"id":381,"clock":1689161265,"ns":864181600},{"host":"Windows host","key":"eventlog[Application]","value":"Service has been successfully shut down.","lastlogsize":25359,"timestamp":1661958403,"source":"HP Comm Recovery","severity":1,"id":382,"clock":1689161265,"ns":869432100},{"host":"Windows host","key":"eventlog[Application]","value":"Service has been successfully shut down.","lastlogsize":25360,"timestamp":1661958403,"source":"XTUService","severity":1,"id":383,"clock":1689161265,"ns":874567200},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped (0)\n","lastlogsize":25361,"timestamp":1661958403,"source":"Bonjour Service","severity":1,"eventid":100,"id":384,"clock":1689161265,"ns":879618000},{"host":"Windows host","key":"eventlog[Application]","value":"The Windows Security Center Service has stopped.","lastlogsize":25362,"timestamp":1661958403,"source":"SecurityCenter","severity":1,"eventid":2,"id":385,"clock":1689161265,"ns":885038300},{"host":"Windows host","key":"eventlog[Application]","value":"The User Profile Service has stopped. \r\n\r\n","lastlogsize":25363,"timestamp":1661958403,"source":"Microsoft-Windows-User Profiles Service","severity":1,"eventid":1532,"id":386,"clock":1689161265,"ns":890328300},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed","lastlogsize":25364,"timestamp":1662012186,"source":"igfxCUIService2.0.0.0","severity":1,"id":387,"clock":1689161266,"ns":80775600},{"host":"Windows host","key":"eventlog[Application]","value":"The User Profile Service has started successfully. \r\n\r\n","lastlogsize":25365,"timestamp":1662012186,"source":"Microsoft-Windows-User Profiles Service","severity":1,"eventid":1531,"id":388,"clock":1689161266,"ns":85306300},{"host":"Windows host","key":"eventlog[Application]","value":"Windows Management Instrumentation Service started sucessfully","lastlogsize":25366,"timestamp":1662012187,"source":"Microsoft-Windows-WMI","severity":1,"eventid":5615,"id":389,"clock":1689161266,"ns":89734900},{"host":"Windows host","key":"eventlog[Application]","value":"Intel(R) Dynamic Application Loader Host Interface Service started.","lastlogsize":25367,"timestamp":1662012187,"source":"IntelDalJhi","severity":1,"id":390,"clock":1689161266,"ns":93626300},{"host":"Windows host","key":"eventlog[Application]","value":"Local Management Service started.","lastlogsize":25368,"timestamp":1662012187,"source":"LMS","severity":1,"eventid":2000,"id":391,"clock":1689161266,"ns":97519100},{"host":"Windows host","key":"eventlog[Application]","value":"Service started/resumed","lastlogsize":25369,"timestamp":1662012187,"source":"LMS","severity":1,"id":392,"clock":1689161266,"ns":101494400},{"host":"Windows host","key":"eventlog[Application]","value":"Windows Management Instrumentation Service subsystems initialized successfully","lastlogsize":25370,"timestamp":1662012187,"source":"Microsoft-Windows-WMI","severity":1,"eventid":5617,"id":393,"clock":1689161266,"ns":105851100},{"host":"Windows host","key":"eventlog[Application]","value":"Service started successfully.","lastlogsize":25371,"timestamp":1662012192,"source":"XTUService","severity":1,"id":394,"clock":1689161266,"ns":110010000},{"host":"Windows host","key":"eventlog[Application]","value":"Service started (1.0.24.0).","lastlogsize":25372,"timestamp":1662012193,"source":"DbxSvc","severity":1,"eventid":336,"id":395,"clock":1689161266,"ns":114113500},{"host":"Windows host","key":"eventlog[Application]","value":"Pipe server thread started.","lastlogsize":25373,"timestamp":1662012193,"source":"DbxSvc","severity":1,"eventid":258,"id":396,"clock":1689161266,"ns":118184300},{"host":"Windows host","key":"eventlog[Application]","value":"Service initializing","lastlogsize":25374,"timestamp":1662012193,"source":"Bonjour Service","severity":1,"eventid":100,"id":397,"clock":1689161266,"ns":122277500},{"host":"Windows host","key":"eventlog[Application]","value":"Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...","lastlogsize":25375,"timestamp":1662012193,"source":"DbxSvc","severity":1,"eventid":320,"id":398,"clock":1689161266,"ns":126342800},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'AdobeARMservice' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started","lastlogsize":25376,"timestamp":1662012193,"source":"AdobeARMservice","severity":1,"id":399,"clock":1689161266,"ns":320890100},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'LanWlanSwitchingService' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: LanWlanSwitchingService; LAN/WLAN | LAN/WWAN Switching Service in OnStart","lastlogsize":25377,"timestamp":1662012193,"source":"LanWlanSwitchingService","severity":1,"id":400,"clock":1689161266,"ns":517027400}],"clock":1689161266,"ns":518930000}] 9284:20230712:142746.523 JSON back [{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002033"}] 9284:20230712:142746.524 In check_response() response:'{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002033"}' 9284:20230712:142746.524 info from server: 'processed: 50; failed: 0; total: 50; seconds spent: 0.002033' 9284:20230712:142746.525 End of check_response():SUCCEED 9284:20230712:142746.525 OK 9284:20230712:142746.526 End of send_buffer():SUCCEED 9284:20230712:142746.527 End of process_value():SUCCEED 9284:20230712:142746.527 End of process_eventslog6():SUCCEED last eventid:0 9284:20230712:142746.528 In finalize_eventlog6() 9284:20230712:142746.529 End of finalize_eventlog6():SUCCEED 9284:20230712:142746.530 In need_meta_update() key:eventlog[Application] 9284:20230712:142746.530 End of need_meta_update():FAIL 9284:20230712:142746.531 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142746.531 End of send_buffer():SUCCEED 9284:20230712:142746.532 End of process_active_checks() 9284:20230712:142746.533 In get_min_nextcheck() 9284:20230712:142746.533 End of get_min_nextcheck():1689161276 9284:20230712:142746.534 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142746.534 End of send_buffer():SUCCEED 9284:20230712:142746.535 In refresh_active_checks() host:'192.168.56.201' port:10051 9284:20230712:142746.539 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:3, connection timeout:3] 9284:20230712:142746.540 sending [{"request":"active checks","host":"Windows host","host_metadata":"Q21 Ver. 02.09.01","config_revision":918,"session":"4027be861358abcc6136983f1f36335c"}] 9284:20230712:142746.541 before read 9284:20230712:142746.542 got [{"response":"success","config_revision":919,"data":[{"key":"eventlog[Application]","delay":10,"lastlogsize":25327,"mtime":0}]}] 9284:20230712:142746.542 In parse_list_of_checks() 9284:20230712:142746.543 In add_check() key:'eventlog[Application]' refresh:10 lastlogsize:25327 mtime:0 9284:20230712:142746.544 End of add_check() 9284:20230712:142746.544 End of parse_list_of_checks():SUCCEED 9284:20230712:142746.545 End of refresh_active_checks():SUCCEED 9284:20230712:142746.545 In process_active_checks() server:'192.168.56.201' port:10051 9284:20230712:142746.546 End of process_active_checks() 9284:20230712:142746.547 In get_min_nextcheck() 9284:20230712:142746.547 End of get_min_nextcheck():1689161276 2184:20230712:142747.274 In collect_perfstat() 2184:20230712:142747.276 End of collect_perfstat() 9284:20230712:142747.549 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142747.550 End of send_buffer():SUCCEED 19844:20230712:142747.579 Requested [agent.ping] 19844:20230712:142747.580 Sending back [1] 2184:20230712:142748.279 In collect_perfstat() 2184:20230712:142748.283 End of collect_perfstat() 9284:20230712:142748.551 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142748.552 End of send_buffer():SUCCEED 2184:20230712:142749.285 In collect_perfstat() 2184:20230712:142749.293 End of collect_perfstat() 9284:20230712:142749.556 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142749.558 End of send_buffer():SUCCEED 2184:20230712:142750.294 In collect_perfstat() 2184:20230712:142750.301 End of collect_perfstat() 9284:20230712:142750.560 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142750.560 End of send_buffer():SUCCEED 2184:20230712:142751.302 In collect_perfstat() 2184:20230712:142751.309 End of collect_perfstat() 9284:20230712:142751.562 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142751.563 End of send_buffer():SUCCEED 9284:20230712:142751.564 In refresh_active_checks() host:'192.168.56.201' port:10051 9284:20230712:142751.569 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:3, connection timeout:3] 9284:20230712:142751.570 sending [{"request":"active checks","host":"Windows host","host_metadata":"Q21 Ver. 02.09.01","config_revision":919,"session":"4027be861358abcc6136983f1f36335c"}] 9284:20230712:142751.571 before read 9284:20230712:142751.572 got [{"response":"success"}] 9284:20230712:142751.573 In parse_list_of_checks() 9284:20230712:142751.574 End of parse_list_of_checks():SUCCEED 9284:20230712:142751.575 End of refresh_active_checks():SUCCEED 9284:20230712:142751.576 In process_active_checks() server:'192.168.56.201' port:10051 9284:20230712:142751.577 End of process_active_checks() 9284:20230712:142751.578 In get_min_nextcheck() 9284:20230712:142751.579 End of get_min_nextcheck():1689161276 2184:20230712:142752.311 In collect_perfstat() 2184:20230712:142752.314 End of collect_perfstat() 9284:20230712:142752.582 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142752.585 End of send_buffer():SUCCEED 2184:20230712:142753.317 In collect_perfstat() 2184:20230712:142753.323 End of collect_perfstat() 9284:20230712:142753.588 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142753.591 End of send_buffer():SUCCEED 2184:20230712:142754.325 In collect_perfstat() 2184:20230712:142754.329 End of collect_perfstat() 9284:20230712:142754.594 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142754.596 End of send_buffer():SUCCEED 2184:20230712:142755.330 In collect_perfstat() 2184:20230712:142755.333 End of collect_perfstat() 14488:20230712:142755.595 Requested [system.sw.os.get] 14488:20230712:142755.598 [MPLOG] in system_sw_os_get() 9284:20230712:142755.601 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 14488:20230712:142755.603 [MPLOG] end system_sw_os_get() 9284:20230712:142755.606 End of send_buffer():SUCCEED 14488:20230712:142755.608 Sending back [{"os_type":"windows","product_name":"Windows 10 Pro","architecture":"x86_64","build_number":"19045","build_revision":"3086","build":"19045.3086","edition":"Professional","composition":"Enterprise","display_version":"22H2","version":"6.3","version_pretty":"Windows 10 Pro Build 19045.3086","version_full":"Windows 10 Pro 19041.1.amd64fre.vb_release.191206-1406 Build 19045.3086"}] 2184:20230712:142756.335 In collect_perfstat() 2184:20230712:142756.338 End of collect_perfstat() 9284:20230712:142756.607 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142756.608 End of send_buffer():SUCCEED 9284:20230712:142756.609 In refresh_active_checks() host:'192.168.56.201' port:10051 9284:20230712:142756.613 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:3, connection timeout:3] 9284:20230712:142756.615 sending [{"request":"active checks","host":"Windows host","host_metadata":"Q21 Ver. 02.09.01","config_revision":919,"session":"4027be861358abcc6136983f1f36335c"}] 9284:20230712:142756.616 before read 9284:20230712:142756.616 got [{"response":"success"}] 9284:20230712:142756.617 In parse_list_of_checks() 9284:20230712:142756.618 End of parse_list_of_checks():SUCCEED 9284:20230712:142756.619 End of refresh_active_checks():SUCCEED 9284:20230712:142756.620 In process_active_checks() server:'192.168.56.201' port:10051 9284:20230712:142756.620 In initialize_eventlog6() source:'Application' previous lastlogsize:25377 9284:20230712:142756.621 In zbx_open_eventlog6() lastlogsize:25377 9284:20230712:142756.622 In get_eventlog6_id() 9284:20230712:142756.623 End of get_eventlog6_id():SUCCEED id:94304984 9284:20230712:142756.624 In get_eventlog6_id() 9284:20230712:142756.625 End of get_eventlog6_id():SUCCEED id:94304976 9284:20230712:142756.626 End of zbx_open_eventlog6():SUCCEED FirstID:24378 LastID:70732 9284:20230712:142756.626 In zbx_get_handle_eventlog6(), previous lastlogsize:25377 9284:20230712:142756.627 End of zbx_get_handle_eventlog6():SUCCEED 9284:20230712:142756.628 End of initialize_eventlog6():SUCCEED 9284:20230712:142756.629 In process_eventslog6() source: 'Application' previous lastlogsize: 25377, FirstID: 24378, LastID: 70732 9284:20230712:142756.635 In zbx_parse_eventlog_message6() EventRecordID:25378 9284:20230712:142756.636 In expand_message6() 9284:20230712:142756.638 End of expand_message6():Service initialized 9284:20230712:142756.638 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142756.639 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25378 value:'Service initialized' 9284:20230712:142756.640 buffer: new element 0 9284:20230712:142756.641 End of process_value():SUCCEED 9284:20230712:142756.641 In zbx_parse_eventlog_message6() EventRecordID:25379 9284:20230712:142756.642 In expand_message6() 9284:20230712:142756.643 End of expand_message6():Service started 9284:20230712:142756.644 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142756.645 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25379 value:'Service started ' 9284:20230712:142756.645 buffer: new element 1 9284:20230712:142756.646 End of process_value():SUCCEED 9284:20230712:142756.647 In zbx_parse_eventlog_message6() EventRecordID:25380 9284:20230712:142756.647 In expand_message6() 9284:20230712:142756.649 End of expand_message6():The winlogon notification subscriber was unavailable to handle a critical notification event. 9284:20230712:142756.649 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142756.650 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25380 value:'The winlogon notification subscriber was unavailable to handle a critical notification event.' 9284:20230712:142756.651 buffer: new element 2 9284:20230712:142756.651 End of process_value():SUCCEED 9284:20230712:142756.652 In zbx_parse_eventlog_message6() EventRecordID:25381 9284:20230712:142756.653 In expand_message6() 9284:20230712:142756.654 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142756.654 ====== Fatal information: ====== 9284:20230712:142756.655 Program counter: 0x67e2cf19 9284:20230712:142756.655 === Registers: === 9284:20230712:142756.656 r8 = 18 = 24 = 24 9284:20230712:142756.657 r9 = 0 = 0 = 0 9284:20230712:142756.657 r10 = 0 = 0 = 0 9284:20230712:142756.658 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142756.659 r12 = 384e410 = 59040784 = 59040784 9284:20230712:142756.659 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142756.660 r14 = 0 = 0 = 0 9284:20230712:142756.661 r15 = 0 = 0 = 0 9284:20230712:142756.661 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142756.662 rsi = 385fc70 = 59112560 = 59112560 9284:20230712:142756.663 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142756.663 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142756.664 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142756.665 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142756.665 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142756.666 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142756.667 efl = 202 = 514 = 514 9284:20230712:142756.667 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142756.668 === Backtrace: === 9284:20230712:142756.828 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142756.829 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142756.830 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142756.831 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142756.832 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142756.834 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142756.835 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142756.836 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142756.837 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142756.838 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142756.839 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142756.840 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142756.841 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142756.841 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142756.847 ================================ 9284:20230712:142756.847 provider 'hpqcaslwmiex' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142756.848 End of expand_message6():(null) 9284:20230712:142756.849 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142756.850 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25381 value:'The description for Event ID:0 in Source:'hpqcaslwmiex' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed' 9284:20230712:142756.850 buffer: new element 3 9284:20230712:142756.851 End of process_value():SUCCEED 9284:20230712:142756.852 In zbx_parse_eventlog_message6() EventRecordID:25382 9284:20230712:142756.852 In expand_message6() 9284:20230712:142756.853 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142756.854 ====== Fatal information: ====== 9284:20230712:142756.854 Program counter: 0x67e2cf19 9284:20230712:142756.855 === Registers: === 9284:20230712:142756.856 r8 = 18 = 24 = 24 9284:20230712:142756.856 r9 = 0 = 0 = 0 9284:20230712:142756.857 r10 = 0 = 0 = 0 9284:20230712:142756.858 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142756.858 r12 = 63bfe0 = 6537184 = 6537184 9284:20230712:142756.859 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142756.859 r14 = 0 = 0 = 0 9284:20230712:142756.860 r15 = 0 = 0 = 0 9284:20230712:142756.861 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142756.861 rsi = 385e910 = 59107600 = 59107600 9284:20230712:142756.862 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142756.863 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142756.863 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142756.864 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142756.865 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142756.865 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142756.866 efl = 202 = 514 = 514 9284:20230712:142756.867 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142756.867 === Backtrace: === 9284:20230712:142757.025 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142757.026 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142757.027 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142757.028 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142757.028 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142757.031 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142757.032 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142757.033 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142757.034 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142757.034 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142757.035 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142757.037 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142757.037 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142757.038 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142757.040 ================================ 9284:20230712:142757.041 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142757.041 End of expand_message6():(null) 9284:20230712:142757.042 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142757.043 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25382 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 ' 9284:20230712:142757.043 buffer: new element 4 9284:20230712:142757.044 End of process_value():SUCCEED 9284:20230712:142757.044 In zbx_parse_eventlog_message6() EventRecordID:25383 9284:20230712:142757.045 In expand_message6() 9284:20230712:142757.046 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142757.047 ====== Fatal information: ====== 9284:20230712:142757.047 Program counter: 0x67e2cf19 9284:20230712:142757.048 === Registers: === 9284:20230712:142757.049 r8 = 18 = 24 = 24 9284:20230712:142757.049 r9 = 0 = 0 = 0 9284:20230712:142757.050 r10 = 0 = 0 = 0 9284:20230712:142757.051 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142757.051 r12 = 384e5d0 = 59041232 = 59041232 9284:20230712:142757.052 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142757.052 r14 = 0 = 0 = 0 9284:20230712:142757.053 r15 = 0 = 0 = 0 9284:20230712:142757.054 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142757.054 rsi = 385e0f0 = 59105520 = 59105520 9284:20230712:142757.055 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142757.056 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142757.056 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142757.057 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142757.058 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142757.058 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142757.059 efl = 202 = 514 = 514 9284:20230712:142757.060 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142757.060 === Backtrace: === 9284:20230712:142757.205 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142757.206 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142757.207 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142757.208 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142757.208 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142757.211 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142757.212 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142757.212 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142757.213 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142757.214 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142757.215 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142757.216 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142757.217 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142757.217 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142757.222 ================================ 9284:20230712:142757.223 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142757.223 End of expand_message6():(null) 9284:20230712:142757.224 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142757.225 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25383 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 ' 9284:20230712:142757.225 buffer: new element 5 9284:20230712:142757.226 End of process_value():SUCCEED 9284:20230712:142757.226 In zbx_parse_eventlog_message6() EventRecordID:25384 9284:20230712:142757.227 In expand_message6() 9284:20230712:142757.228 End of expand_message6():The winlogon notification subscriber was unavailable to handle a notification event. 9284:20230712:142757.229 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142757.229 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25384 value:'The winlogon notification subscriber was unavailable to handle a notification event.' 9284:20230712:142757.230 buffer: new element 6 9284:20230712:142757.230 End of process_value():SUCCEED 9284:20230712:142757.231 In zbx_parse_eventlog_message6() EventRecordID:25385 9284:20230712:142757.231 In expand_message6() 9284:20230712:142757.232 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142757.233 ====== Fatal information: ====== 9284:20230712:142757.233 Program counter: 0x67e2cf19 9284:20230712:142757.234 === Registers: === 9284:20230712:142757.234 r8 = 18 = 24 = 24 9284:20230712:142757.235 r9 = 0 = 0 = 0 9284:20230712:142757.235 r10 = 0 = 0 = 0 9284:20230712:142757.236 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142757.236 r12 = 63d3e0 = 6542304 = 6542304 9284:20230712:142757.237 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142757.238 r14 = 0 = 0 = 0 9284:20230712:142757.238 r15 = 0 = 0 = 0 9284:20230712:142757.239 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142757.239 rsi = 385fc70 = 59112560 = 59112560 9284:20230712:142757.240 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142757.241 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142757.241 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142757.242 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142757.242 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142757.243 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142757.244 efl = 202 = 514 = 514 9284:20230712:142757.244 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142757.245 === Backtrace: === 2184:20230712:142757.340 In collect_perfstat() 2184:20230712:142757.343 End of collect_perfstat() 9284:20230712:142757.406 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142757.407 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142757.407 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142757.408 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142757.409 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142757.411 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142757.412 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142757.413 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142757.414 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142757.414 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142757.415 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142757.416 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142757.417 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142757.418 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142757.419 ================================ 9284:20230712:142757.420 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142757.421 End of expand_message6():(null) 9284:20230712:142757.421 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142757.422 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25385 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 ' 9284:20230712:142757.422 buffer: new element 7 9284:20230712:142757.423 End of process_value():SUCCEED 9284:20230712:142757.424 In zbx_parse_eventlog_message6() EventRecordID:25386 9284:20230712:142757.424 In expand_message6() 9284:20230712:142757.426 End of expand_message6():SearchIndexer (9012,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0). 9284:20230712:142757.426 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142757.427 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25386 value:'SearchIndexer (9012,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0).' 9284:20230712:142757.428 buffer: new element 8 9284:20230712:142757.428 End of process_value():SUCCEED 9284:20230712:142757.429 In zbx_parse_eventlog_message6() EventRecordID:25387 9284:20230712:142757.429 In expand_message6() 9284:20230712:142757.431 End of expand_message6():SearchIndexer (9012,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.002010 +J(0) +M(C:0K, Fs:321, WS:1252K # 1252K, PF:5404K # 5404K, P:5404K) [2] 0.000401 +J(0) +M(C:0K, Fs:123, WS:492K # 492K, PF:440K # 440K, P:440K) [3] 0.000779 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K) [4] 0.000139 +J(0) +M(C:0K, Fs:31, WS:124K # 124K, PF:356K # 356K, P:356K) [5] 0.001522 +J(0) +M(C:0K, Fs:14, WS:56K # 56K, PF:28K # 36K, P:28K) [6] 0.004587 +J(0) +M(C:0K, Fs:24, WS:92K # 92K, PF:16K # 8K, P:16K) [7] 0.005229 -0.002107 (2) WT +J(0) +M(C:0K, Fs:268, WS:1068K # 1068K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.010744 -0.000253 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1024K # 12K, P:-1024K) [14] 0.000017 +J(0) [15] 0.000070 +J(0) +M(C:0K, Fs:65, WS:260K # 0K, PF:64K # 0K, P:64K) [16] 0.000189 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K). 9284:20230712:142757.432 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142757.432 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25387 value:'SearchIndexer (9012,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.002010 +J(0) +M(C:0K, Fs:321, WS:1252K # 1252K, PF:5404K # 5404K, P:5404K) [2] 0.000401 +J(0) +M(C:0K, Fs:123, WS:492K # 492K, PF:440K # 440K, P:440K) [3] 0.000779 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K) [4] 0.000139 +J(0) +M(C:0K, Fs:31, WS:124K # 124K, PF:356K # 356K, P:356K) [5] 0.001522 +J(0) +M(C:0K, Fs:14, WS:56K # 56K, PF:28K # 36K, P:28K) [6] 0.004587 +J(0) +M(C:0K, Fs:24, WS:92K # 92K, PF:16K # 8K, P:16K) [7] 0.005229 -0.002107 (2) WT +J(0) +M(C:0K, Fs:268, WS:1068K # 1068K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.010744 -0.000253 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1024K # 12K, P:-1024K) [14] 0.000017 +J(0) [15] 0.000070 +J(0) +M(C:0K, Fs:65, WS:260K # 0K, PF:64K # 0K, P:64K) [16] 0.000189 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).' 9284:20230712:142757.433 buffer: new element 9 9284:20230712:142757.433 End of process_value():SUCCEED 9284:20230712:142757.434 In zbx_parse_eventlog_message6() EventRecordID:25388 9284:20230712:142757.434 In expand_message6() 9284:20230712:142757.436 End of expand_message6():SearchIndexer (9012,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000BC1:00B8:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000003 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [2] 0.001386 -0.000241 (1) WT +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.004039 -0.000758 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:128K # 0K, PF:144K # 0K, P:144K) [4] 0.000247 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] - [8] 0.001223 -0.000909 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:51, WS:200K # 0K, PF:696K # 0K, P:696K) [9] 0.023243 -0.000582 (5) CM -0.022435 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:288K # 196K, P:288K) [10] 0.000303 -0.000220 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:96K # 96K, P:96K) [11] 0.000011 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000042 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K) [13] 0.0 +J(0) [14] 0.0 +J(0) [15] 0.000005 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0). 9284:20230712:142757.437 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142757.437 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25388 value:'SearchIndexer (9012,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000BC1:00B8:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000003 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [2] 0.001386 -0.000241 (1) WT +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.004039 -0.000758 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:128K # 0K, PF:144K # 0K, P:144K) [4] 0.000247 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] - [8] 0.001223 -0.000909 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:51, WS:200K # 0K, PF:696K # 0K, P:696K) [9] 0.023243 -0.000582 (5) CM -0.022435 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:288K # 196K, P:288K) [10] 0.000303 -0.000220 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:96K # 96K, P:96K) [11] 0.000011 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000042 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K) [13] 0.0 +J(0) [14] 0.0 +J(0) [15] 0.000005 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).' 9284:20230712:142757.438 buffer: new element 10 9284:20230712:142757.438 End of process_value():SUCCEED 9284:20230712:142757.439 In zbx_parse_eventlog_message6() EventRecordID:25389 9284:20230712:142757.440 In expand_message6() 9284:20230712:142757.441 End of expand_message6():The Windows Search Service started. 9284:20230712:142757.442 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142757.442 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25389 value:'The Windows Search Service started. ' 9284:20230712:142757.443 buffer: new element 11 9284:20230712:142757.444 End of process_value():SUCCEED 9284:20230712:142757.444 In zbx_parse_eventlog_message6() EventRecordID:25390 9284:20230712:142757.445 In expand_message6() 9284:20230712:142757.445 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142757.446 ====== Fatal information: ====== 9284:20230712:142757.447 Program counter: 0x67e2cf19 9284:20230712:142757.447 === Registers: === 9284:20230712:142757.448 r8 = 18 = 24 = 24 9284:20230712:142757.448 r9 = 0 = 0 = 0 9284:20230712:142757.449 r10 = 0 = 0 = 0 9284:20230712:142757.449 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142757.450 r12 = 33f4620 = 54478368 = 54478368 9284:20230712:142757.451 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142757.451 r14 = 0 = 0 = 0 9284:20230712:142757.452 r15 = 0 = 0 = 0 9284:20230712:142757.452 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142757.453 rsi = 385e2d0 = 59106000 = 59106000 9284:20230712:142757.453 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142757.454 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142757.455 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142757.455 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142757.456 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142757.456 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142757.457 efl = 202 = 514 = 514 9284:20230712:142757.458 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142757.458 === Backtrace: === 17028:20230712:142757.595 Requested [agent.ping] 17028:20230712:142757.596 Sending back [1] 9284:20230712:142757.602 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142757.603 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142757.603 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142757.604 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142757.605 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142757.607 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142757.608 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142757.609 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142757.610 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142757.610 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142757.611 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142757.612 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142757.613 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142757.614 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142757.619 ================================ 9284:20230712:142757.619 provider 'BrService_4_3_4_610' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142757.620 End of expand_message6():(null) 9284:20230712:142757.621 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142757.621 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25390 value:'The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed' 9284:20230712:142757.622 buffer: new element 12 9284:20230712:142757.622 End of process_value():SUCCEED 9284:20230712:142757.623 In zbx_parse_eventlog_message6() EventRecordID:25391 9284:20230712:142757.624 In expand_message6() 9284:20230712:142757.624 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142757.625 ====== Fatal information: ====== 9284:20230712:142757.625 Program counter: 0x67e2cf19 9284:20230712:142757.626 === Registers: === 9284:20230712:142757.626 r8 = 18 = 24 = 24 9284:20230712:142757.627 r9 = 0 = 0 = 0 9284:20230712:142757.627 r10 = 0 = 0 = 0 9284:20230712:142757.627 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142757.628 r12 = 6af650 = 7009872 = 7009872 9284:20230712:142757.628 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142757.629 r14 = 0 = 0 = 0 9284:20230712:142757.629 r15 = 0 = 0 = 0 9284:20230712:142757.630 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142757.630 rsi = 385f630 = 59110960 = 59110960 9284:20230712:142757.631 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142757.631 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142757.632 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142757.632 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142757.633 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142757.633 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142757.634 efl = 202 = 514 = 514 9284:20230712:142757.634 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142757.635 === Backtrace: === 9284:20230712:142757.794 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142757.794 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142757.795 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142757.795 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142757.796 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142757.798 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142757.799 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142757.800 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142757.800 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142757.801 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142757.802 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142757.803 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142757.803 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142757.804 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142757.806 ================================ 9284:20230712:142757.806 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142757.807 End of expand_message6():(null) 9284:20230712:142757.807 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142757.808 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25391 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started' 9284:20230712:142757.808 buffer: new element 13 9284:20230712:142757.809 End of process_value():SUCCEED 9284:20230712:142757.809 In zbx_parse_eventlog_message6() EventRecordID:25392 9284:20230712:142757.809 In expand_message6() 9284:20230712:142757.810 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142757.811 ====== Fatal information: ====== 9284:20230712:142757.811 Program counter: 0x67e2cf19 9284:20230712:142757.812 === Registers: === 9284:20230712:142757.812 r8 = 18 = 24 = 24 9284:20230712:142757.813 r9 = 0 = 0 = 0 9284:20230712:142757.813 r10 = 0 = 0 = 0 9284:20230712:142757.814 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142757.815 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142757.815 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142757.816 r14 = 0 = 0 = 0 9284:20230712:142757.816 r15 = 0 = 0 = 0 9284:20230712:142757.817 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142757.818 rsi = 385f950 = 59111760 = 59111760 9284:20230712:142757.818 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142757.819 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142757.819 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142757.820 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142757.820 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142757.821 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142757.822 efl = 202 = 514 = 514 9284:20230712:142757.822 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142757.823 === Backtrace: === 9284:20230712:142757.966 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142757.967 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142757.968 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142757.968 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142757.969 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142757.971 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142757.972 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142757.973 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142757.974 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142757.975 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142757.976 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142757.977 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142757.977 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142757.978 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142757.980 ================================ 9284:20230712:142757.981 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142757.981 End of expand_message6():(null) 9284:20230712:142757.982 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142757.983 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25392 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142757.983 buffer: new element 14 9284:20230712:142757.984 End of process_value():SUCCEED 9284:20230712:142757.984 In zbx_parse_eventlog_message6() EventRecordID:25393 9284:20230712:142757.985 In expand_message6() 9284:20230712:142757.987 End of expand_message6():The Software Protection service is starting. Parameters:TriggerStarted:6 9284:20230712:142757.987 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142757.988 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25393 value:'The Software Protection service is starting. Parameters:TriggerStarted:6' 9284:20230712:142757.988 buffer: new element 15 9284:20230712:142757.989 End of process_value():SUCCEED 9284:20230712:142757.990 In zbx_parse_eventlog_message6() EventRecordID:25394 9284:20230712:142757.990 In expand_message6() 9284:20230712:142757.992 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142757.992 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142757.993 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25394 value:'Offline downlevel migration succeeded.' 9284:20230712:142757.994 buffer: new element 16 9284:20230712:142757.994 End of process_value():SUCCEED 9284:20230712:142757.995 In zbx_parse_eventlog_message6() EventRecordID:25395 9284:20230712:142757.996 In expand_message6() 9284:20230712:142757.997 End of expand_message6():Initialization status for service objects. C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 9284:20230712:142757.998 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142757.999 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25395 value:'Initialization status for service objects. C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 ' 9284:20230712:142757.999 buffer: new element 17 9284:20230712:142758.000 End of process_value():SUCCEED 9284:20230712:142758.000 In zbx_parse_eventlog_message6() EventRecordID:25396 9284:20230712:142758.001 In expand_message6() 9284:20230712:142758.003 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142758.004 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.005 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25396 value:'The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142758.006 buffer: new element 18 9284:20230712:142758.006 End of process_value():SUCCEED 9284:20230712:142758.007 In zbx_parse_eventlog_message6() EventRecordID:25397 9284:20230712:142758.007 In expand_message6() 9284:20230712:142758.009 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip. 9284:20230712:142758.010 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.010 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25397 value:'Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.' 9284:20230712:142758.011 buffer: new element 19 9284:20230712:142758.012 End of process_value():SUCCEED 9284:20230712:142758.012 In zbx_parse_eventlog_message6() EventRecordID:25398 9284:20230712:142758.013 In expand_message6() 9284:20230712:142758.015 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip. 9284:20230712:142758.015 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.016 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25398 value:'Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.' 9284:20230712:142758.017 buffer: new element 20 9284:20230712:142758.017 End of process_value():SUCCEED 9284:20230712:142758.018 In zbx_parse_eventlog_message6() EventRecordID:25399 9284:20230712:142758.019 In expand_message6() 9284:20230712:142758.020 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip. 9284:20230712:142758.021 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.022 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25399 value:'Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.' 9284:20230712:142758.022 buffer: new element 21 9284:20230712:142758.023 End of process_value():SUCCEED 9284:20230712:142758.024 In zbx_parse_eventlog_message6() EventRecordID:25400 9284:20230712:142758.024 In expand_message6() 9284:20230712:142758.026 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip. 9284:20230712:142758.027 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.028 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25400 value:'Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.' 9284:20230712:142758.028 buffer: new element 22 9284:20230712:142758.029 End of process_value():SUCCEED 9284:20230712:142758.030 In zbx_parse_eventlog_message6() EventRecordID:25401 9284:20230712:142758.030 In expand_message6() 9284:20230712:142758.032 End of expand_message6():Updated policy Kernel-RegisteredProcessors with value of 2 from Clip. 9284:20230712:142758.033 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.033 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25401 value:'Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.' 9284:20230712:142758.034 buffer: new element 23 9284:20230712:142758.035 End of process_value():SUCCEED 9284:20230712:142758.035 In zbx_parse_eventlog_message6() EventRecordID:25402 9284:20230712:142758.036 In expand_message6() 9284:20230712:142758.037 End of expand_message6():The Software Protection service has started. 10.0.19041.1889 9284:20230712:142758.038 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.039 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25402 value:'The Software Protection service has started. 10.0.19041.1889' 9284:20230712:142758.039 buffer: new element 24 9284:20230712:142758.040 End of process_value():SUCCEED 9284:20230712:142758.040 In zbx_parse_eventlog_message6() EventRecordID:25403 9284:20230712:142758.041 In expand_message6() 9284:20230712:142758.042 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142758.043 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.044 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25403 value:'The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142758.044 buffer: new element 25 9284:20230712:142758.045 End of process_value():SUCCEED 9284:20230712:142758.045 In zbx_parse_eventlog_message6() EventRecordID:25404 9284:20230712:142758.046 In expand_message6() 9284:20230712:142758.048 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip. 9284:20230712:142758.048 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.049 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25404 value:'Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.' 9284:20230712:142758.049 buffer: new element 26 9284:20230712:142758.050 End of process_value():SUCCEED 9284:20230712:142758.050 In zbx_parse_eventlog_message6() EventRecordID:25405 9284:20230712:142758.051 In expand_message6() 9284:20230712:142758.052 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip. 9284:20230712:142758.053 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.054 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25405 value:'Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.' 9284:20230712:142758.054 buffer: new element 27 9284:20230712:142758.055 End of process_value():SUCCEED 9284:20230712:142758.055 In zbx_parse_eventlog_message6() EventRecordID:25406 9284:20230712:142758.056 In expand_message6() 9284:20230712:142758.057 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip. 9284:20230712:142758.058 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.058 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25406 value:'Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.' 9284:20230712:142758.059 buffer: new element 28 9284:20230712:142758.059 End of process_value():SUCCEED 9284:20230712:142758.060 In zbx_parse_eventlog_message6() EventRecordID:25407 9284:20230712:142758.061 In expand_message6() 9284:20230712:142758.062 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip. 9284:20230712:142758.063 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.063 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25407 value:'Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.' 9284:20230712:142758.064 buffer: new element 29 9284:20230712:142758.064 End of process_value():SUCCEED 9284:20230712:142758.065 In zbx_parse_eventlog_message6() EventRecordID:25408 9284:20230712:142758.065 In expand_message6() 9284:20230712:142758.076 End of expand_message6():Updated policy Kernel-RegisteredProcessors with value of 2 from Clip. 9284:20230712:142758.077 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.079 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25408 value:'Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.' 9284:20230712:142758.080 buffer: new element 30 9284:20230712:142758.081 End of process_value():SUCCEED 9284:20230712:142758.082 In zbx_parse_eventlog_message6() EventRecordID:25409 9284:20230712:142758.083 In expand_message6() 9284:20230712:142758.085 End of expand_message6():Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying... 9284:20230712:142758.086 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.087 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25409 value:'Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...' 9284:20230712:142758.088 buffer: new element 31 9284:20230712:142758.089 End of process_value():SUCCEED 9284:20230712:142758.089 In zbx_parse_eventlog_message6() EventRecordID:25410 9284:20230712:142758.090 In expand_message6() 9284:20230712:142758.092 End of expand_message6():12684 9284:20230712:142758.093 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.094 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25410 value:'12684' 9284:20230712:142758.094 buffer: new element 32 9284:20230712:142758.095 End of process_value():SUCCEED 9284:20230712:142758.095 In zbx_parse_eventlog_message6() EventRecordID:25411 9284:20230712:142758.096 In expand_message6() 9284:20230712:142758.097 End of expand_message6():Outlook loaded the following add-in(s): Name: Microsoft Exchange Add-in Description: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability. ProgID: UmOutlookAddin.FormRegionAddin GUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\UmOutlookAddin.dll Boot Time (Milliseconds): 78 Name: Microsoft Teams Meeting Add-in for Microsoft Office Description: Microsoft Teams Meeting Add-in for Microsoft Office ProgID: TeamsAddin.FastConnect GUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D} Load Behavior: 3 HKLM: 0 Location: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22209.4\x64\Microsoft.Teams.AddinLoader.dll Boot Time (Milliseconds): 16 Name: Outlook Social Connector 2016 Description: Connects to social networking sites and provides people, activity, and status information. ProgID: OscAddin.Connect GUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\SOCIALCONNECTOR.DLL Boot Time (Milliseconds): 31 Name: OneNote Notes about Outlook Items Description: Adds Send to OneNote and Notes about this Item buttons to the command bar ProgID: OneNote.OutlookAddin GUID: {93E5752E-B889-47C5-8545-654EE2533C64} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll Boot Time (Milliseconds): 31 Name: Microsoft VBA for Outlook Addin Description: ProgID: Microsoft.VbaAddinForOutlook.1 GUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2} Load Behavior: 9 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\OUTLVBA.DLL Boot Time (Milliseconds): 0 Name: Microsoft SharePoint Server Colleague Import Add-in Description: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content ProgID: ColleagueImport.ColleagueImportAddin GUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120} Load Behavior: 3 HKLM: 0 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\ColleagueImport.dll Boot Time (Milliseconds): 16 Name: HP Sure Click Outlook Add-in 4.3.4.610 Description: HP Sure Click Outlook Add-in 4.3.4.610 ProgID: Bromium.vSentry.OutlookAddin GUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\HP\Sure Click\4.3.4.610\servers\BrOutlookAddin.dll Boot Time (Milliseconds): 234 9284:20230712:142758.098 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.099 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25411 value:'Outlook loaded the following add-in(s): Name: Microsoft Exchange Add-in Description: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability. ProgID: UmOutlookAddin.FormRegionAddin GUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\UmOutlookAddin.dll Boot Time (Milliseconds): 78 Name: Microsoft Teams Meeting Add-in for Microsoft Office Description: Microsoft Teams Meeting Add-in for Microsoft Office ProgID: TeamsAddin.FastConnect GUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D} Load Behavior: 3 HKLM: 0 Location: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22209.4\x64\Microsoft.Teams.AddinLoader.dll Boot Time (Milliseconds): 16 Name: Outlook Social Connector 2016 Description: Connects to social networking sites and provides people, activity, and status information. ProgID: OscAddin.Connect GUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\SOCIALCONNECTOR.DLL Boot Time (Milliseconds): 31 Name: OneNote Notes about Outlook Items Description: Adds Send to OneNote and Notes about this Item buttons to the command bar ProgID: OneNote.OutlookAddin GUID: {93E5752E-B889-47C5-8545-654EE2533C64} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll Boot Time (Milliseconds): 31 Name: Microsoft VBA for Outlook Addin Description: ProgID: Microsoft.VbaAddinForOutlook.1 GUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2} Load Behavior: 9 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\OUTLVBA.DLL Boot Time (Milliseconds): 0 Name: Microsoft SharePoint Server Colleague Import Add-in Description: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content ProgID: ColleagueImport.ColleagueImportAddin GUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120} Load Behavior: 3 HKLM: 0 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\ColleagueImport.dll Boot Time (Milliseconds): 16 Name: HP Sure Click Outlook Add-in 4.3.4.610 Description: HP Sure Click Outlook Add-in 4.3.4.610 ProgID: Bromium.vSentry.OutlookAddin GUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\HP\Sure Click\4.3.4.610\servers\BrOutlookAddin.dll Boot Time (Milliseconds): 234 ' 9284:20230712:142758.099 buffer: new element 33 9284:20230712:142758.100 End of process_value():SUCCEED 9284:20230712:142758.100 In zbx_parse_eventlog_message6() EventRecordID:25412 9284:20230712:142758.101 In expand_message6() 9284:20230712:142758.102 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142758.103 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.103 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25412 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142758.104 buffer: new element 34 9284:20230712:142758.104 End of process_value():SUCCEED 9284:20230712:142758.105 In zbx_parse_eventlog_message6() EventRecordID:25413 9284:20230712:142758.105 In expand_message6() 9284:20230712:142758.107 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142758.108 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.108 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25413 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142758.109 buffer: new element 35 9284:20230712:142758.109 End of process_value():SUCCEED 9284:20230712:142758.110 In zbx_parse_eventlog_message6() EventRecordID:25414 9284:20230712:142758.110 In expand_message6() 9284:20230712:142758.112 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 9284:20230712:142758.112 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.113 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25414 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] ' 9284:20230712:142758.114 buffer: new element 36 9284:20230712:142758.114 End of process_value():SUCCEED 9284:20230712:142758.115 In zbx_parse_eventlog_message6() EventRecordID:25415 9284:20230712:142758.115 In expand_message6() 9284:20230712:142758.116 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142758.116 ====== Fatal information: ====== 9284:20230712:142758.117 Program counter: 0x67e2cf19 9284:20230712:142758.117 === Registers: === 9284:20230712:142758.118 r8 = 18 = 24 = 24 9284:20230712:142758.118 r9 = 0 = 0 = 0 9284:20230712:142758.119 r10 = 0 = 0 = 0 9284:20230712:142758.119 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142758.120 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142758.120 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142758.121 r14 = 0 = 0 = 0 9284:20230712:142758.122 r15 = 0 = 0 = 0 9284:20230712:142758.122 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142758.123 rsi = 385f950 = 59111760 = 59111760 9284:20230712:142758.123 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142758.124 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142758.124 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142758.125 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142758.125 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142758.126 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142758.126 efl = 202 = 514 = 514 9284:20230712:142758.127 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142758.127 === Backtrace: === 9284:20230712:142758.272 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142758.273 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142758.273 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142758.274 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142758.275 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142758.277 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142758.278 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142758.278 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142758.279 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142758.280 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142758.281 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142758.282 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142758.282 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142758.283 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142758.288 ================================ 9284:20230712:142758.289 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142758.289 End of expand_message6():(null) 9284:20230712:142758.290 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.290 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25415 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142758.291 buffer: new element 37 9284:20230712:142758.291 End of process_value():SUCCEED 9284:20230712:142758.292 In zbx_parse_eventlog_message6() EventRecordID:25416 9284:20230712:142758.292 In expand_message6() 9284:20230712:142758.294 End of expand_message6():Service stopped. 9284:20230712:142758.294 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.295 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25416 value:'Service stopped.' 9284:20230712:142758.295 buffer: new element 38 9284:20230712:142758.296 End of process_value():SUCCEED 9284:20230712:142758.296 In zbx_parse_eventlog_message6() EventRecordID:25417 9284:20230712:142758.297 In expand_message6() 9284:20230712:142758.297 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142758.298 ====== Fatal information: ====== 9284:20230712:142758.298 Program counter: 0x67e2cf19 9284:20230712:142758.299 === Registers: === 9284:20230712:142758.299 r8 = 18 = 24 = 24 9284:20230712:142758.299 r9 = 0 = 0 = 0 9284:20230712:142758.300 r10 = 0 = 0 = 0 9284:20230712:142758.300 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142758.301 r12 = 38620f0 = 59121904 = 59121904 9284:20230712:142758.301 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142758.302 r14 = 0 = 0 = 0 9284:20230712:142758.302 r15 = 0 = 0 = 0 9284:20230712:142758.303 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142758.303 rsi = 385f630 = 59110960 = 59110960 9284:20230712:142758.304 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142758.304 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142758.305 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142758.305 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142758.306 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142758.306 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142758.307 efl = 202 = 514 = 514 9284:20230712:142758.307 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142758.308 === Backtrace: === 2184:20230712:142758.344 In collect_perfstat() 2184:20230712:142758.347 End of collect_perfstat() 9284:20230712:142758.468 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142758.468 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142758.469 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142758.470 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142758.471 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142758.473 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142758.474 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142758.474 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142758.475 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142758.476 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142758.477 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142758.478 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142758.479 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142758.479 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142758.481 ================================ 9284:20230712:142758.482 provider 'gupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142758.482 End of expand_message6():(null) 9284:20230712:142758.483 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.483 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25417 value:'The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142758.484 buffer: new element 39 9284:20230712:142758.485 End of process_value():SUCCEED 9284:20230712:142758.485 In zbx_parse_eventlog_message6() EventRecordID:25418 9284:20230712:142758.486 In expand_message6() 9284:20230712:142758.487 End of expand_message6():Service started successfully. 9284:20230712:142758.488 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.488 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25418 value:'Service started successfully.' 9284:20230712:142758.489 buffer: new element 40 9284:20230712:142758.490 End of process_value():SUCCEED 9284:20230712:142758.490 In zbx_parse_eventlog_message6() EventRecordID:25419 9284:20230712:142758.491 In expand_message6() 9284:20230712:142758.492 End of expand_message6():Started event manager Started event manager 9284:20230712:142758.493 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.493 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25419 value:'Started event manager Started event manager' 9284:20230712:142758.494 buffer: new element 41 9284:20230712:142758.494 End of process_value():SUCCEED 9284:20230712:142758.495 In zbx_parse_eventlog_message6() EventRecordID:25420 9284:20230712:142758.496 In expand_message6() 9284:20230712:142758.497 End of expand_message6():Service started successfully. 9284:20230712:142758.498 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.498 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25420 value:'Service started successfully.' 9284:20230712:142758.499 buffer: new element 42 9284:20230712:142758.499 End of process_value():SUCCEED 9284:20230712:142758.500 In zbx_parse_eventlog_message6() EventRecordID:25421 9284:20230712:142758.501 In expand_message6() 9284:20230712:142758.502 End of expand_message6():The Windows Security Center Service has started. 9284:20230712:142758.503 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.503 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25421 value:'The Windows Security Center Service has started.' 9284:20230712:142758.504 buffer: new element 43 9284:20230712:142758.504 End of process_value():SUCCEED 9284:20230712:142758.505 In zbx_parse_eventlog_message6() EventRecordID:25422 9284:20230712:142758.506 In expand_message6() 9284:20230712:142758.507 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142758.508 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.508 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25422 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142758.509 buffer: new element 44 9284:20230712:142758.509 End of process_value():SUCCEED 9284:20230712:142758.510 In zbx_parse_eventlog_message6() EventRecordID:25423 9284:20230712:142758.511 In expand_message6() 9284:20230712:142758.512 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-08T06:05:39Z. Reason: RulesEngine. 9284:20230712:142758.513 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.513 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25423 value:'Successfully scheduled Software Protection service for re-start at 2122-08-08T06:05:39Z. Reason: RulesEngine.' 9284:20230712:142758.514 buffer: new element 45 9284:20230712:142758.515 End of process_value():SUCCEED 9284:20230712:142758.515 In zbx_parse_eventlog_message6() EventRecordID:25424 9284:20230712:142758.516 In expand_message6() 9284:20230712:142758.517 End of expand_message6():The Software Protection service has stopped. 9284:20230712:142758.518 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.519 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25424 value:'The Software Protection service has stopped. ' 9284:20230712:142758.519 buffer: new element 46 9284:20230712:142758.520 End of process_value():SUCCEED 9284:20230712:142758.520 In zbx_parse_eventlog_message6() EventRecordID:25425 9284:20230712:142758.521 In expand_message6() 9284:20230712:142758.522 End of expand_message6():Version : 2.0.11.0 9284:20230712:142758.523 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.523 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25425 value:'Version : 2.0.11.0' 9284:20230712:142758.524 buffer: new element 47 9284:20230712:142758.525 End of process_value():SUCCEED 9284:20230712:142758.525 In zbx_parse_eventlog_message6() EventRecordID:25426 9284:20230712:142758.526 In expand_message6() 9284:20230712:142758.527 End of expand_message6():Cloud logging is enabled. 9284:20230712:142758.528 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.528 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25426 value:'Cloud logging is enabled.' 9284:20230712:142758.529 buffer: new element 48 9284:20230712:142758.529 End of process_value():SUCCEED 9284:20230712:142758.530 In zbx_parse_eventlog_message6() EventRecordID:25427 9284:20230712:142758.531 In expand_message6() 9284:20230712:142758.532 End of expand_message6():Load Balance is enabled. 9284:20230712:142758.533 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.533 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25427 value:'Load Balance is enabled.' 9284:20230712:142758.534 buffer: new element 49 9284:20230712:142758.534 In send_buffer() host:'192.168.56.201' port:10051 entries:50/100 9284:20230712:142758.535 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:60, connection timeout:3] 9284:20230712:142758.536 JSON before sending [{"request":"agent data","session":"4027be861358abcc6136983f1f36335c","data":[{"host":"Windows host","key":"eventlog[Application]","value":"Service initialized","lastlogsize":25378,"timestamp":1662012193,"source":"Bonjour Service","severity":1,"eventid":100,"id":401,"clock":1689161276,"ns":640518500},{"host":"Windows host","key":"eventlog[Application]","value":"Service started\n","lastlogsize":25379,"timestamp":1662012193,"source":"Bonjour Service","severity":1,"eventid":100,"id":402,"clock":1689161276,"ns":646043200},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a critical notification event.","lastlogsize":25380,"timestamp":1662012194,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6003,"id":403,"clock":1689161276,"ns":651392900},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'hpqcaslwmiex' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed","lastlogsize":25381,"timestamp":1662012205,"source":"hpqcaslwmiex","severity":1,"id":404,"clock":1689161276,"ns":850933900},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1\n","lastlogsize":25382,"timestamp":1662012212,"source":"igfxCUIService2.0.0.0","severity":1,"id":405,"clock":1689161277,"ns":43848000},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1\n","lastlogsize":25383,"timestamp":1662012212,"source":"igfxCUIService2.0.0.0","severity":1,"id":406,"clock":1689161277,"ns":225630500},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a notification event.","lastlogsize":25384,"timestamp":1662012212,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6000,"id":407,"clock":1689161277,"ns":230353500},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1\n","lastlogsize":25385,"timestamp":1662012212,"source":"igfxCUIService2.0.0.0","severity":1,"id":408,"clock":1689161277,"ns":423009400},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (9012,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0).","lastlogsize":25386,"timestamp":1662012212,"source":"ESENT","severity":1,"eventid":102,"id":409,"clock":1689161277,"ns":428197900},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (9012,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) \r\n \r\nAdditional Data:\r\n \r\n \r\nInternal Timing Sequence: \n[1] 0.002010 +J(0) +M(C:0K, Fs:321, WS:1252K # 1252K, PF:5404K # 5404K, P:5404K)\n[2] 0.000401 +J(0) +M(C:0K, Fs:123, WS:492K # 492K, PF:440K # 440K, P:440K)\n[3] 0.000779 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K)\n[4] 0.000139 +J(0) +M(C:0K, Fs:31, WS:124K # 124K, PF:356K # 356K, P:356K)\n[5] 0.001522 +J(0) +M(C:0K, Fs:14, WS:56K # 56K, PF:28K # 36K, P:28K)\n[6] 0.004587 +J(0) +M(C:0K, Fs:24, WS:92K # 92K, PF:16K # 8K, P:16K)\n[7] 0.005229 -0.002107 (2) WT +J(0) +M(C:0K, Fs:268, WS:1068K # 1068K, PF:1028K # 1028K, P:1028K)\n[8] -\n[9] -\n[10] -\n[11] -\n[12] -\n[13] 0.010744 -0.000253 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1024K # 12K, P:-1024K)\n[14] 0.000017 +J(0)\n[15] 0.000070 +J(0) +M(C:0K, Fs:65, WS:260K # 0K, PF:64K # 0K, P:64K)\n[16] 0.000189 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).","lastlogsize":25387,"timestamp":1662012212,"source":"ESENT","severity":1,"eventid":105,"id":410,"clock":1689161277,"ns":433330400},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (9012,D,50) Windows: The database engine attached a database (1, C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb). (Time=0 seconds) \r\n \r\nSaved Cache: 0 0 \r\nAdditional Data: lgposAttach = 00000BC1:00B8:0268,\ndbv = 1568.110.240 \r\n \r\nInternal Timing Sequence: \n[1] 0.000003 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[2] 0.001386 -0.000241 (1) WT +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K)\n[3] 0.004039 -0.000758 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:41, WS:128K # 0K, PF:144K # 0K, P:144K)\n[4] 0.000247 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[5] -\n[6] -\n[7] -\n[8] 0.001223 -0.000909 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:51, WS:200K # 0K, PF:696K # 0K, P:696K)\n[9] 0.023243 -0.000582 (5) CM -0.022435 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:288K # 196K, P:288K)\n[10] 0.000303 -0.000220 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:96K # 96K, P:96K)\n[11] 0.000011 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K)\n[12] 0.000042 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K)\n[13] 0.0 +J(0)\n[14] 0.0 +J(0)\n[15] 0.000005 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).","lastlogsize":25388,"timestamp":1662012212,"source":"ESENT","severity":1,"eventid":326,"id":411,"clock":1689161277,"ns":438454100},{"host":"Windows host","key":"eventlog[Application]","value":"The Windows Search Service started.\n","lastlogsize":25389,"timestamp":1662012213,"source":"Microsoft-Windows-Search","severity":1,"eventid":1003,"id":412,"clock":1689161277,"ns":443629400},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed","lastlogsize":25390,"timestamp":1662012214,"source":"BrService_4_3_4_610","severity":1,"id":413,"clock":1689161277,"ns":622494200},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started","lastlogsize":25391,"timestamp":1662012215,"source":"dbupdate","severity":1,"id":414,"clock":1689161277,"ns":808623100},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25392,"timestamp":1662012215,"source":"dbupdate","severity":1,"id":415,"clock":1689161277,"ns":983741400},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service is starting.\r\nParameters:TriggerStarted:6","lastlogsize":25393,"timestamp":1662012218,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":900,"id":416,"clock":1689161277,"ns":989037100},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25394,"timestamp":1662012218,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":417,"clock":1689161277,"ns":994240200},{"host":"Windows host","key":"eventlog[Application]","value":"Initialization status for service objects.\r\nC:\\WINDOWS\\system32\\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000\n","lastlogsize":25395,"timestamp":1662012218,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1066,"id":418,"clock":1689161277,"ns":999893400},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=55c92734-d682-4d71-983e-d6ec3f16059f\r\nLicensing Status=\n1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]\n38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25396,"timestamp":1662012218,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":419,"clock":1689161278,"ns":6141900},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.","lastlogsize":25397,"timestamp":1662012218,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":420,"clock":1689161278,"ns":11693100},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.","lastlogsize":25398,"timestamp":1662012218,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":421,"clock":1689161278,"ns":17352700},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.","lastlogsize":25399,"timestamp":1662012218,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":422,"clock":1689161278,"ns":22894300},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.","lastlogsize":25400,"timestamp":1662012218,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":423,"clock":1689161278,"ns":28996500},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.","lastlogsize":25401,"timestamp":1662012218,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":424,"clock":1689161278,"ns":34730700},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has started.\r\n10.0.19041.1889","lastlogsize":25402,"timestamp":1662012219,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":902,"id":425,"clock":1689161278,"ns":39582500},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=55c92734-d682-4d71-983e-d6ec3f16059f\r\nLicensing Status=\n1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]\n38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25403,"timestamp":1662012221,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":426,"clock":1689161278,"ns":44951200},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.","lastlogsize":25404,"timestamp":1662012221,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":427,"clock":1689161278,"ns":49776900},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.","lastlogsize":25405,"timestamp":1662012221,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":428,"clock":1689161278,"ns":54673900},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.","lastlogsize":25406,"timestamp":1662012221,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":429,"clock":1689161278,"ns":59474900},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.","lastlogsize":25407,"timestamp":1662012221,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":430,"clock":1689161278,"ns":64317600},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.","lastlogsize":25408,"timestamp":1662012221,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":431,"clock":1689161278,"ns":80460000},{"host":"Windows host","key":"eventlog[Application]","value":"Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...","lastlogsize":25409,"timestamp":1662012224,"source":"DbxSvc","severity":1,"eventid":320,"id":432,"clock":1689161278,"ns":88387400},{"host":"Windows host","key":"eventlog[Application]","value":"12684","lastlogsize":25410,"timestamp":1662012232,"source":"SensorFramework-LogonTask-{100ee514-48c8-f419-6760-6fb8cb2767cd}","severity":1,"eventid":92,"id":433,"clock":1689161278,"ns":94867700},{"host":"Windows host","key":"eventlog[Application]","value":"Outlook loaded the following add-in(s):\n\n\nName: Microsoft Exchange Add-in\nDescription: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability.\nProgID: UmOutlookAddin.FormRegionAddin\nGUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\UmOutlookAddin.dll\nBoot Time (Milliseconds): 78\n\nName: Microsoft Teams Meeting Add-in for Microsoft Office\nDescription: Microsoft Teams Meeting Add-in for Microsoft Office\nProgID: TeamsAddin.FastConnect\nGUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D}\nLoad Behavior: 3\nHKLM: 0\nLocation: C:\\Users\\MihailsPrihodko\\AppData\\Local\\Microsoft\\TeamsMeetingAddin\\1.0.22209.4\\x64\\Microsoft.Teams.AddinLoader.dll\nBoot Time (Milliseconds): 16\n\nName: Outlook Social Connector 2016\nDescription: Connects to social networking sites and provides people, activity, and status information.\nProgID: OscAddin.Connect\nGUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\SOCIALCONNECTOR.DLL\nBoot Time (Milliseconds): 31\n\nName: OneNote Notes about Outlook Items\nDescription: Adds Send to OneNote and Notes about this Item buttons to the command bar\nProgID: OneNote.OutlookAddin\nGUID: {93E5752E-B889-47C5-8545-654EE2533C64}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ONBttnOL.dll\nBoot Time (Milliseconds): 31\n\nName: Microsoft VBA for Outlook Addin\nDescription: \nProgID: Microsoft.VbaAddinForOutlook.1\nGUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2}\nLoad Behavior: 9\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\OUTLVBA.DLL\nBoot Time (Milliseconds): 0\n\nName: Microsoft SharePoint Server Colleague Import Add-in\nDescription: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content\nProgID: ColleagueImport.ColleagueImportAddin\nGUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120}\nLoad Behavior: 3\nHKLM: 0\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\ColleagueImport.dll\nBoot Time (Milliseconds): 16\n\nName: HP Sure Click Outlook Add-in 4.3.4.610\nDescription: HP Sure Click Outlook Add-in 4.3.4.610\nProgID: Bromium.vSentry.OutlookAddin\nGUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\HP\\Sure Click\\4.3.4.610\\servers\\BrOutlookAddin.dll\nBoot Time (Milliseconds): 234\n","lastlogsize":25411,"timestamp":1662012248,"source":"Outlook","severity":1,"eventid":45,"id":434,"clock":1689161278,"ns":99681900},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":25412,"timestamp":1662012249,"source":"Outlook","severity":1,"eventid":63,"id":435,"clock":1689161278,"ns":104317900},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25413,"timestamp":1662012249,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":436,"clock":1689161278,"ns":109317000},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n\n","lastlogsize":25414,"timestamp":1662012249,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":437,"clock":1689161278,"ns":114098100},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25415,"timestamp":1662012313,"source":"dbupdate","severity":1,"id":438,"clock":1689161278,"ns":291242800},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped.","lastlogsize":25416,"timestamp":1662012313,"source":"edgeupdate","severity":1,"id":439,"clock":1689161278,"ns":295625800},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25417,"timestamp":1662012314,"source":"gupdate","severity":1,"id":440,"clock":1689161278,"ns":484551400},{"host":"Windows host","key":"eventlog[Application]","value":"Service started successfully.","lastlogsize":25418,"timestamp":1662012314,"source":"HP Comm Recovery","severity":1,"id":441,"clock":1689161278,"ns":489570300},{"host":"Windows host","key":"eventlog[Application]","value":"Started event manager\nStarted event manager","lastlogsize":25419,"timestamp":1662012314,"source":"IAStorDataMgrSvc","severity":1,"eventid":7303,"id":442,"clock":1689161278,"ns":494511900},{"host":"Windows host","key":"eventlog[Application]","value":"Service started successfully.","lastlogsize":25420,"timestamp":1662012314,"source":"IAStorDataMgrSvc","severity":1,"id":443,"clock":1689161278,"ns":499403000},{"host":"Windows host","key":"eventlog[Application]","value":"The Windows Security Center Service has started.","lastlogsize":25421,"timestamp":1662012316,"source":"SecurityCenter","severity":1,"eventid":1,"id":444,"clock":1689161278,"ns":504407700},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25422,"timestamp":1662012318,"source":"SecurityCenter","severity":1,"eventid":15,"id":445,"clock":1689161278,"ns":509492100},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-08T06:05:39Z. Reason: RulesEngine.","lastlogsize":25423,"timestamp":1662012339,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":446,"clock":1689161278,"ns":514636400},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has stopped.\r\n","lastlogsize":25424,"timestamp":1662012339,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":903,"id":447,"clock":1689161278,"ns":519804600},{"host":"Windows host","key":"eventlog[Application]","value":"Version : 2.0.11.0","lastlogsize":25425,"timestamp":1662012344,"source":"HP Comm Recovery","severity":1,"id":448,"clock":1689161278,"ns":524633200},{"host":"Windows host","key":"eventlog[Application]","value":"Cloud logging is enabled.","lastlogsize":25426,"timestamp":1662012344,"source":"HP Comm Recovery","severity":1,"id":449,"clock":1689161278,"ns":529482700},{"host":"Windows host","key":"eventlog[Application]","value":"Load Balance is enabled.","lastlogsize":25427,"timestamp":1662012344,"source":"HP Comm Recovery","severity":1,"id":450,"clock":1689161278,"ns":534320500}],"clock":1689161278,"ns":536192000}] 9284:20230712:142758.542 JSON back [{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.003237"}] 9284:20230712:142758.543 In check_response() response:'{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.003237"}' 9284:20230712:142758.543 info from server: 'processed: 50; failed: 0; total: 50; seconds spent: 0.003237' 9284:20230712:142758.544 End of check_response():SUCCEED 9284:20230712:142758.544 OK 9284:20230712:142758.545 End of send_buffer():SUCCEED 9284:20230712:142758.546 End of process_value():SUCCEED 9284:20230712:142758.546 In zbx_parse_eventlog_message6() EventRecordID:25428 9284:20230712:142758.547 In expand_message6() 9284:20230712:142758.548 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142758.548 ====== Fatal information: ====== 9284:20230712:142758.549 Program counter: 0x67e2cf19 9284:20230712:142758.549 === Registers: === 9284:20230712:142758.550 r8 = 18 = 24 = 24 9284:20230712:142758.550 r9 = 0 = 0 = 0 9284:20230712:142758.551 r10 = 0 = 0 = 0 9284:20230712:142758.551 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142758.552 r12 = 3862570 = 59123056 = 59123056 9284:20230712:142758.552 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142758.553 r14 = 0 = 0 = 0 9284:20230712:142758.553 r15 = 0 = 0 = 0 9284:20230712:142758.553 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142758.554 rsi = 385ee10 = 59108880 = 59108880 9284:20230712:142758.554 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142758.555 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142758.555 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142758.556 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142758.556 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142758.557 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142758.557 efl = 202 = 514 = 514 9284:20230712:142758.558 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142758.558 === Backtrace: === 9284:20230712:142758.701 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142758.702 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142758.703 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142758.703 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142758.704 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142758.706 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142758.707 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142758.708 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142758.709 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142758.709 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142758.710 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142758.711 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142758.712 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142758.713 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142758.714 ================================ 9284:20230712:142758.715 provider 'gupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142758.715 End of expand_message6():(null) 9284:20230712:142758.716 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.716 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25428 value:'The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142758.717 buffer: new element 0 9284:20230712:142758.718 End of process_value():SUCCEED 9284:20230712:142758.718 In zbx_parse_eventlog_message6() EventRecordID:25429 9284:20230712:142758.719 In expand_message6() 9284:20230712:142758.720 End of expand_message6():Service stopped. 9284:20230712:142758.721 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.721 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25429 value:'Service stopped.' 9284:20230712:142758.722 buffer: new element 1 9284:20230712:142758.722 End of process_value():SUCCEED 9284:20230712:142758.723 In zbx_parse_eventlog_message6() EventRecordID:25430 9284:20230712:142758.724 In expand_message6() 9284:20230712:142758.725 End of expand_message6():Finish Device Check 9284:20230712:142758.725 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.726 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25430 value:'Finish Device Check' 9284:20230712:142758.726 buffer: new element 2 9284:20230712:142758.727 End of process_value():SUCCEED 9284:20230712:142758.727 In zbx_parse_eventlog_message6() EventRecordID:25431 9284:20230712:142758.728 In expand_message6() 9284:20230712:142758.729 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142758.730 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.730 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25431 value:'Offline downlevel migration succeeded.' 9284:20230712:142758.731 buffer: new element 3 9284:20230712:142758.731 End of process_value():SUCCEED 9284:20230712:142758.732 In zbx_parse_eventlog_message6() EventRecordID:25432 9284:20230712:142758.732 In expand_message6() 9284:20230712:142758.734 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142758.735 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.735 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25432 value:'The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142758.736 buffer: new element 4 9284:20230712:142758.736 End of process_value():SUCCEED 9284:20230712:142758.737 In zbx_parse_eventlog_message6() EventRecordID:25433 9284:20230712:142758.737 In expand_message6() 9284:20230712:142758.739 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip. 9284:20230712:142758.739 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.740 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25433 value:'Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.' 9284:20230712:142758.740 buffer: new element 5 9284:20230712:142758.741 End of process_value():SUCCEED 9284:20230712:142758.741 In zbx_parse_eventlog_message6() EventRecordID:25434 9284:20230712:142758.742 In expand_message6() 9284:20230712:142758.743 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip. 9284:20230712:142758.744 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.744 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25434 value:'Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.' 9284:20230712:142758.745 buffer: new element 6 9284:20230712:142758.745 End of process_value():SUCCEED 9284:20230712:142758.745 In zbx_parse_eventlog_message6() EventRecordID:25435 9284:20230712:142758.746 In expand_message6() 9284:20230712:142758.748 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip. 9284:20230712:142758.748 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.749 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25435 value:'Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.' 9284:20230712:142758.749 buffer: new element 7 9284:20230712:142758.749 End of process_value():SUCCEED 9284:20230712:142758.750 In zbx_parse_eventlog_message6() EventRecordID:25436 9284:20230712:142758.750 In expand_message6() 9284:20230712:142758.752 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip. 9284:20230712:142758.752 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.753 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25436 value:'Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.' 9284:20230712:142758.753 buffer: new element 8 9284:20230712:142758.754 End of process_value():SUCCEED 9284:20230712:142758.754 In zbx_parse_eventlog_message6() EventRecordID:25437 9284:20230712:142758.755 In expand_message6() 9284:20230712:142758.756 End of expand_message6():Updated policy Kernel-RegisteredProcessors with value of 2 from Clip. 9284:20230712:142758.757 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.757 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25437 value:'Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.' 9284:20230712:142758.758 buffer: new element 9 9284:20230712:142758.758 End of process_value():SUCCEED 9284:20230712:142758.759 In zbx_parse_eventlog_message6() EventRecordID:25438 9284:20230712:142758.759 In expand_message6() 9284:20230712:142758.761 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-08T06:10:35Z. Reason: RulesEngine. 9284:20230712:142758.761 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.762 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25438 value:'Successfully scheduled Software Protection service for re-start at 2122-08-08T06:10:35Z. Reason: RulesEngine.' 9284:20230712:142758.763 buffer: new element 10 9284:20230712:142758.763 End of process_value():SUCCEED 9284:20230712:142758.764 In zbx_parse_eventlog_message6() EventRecordID:25439 9284:20230712:142758.764 In expand_message6() 9284:20230712:142758.765 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142758.765 ====== Fatal information: ====== 9284:20230712:142758.766 Program counter: 0x67e2cf19 9284:20230712:142758.767 === Registers: === 9284:20230712:142758.767 r8 = 18 = 24 = 24 9284:20230712:142758.768 r9 = 0 = 0 = 0 9284:20230712:142758.768 r10 = 0 = 0 = 0 9284:20230712:142758.769 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142758.769 r12 = 3863770 = 59127664 = 59127664 9284:20230712:142758.770 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142758.770 r14 = 0 = 0 = 0 9284:20230712:142758.771 r15 = 0 = 0 = 0 9284:20230712:142758.771 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142758.772 rsi = 385e690 = 59106960 = 59106960 9284:20230712:142758.772 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142758.773 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142758.774 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142758.774 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142758.775 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142758.775 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142758.776 efl = 202 = 514 = 514 9284:20230712:142758.776 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142758.777 === Backtrace: === 9284:20230712:142758.921 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142758.922 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142758.922 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142758.923 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142758.924 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142758.926 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142758.927 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142758.928 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142758.929 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142758.929 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142758.930 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142758.931 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142758.932 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142758.932 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142758.937 ================================ 9284:20230712:142758.938 provider 'gupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142758.939 End of expand_message6():(null) 9284:20230712:142758.939 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.940 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25439 value:'The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142758.941 buffer: new element 11 9284:20230712:142758.941 End of process_value():SUCCEED 9284:20230712:142758.942 In zbx_parse_eventlog_message6() EventRecordID:25440 9284:20230712:142758.943 In expand_message6() 9284:20230712:142758.944 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142758.945 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.946 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25440 value:'Offline downlevel migration succeeded.' 9284:20230712:142758.946 buffer: new element 12 9284:20230712:142758.947 End of process_value():SUCCEED 9284:20230712:142758.948 In zbx_parse_eventlog_message6() EventRecordID:25441 9284:20230712:142758.948 In expand_message6() 9284:20230712:142758.950 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142758.951 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.951 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25441 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142758.952 buffer: new element 13 9284:20230712:142758.952 End of process_value():SUCCEED 9284:20230712:142758.953 In zbx_parse_eventlog_message6() EventRecordID:25442 9284:20230712:142758.954 In expand_message6() 9284:20230712:142758.955 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-08T06:13:45Z. Reason: RulesEngine. 9284:20230712:142758.956 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.957 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25442 value:'Successfully scheduled Software Protection service for re-start at 2122-08-08T06:13:45Z. Reason: RulesEngine.' 9284:20230712:142758.957 buffer: new element 14 9284:20230712:142758.958 End of process_value():SUCCEED 9284:20230712:142758.958 In zbx_parse_eventlog_message6() EventRecordID:25443 9284:20230712:142758.959 In expand_message6() 9284:20230712:142758.961 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142758.961 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.962 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25443 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142758.962 buffer: new element 15 9284:20230712:142758.963 End of process_value():SUCCEED 9284:20230712:142758.964 In zbx_parse_eventlog_message6() EventRecordID:25444 9284:20230712:142758.964 In expand_message6() 9284:20230712:142758.966 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142758.966 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.967 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25444 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142758.968 buffer: new element 16 9284:20230712:142758.968 End of process_value():SUCCEED 9284:20230712:142758.969 In zbx_parse_eventlog_message6() EventRecordID:25445 9284:20230712:142758.970 In expand_message6() 9284:20230712:142758.971 End of expand_message6():svchost (4552,P,98) DS_Token_DB: The database engine (10.00.19044.0000) is starting a new instance (0). 9284:20230712:142758.972 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.972 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25445 value:'svchost (4552,P,98) DS_Token_DB: The database engine (10.00.19044.0000) is starting a new instance (0).' 9284:20230712:142758.973 buffer: new element 17 9284:20230712:142758.974 End of process_value():SUCCEED 9284:20230712:142758.974 In zbx_parse_eventlog_message6() EventRecordID:25446 9284:20230712:142758.975 In expand_message6() 9284:20230712:142758.977 End of expand_message6():svchost (4552,R,98) DS_Token_DB: The database engine is initiating recovery steps. 9284:20230712:142758.977 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.978 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25446 value:'svchost (4552,R,98) DS_Token_DB: The database engine is initiating recovery steps.' 9284:20230712:142758.978 buffer: new element 18 9284:20230712:142758.979 End of process_value():SUCCEED 9284:20230712:142758.980 In zbx_parse_eventlog_message6() EventRecordID:25447 9284:20230712:142758.980 In expand_message6() 9284:20230712:142758.982 End of expand_message6():svchost (4552,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Processing Stats: [1] 0.026825 -0.006069 (8) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:32448/22) +M(C:0K, Fs:85, WS:200K # 152K, PF:140K # 76K, P:140K). Log record of type 'AttachDB ' was seen most frequently (2 times) 9284:20230712:142758.982 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.983 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25447 value:'svchost (4552,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Processing Stats: [1] 0.026825 -0.006069 (8) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:32448/22) +M(C:0K, Fs:85, WS:200K # 152K, PF:140K # 76K, P:140K). Log record of type 'AttachDB ' was seen most frequently (2 times)' 9284:20230712:142758.984 buffer: new element 19 9284:20230712:142758.984 End of process_value():SUCCEED 9284:20230712:142758.985 In zbx_parse_eventlog_message6() EventRecordID:25448 9284:20230712:142758.985 In expand_message6() 9284:20230712:142758.987 End of expand_message6():svchost (4552,U,98) DS_Token_DB: The database engine has successfully completed recovery steps. 9284:20230712:142758.988 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.988 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25448 value:'svchost (4552,U,98) DS_Token_DB: The database engine has successfully completed recovery steps.' 9284:20230712:142758.989 buffer: new element 20 9284:20230712:142758.990 End of process_value():SUCCEED 9284:20230712:142758.990 In zbx_parse_eventlog_message6() EventRecordID:25449 9284:20230712:142758.991 In expand_message6() 9284:20230712:142758.992 End of expand_message6():svchost (4552,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 0000001F:0001:0000 - 0000001F:0008:0039 - 0000001F:0009:0000 - 0000001F:0009:0000 (00000000:0000:0000) cReInits = 2 Internal Timing Sequence: [1] 0.000961 +J(0) +M(C:0K, Fs:148, WS:568K # 568K, PF:2772K # 2772K, P:2772K) [2] 0.000417 +J(0) +M(C:8K, Fs:181, WS:716K # 716K, PF:1212K # 1212K, P:1212K) [3] 0.000021 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K) [4] 0.000137 +J(0) +M(C:0K, Fs:78, WS:312K # 312K, PF:164K # 164K, P:164K) [5] 0.002444 +J(0) +M(C:0K, Fs:19, WS:76K # 76K, PF:20K # 20K, P:20K) [6] 0.006052 +J(0) +M(C:0K, Fs:26, WS:104K # 104K, PF:12K # 12K, P:12K) [7] 0.003647 -0.000517 (2) WT +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:64K # 64K, P:64K) [8] 0.039649 -0.006779 (12) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:32448/22) +M(C:0K, Fs:146, WS:368K # 372K, PF:240K # 244K, P:240K) [9] 0.000651 +J(0) +M(C:0K, Fs:7, WS:28K # 24K, PF:0K # 0K, P:0K) [10] 0.001226 -0.000359 (1) WT +J(0) +M(C:0K, Fs:14, WS:-4K # 8K, PF:8K # 48K, P:8K) [11] 0.000019 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [12] 0.004588 -0.000238 (1) WT +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.051361 -0.000548 (2) CM -0.006177 (23) WT +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:52, WS:88K # 148K, PF:160K # 184K, P:160K) [14] 0.000030 +J(0) [15] 0.000016 +J(0) [16] 0.000790 -0.000103 (1) WT +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K). 9284:20230712:142758.993 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.994 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25449 value:'svchost (4552,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 0000001F:0001:0000 - 0000001F:0008:0039 - 0000001F:0009:0000 - 0000001F:0009:0000 (00000000:0000:0000) cReInits = 2 Internal Timing Sequence: [1] 0.000961 +J(0) +M(C:0K, Fs:148, WS:568K # 568K, PF:2772K # 2772K, P:2772K) [2] 0.000417 +J(0) +M(C:8K, Fs:181, WS:716K # 716K, PF:1212K # 1212K, P:1212K) [3] 0.000021 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K) [4] 0.000137 +J(0) +M(C:0K, Fs:78, WS:312K # 312K, PF:164K # 164K, P:164K) [5] 0.002444 +J(0) +M(C:0K, Fs:19, WS:76K # 76K, PF:20K # 20K, P:20K) [6] 0.006052 +J(0) +M(C:0K, Fs:26, WS:104K # 104K, PF:12K # 12K, P:12K) [7] 0.003647 -0.000517 (2) WT +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:64K # 64K, P:64K) [8] 0.039649 -0.006779 (12) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:32448/22) +M(C:0K, Fs:146, WS:368K # 372K, PF:240K # 244K, P:240K) [9] 0.000651 +J(0) +M(C:0K, Fs:7, WS:28K # 24K, PF:0K # 0K, P:0K) [10] 0.001226 -0.000359 (1) WT +J(0) +M(C:0K, Fs:14, WS:-4K # 8K, PF:8K # 48K, P:8K) [11] 0.000019 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [12] 0.004588 -0.000238 (1) WT +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.051361 -0.000548 (2) CM -0.006177 (23) WT +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:52, WS:88K # 148K, PF:160K # 184K, P:160K) [14] 0.000030 +J(0) [15] 0.000016 +J(0) [16] 0.000790 -0.000103 (1) WT +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).' 9284:20230712:142758.994 buffer: new element 21 9284:20230712:142758.995 End of process_value():SUCCEED 9284:20230712:142758.995 In zbx_parse_eventlog_message6() EventRecordID:25450 9284:20230712:142758.996 In expand_message6() 9284:20230712:142758.998 End of expand_message6():svchost (4552,D,50) DS_Token_DB: The database engine attached a database (1, C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 0000001F:000B:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000003 +J(0) [2] 0.000923 -0.000233 (1) WT +J(0) +M(C:0K, Fs:17, WS:4K # 8K, PF:4K # 0K, P:4K) [3] 0.008267 -0.000804 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:12, WS:44K # 0K, PF:40K # 0K, P:40K) [4] 0.002040 +J(0) [5] - [6] - [7] - [8] 0.000587 -0.000434 (2) CM -0.000341 (2) WT +J(CM:2, PgRf:2, Rd:4/2, Dy:0/0, Lg:54/1) +M(C:8K, Fs:5, WS:20K # 0K, PF:28K # 4K, P:28K) [9] 0.001001 -0.000504 (3) CM -0.000391 (3) WT +J(CM:3, PgRf:23, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:29, WS:108K # 108K, PF:196K # 204K, P:196K) [10] 0.000819 -0.000524 (2) CM -0.000423 (2) WT +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:64K # 56K, P:64K) [11] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000049 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [13] 0.0 +J(0) [14] 0.0 +J(0) [15] 0.000020 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0). 9284:20230712:142758.998 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142758.999 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25450 value:'svchost (4552,D,50) DS_Token_DB: The database engine attached a database (1, C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 0000001F:000B:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000003 +J(0) [2] 0.000923 -0.000233 (1) WT +J(0) +M(C:0K, Fs:17, WS:4K # 8K, PF:4K # 0K, P:4K) [3] 0.008267 -0.000804 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:12, WS:44K # 0K, PF:40K # 0K, P:40K) [4] 0.002040 +J(0) [5] - [6] - [7] - [8] 0.000587 -0.000434 (2) CM -0.000341 (2) WT +J(CM:2, PgRf:2, Rd:4/2, Dy:0/0, Lg:54/1) +M(C:8K, Fs:5, WS:20K # 0K, PF:28K # 4K, P:28K) [9] 0.001001 -0.000504 (3) CM -0.000391 (3) WT +J(CM:3, PgRf:23, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:29, WS:108K # 108K, PF:196K # 204K, P:196K) [10] 0.000819 -0.000524 (2) CM -0.000423 (2) WT +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:64K # 56K, P:64K) [11] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000049 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [13] 0.0 +J(0) [14] 0.0 +J(0) [15] 0.000020 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).' 9284:20230712:142759.000 buffer: new element 22 9284:20230712:142759.000 End of process_value():SUCCEED 9284:20230712:142759.001 In zbx_parse_eventlog_message6() EventRecordID:25451 9284:20230712:142759.002 In expand_message6() 9284:20230712:142759.003 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142759.004 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.004 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25451 value:'Offline downlevel migration succeeded.' 9284:20230712:142759.005 buffer: new element 23 9284:20230712:142759.005 End of process_value():SUCCEED 9284:20230712:142759.006 In zbx_parse_eventlog_message6() EventRecordID:25452 9284:20230712:142759.006 In expand_message6() 9284:20230712:142759.008 End of expand_message6():Starting session 1 - ‎2022‎-‎09‎-‎01T06:30:51.174587500Z. 9284:20230712:142759.009 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.009 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25452 value:'Starting session 1 - ‎2022‎-‎09‎-‎01T06:30:51.174587500Z.' 9284:20230712:142759.010 buffer: new element 24 9284:20230712:142759.010 End of process_value():SUCCEED 9284:20230712:142759.011 In zbx_parse_eventlog_message6() EventRecordID:25453 9284:20230712:142759.011 In expand_message6() 9284:20230712:142759.013 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-08T06:31:03Z. Reason: RulesEngine. 9284:20230712:142759.013 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.014 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25453 value:'Successfully scheduled Software Protection service for re-start at 2122-08-08T06:31:03Z. Reason: RulesEngine.' 9284:20230712:142759.014 buffer: new element 25 9284:20230712:142759.015 End of process_value():SUCCEED 9284:20230712:142759.015 In zbx_parse_eventlog_message6() EventRecordID:25454 9284:20230712:142759.016 In expand_message6() 9284:20230712:142759.017 End of expand_message6():Starting reconciliation for the store C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.nst for the following reason: Automatic Reconciliation. 9284:20230712:142759.017 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.018 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25454 value:'Starting reconciliation for the store C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.nst for the following reason: Automatic Reconciliation.' 9284:20230712:142759.018 buffer: new element 26 9284:20230712:142759.019 End of process_value():SUCCEED 9284:20230712:142759.019 In zbx_parse_eventlog_message6() EventRecordID:25455 9284:20230712:142759.020 In expand_message6() 9284:20230712:142759.021 End of expand_message6():Starting reconciliation for the store C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.ost for the following reason: Automatic Reconciliation. 9284:20230712:142759.021 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.022 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25455 value:'Starting reconciliation for the store C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.ost for the following reason: Automatic Reconciliation.' 9284:20230712:142759.022 buffer: new element 27 9284:20230712:142759.023 End of process_value():SUCCEED 9284:20230712:142759.023 In zbx_parse_eventlog_message6() EventRecordID:25456 9284:20230712:142759.024 In expand_message6() 9284:20230712:142759.025 End of expand_message6():Reconciliation completed for the following store: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.ost. Stats: Added: 0, Deleted: 0, Modified: 1, Compared: 2031, Queries: 0, Results: 0, Version: 16.0.15427.20060. 9284:20230712:142759.026 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.026 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25456 value:'Reconciliation completed for the following store: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.ost. Stats: Added: 0, Deleted: 0, Modified: 1, Compared: 2031, Queries: 0, Results: 0, Version: 16.0.15427.20060.' 9284:20230712:142759.027 buffer: new element 28 9284:20230712:142759.027 End of process_value():SUCCEED 9284:20230712:142759.027 In zbx_parse_eventlog_message6() EventRecordID:25457 9284:20230712:142759.028 In expand_message6() 9284:20230712:142759.029 End of expand_message6():Reconciliation completed for the following store: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.nst. Stats: Added: 0, Deleted: 0, Modified: 0, Compared: 577, Queries: 0, Results: 0, Version: 16.0.15427.20060. 9284:20230712:142759.030 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.030 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25457 value:'Reconciliation completed for the following store: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.nst. Stats: Added: 0, Deleted: 0, Modified: 0, Compared: 577, Queries: 0, Results: 0, Version: 16.0.15427.20060.' 9284:20230712:142759.031 buffer: new element 29 9284:20230712:142759.031 End of process_value():SUCCEED 9284:20230712:142759.032 In zbx_parse_eventlog_message6() EventRecordID:25458 9284:20230712:142759.032 In expand_message6() 9284:20230712:142759.034 End of expand_message6():Ending session 1 started ‎2022‎-‎09‎-‎01T06:30:51.174587500Z. 9284:20230712:142759.034 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.035 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25458 value:'Ending session 1 started ‎2022‎-‎09‎-‎01T06:30:51.174587500Z.' 9284:20230712:142759.035 buffer: new element 30 9284:20230712:142759.036 End of process_value():SUCCEED 9284:20230712:142759.036 In zbx_parse_eventlog_message6() EventRecordID:25459 9284:20230712:142759.037 In expand_message6() 9284:20230712:142759.038 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142759.039 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.039 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25459 value:'Offline downlevel migration succeeded.' 9284:20230712:142759.040 buffer: new element 31 9284:20230712:142759.040 End of process_value():SUCCEED 9284:20230712:142759.041 In zbx_parse_eventlog_message6() EventRecordID:25460 9284:20230712:142759.041 In expand_message6() 9284:20230712:142759.043 End of expand_message6():Starting session 1 - ‎2022‎-‎09‎-‎01T07:04:01.659476000Z. 9284:20230712:142759.044 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.044 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25460 value:'Starting session 1 - ‎2022‎-‎09‎-‎01T07:04:01.659476000Z.' 9284:20230712:142759.045 buffer: new element 32 9284:20230712:142759.045 End of process_value():SUCCEED 9284:20230712:142759.046 In zbx_parse_eventlog_message6() EventRecordID:25461 9284:20230712:142759.046 In expand_message6() 9284:20230712:142759.048 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-08T07:04:18Z. Reason: RulesEngine. 9284:20230712:142759.048 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.049 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25461 value:'Successfully scheduled Software Protection service for re-start at 2122-08-08T07:04:18Z. Reason: RulesEngine.' 9284:20230712:142759.049 buffer: new element 33 9284:20230712:142759.050 End of process_value():SUCCEED 9284:20230712:142759.050 In zbx_parse_eventlog_message6() EventRecordID:25462 9284:20230712:142759.051 In expand_message6() 9284:20230712:142759.052 End of expand_message6():Ending session 1 started ‎2022‎-‎09‎-‎01T07:04:01.659476000Z. 9284:20230712:142759.053 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.053 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25462 value:'Ending session 1 started ‎2022‎-‎09‎-‎01T07:04:01.659476000Z.' 9284:20230712:142759.054 buffer: new element 34 9284:20230712:142759.054 End of process_value():SUCCEED 9284:20230712:142759.055 In zbx_parse_eventlog_message6() EventRecordID:25463 9284:20230712:142759.055 In expand_message6() 9284:20230712:142759.057 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142759.057 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.058 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25463 value:'Offline downlevel migration succeeded.' 9284:20230712:142759.059 buffer: new element 35 9284:20230712:142759.059 End of process_value():SUCCEED 9284:20230712:142759.060 In zbx_parse_eventlog_message6() EventRecordID:25464 9284:20230712:142759.060 In expand_message6() 9284:20230712:142759.062 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-08T08:08:38Z. Reason: RulesEngine. 9284:20230712:142759.062 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.063 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25464 value:'Successfully scheduled Software Protection service for re-start at 2122-08-08T08:08:38Z. Reason: RulesEngine.' 9284:20230712:142759.064 buffer: new element 36 9284:20230712:142759.064 End of process_value():SUCCEED 9284:20230712:142759.065 In zbx_parse_eventlog_message6() EventRecordID:25465 9284:20230712:142759.065 In expand_message6() 9284:20230712:142759.067 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142759.067 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.068 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25465 value:'Offline downlevel migration succeeded.' 9284:20230712:142759.068 buffer: new element 37 9284:20230712:142759.069 End of process_value():SUCCEED 9284:20230712:142759.070 In zbx_parse_eventlog_message6() EventRecordID:25466 9284:20230712:142759.070 In expand_message6() 9284:20230712:142759.072 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-08T09:13:47Z. Reason: RulesEngine. 9284:20230712:142759.072 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.073 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25466 value:'Successfully scheduled Software Protection service for re-start at 2122-08-08T09:13:47Z. Reason: RulesEngine.' 9284:20230712:142759.073 buffer: new element 38 9284:20230712:142759.074 End of process_value():SUCCEED 9284:20230712:142759.074 In zbx_parse_eventlog_message6() EventRecordID:25467 9284:20230712:142759.075 In expand_message6() 9284:20230712:142759.077 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142759.077 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.078 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25467 value:'Offline downlevel migration succeeded.' 9284:20230712:142759.078 buffer: new element 39 9284:20230712:142759.079 End of process_value():SUCCEED 9284:20230712:142759.080 In zbx_parse_eventlog_message6() EventRecordID:25468 9284:20230712:142759.080 In expand_message6() 9284:20230712:142759.082 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-08T09:20:13Z. Reason: RulesEngine. 9284:20230712:142759.082 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.083 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25468 value:'Successfully scheduled Software Protection service for re-start at 2122-08-08T09:20:13Z. Reason: RulesEngine.' 9284:20230712:142759.083 buffer: new element 40 9284:20230712:142759.084 End of process_value():SUCCEED 9284:20230712:142759.084 In zbx_parse_eventlog_message6() EventRecordID:25469 9284:20230712:142759.085 In expand_message6() 9284:20230712:142759.087 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142759.087 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.088 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25469 value:'Offline downlevel migration succeeded.' 9284:20230712:142759.088 buffer: new element 41 9284:20230712:142759.089 End of process_value():SUCCEED 9284:20230712:142759.090 In zbx_parse_eventlog_message6() EventRecordID:25470 9284:20230712:142759.090 In expand_message6() 9284:20230712:142759.092 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-08T09:26:33Z. Reason: RulesEngine. 9284:20230712:142759.092 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.093 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25470 value:'Successfully scheduled Software Protection service for re-start at 2122-08-08T09:26:33Z. Reason: RulesEngine.' 9284:20230712:142759.094 buffer: new element 42 9284:20230712:142759.094 End of process_value():SUCCEED 9284:20230712:142759.095 In zbx_parse_eventlog_message6() EventRecordID:25471 9284:20230712:142759.095 In expand_message6() 9284:20230712:142759.097 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142759.097 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.098 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25471 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142759.099 buffer: new element 43 9284:20230712:142759.099 End of process_value():SUCCEED 9284:20230712:142759.100 In zbx_parse_eventlog_message6() EventRecordID:25472 9284:20230712:142759.100 In expand_message6() 9284:20230712:142759.102 End of expand_message6():Successfully created restore point (Process = C:\WINDOWS\system32\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint). 9284:20230712:142759.103 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.103 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25472 value:'Successfully created restore point (Process = C:\WINDOWS\system32\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint).' 9284:20230712:142759.104 buffer: new element 44 9284:20230712:142759.105 End of process_value():SUCCEED 9284:20230712:142759.105 In zbx_parse_eventlog_message6() EventRecordID:25473 9284:20230712:142759.106 In expand_message6() 9284:20230712:142759.107 End of expand_message6():Successfully created scheduled restore point. 9284:20230712:142759.108 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.109 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25473 value:'Successfully created scheduled restore point.' 9284:20230712:142759.109 buffer: new element 45 9284:20230712:142759.110 End of process_value():SUCCEED 9284:20230712:142759.110 In zbx_parse_eventlog_message6() EventRecordID:25474 9284:20230712:142759.111 In expand_message6() 9284:20230712:142759.113 End of expand_message6():Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3. 9284:20230712:142759.113 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.114 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25474 value:'Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3.' 9284:20230712:142759.114 buffer: new element 46 9284:20230712:142759.115 End of process_value():SUCCEED 9284:20230712:142759.115 In zbx_parse_eventlog_message6() EventRecordID:25475 9284:20230712:142759.116 In expand_message6() 9284:20230712:142759.118 End of expand_message6():Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3. 9284:20230712:142759.118 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.119 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25475 value:'Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3.' 9284:20230712:142759.119 buffer: new element 47 9284:20230712:142759.120 End of process_value():SUCCEED 9284:20230712:142759.120 In zbx_parse_eventlog_message6() EventRecordID:25476 9284:20230712:142759.121 In expand_message6() 9284:20230712:142759.122 End of expand_message6():Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3. 9284:20230712:142759.123 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.124 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25476 value:'Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3.' 9284:20230712:142759.124 buffer: new element 48 9284:20230712:142759.125 End of process_value():SUCCEED 9284:20230712:142759.125 In zbx_parse_eventlog_message6() EventRecordID:25477 9284:20230712:142759.126 In expand_message6() 9284:20230712:142759.128 End of expand_message6():The VSS service is shutting down due to idle timeout. 9284:20230712:142759.128 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.129 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25477 value:'The VSS service is shutting down due to idle timeout. ' 9284:20230712:142759.129 buffer: new element 49 9284:20230712:142759.130 In send_buffer() host:'192.168.56.201' port:10051 entries:50/100 9284:20230712:142759.131 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:60, connection timeout:3] 9284:20230712:142759.132 JSON before sending [{"request":"agent data","session":"4027be861358abcc6136983f1f36335c","data":[{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25428,"timestamp":1662012360,"source":"gupdate","severity":1,"id":451,"clock":1689161278,"ns":717606300},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped.","lastlogsize":25429,"timestamp":1662012446,"source":"edgeupdate","severity":1,"id":452,"clock":1689161278,"ns":722367600},{"host":"Windows host","key":"eventlog[Application]","value":"Finish Device Check","lastlogsize":25430,"timestamp":1662012524,"source":"HP Comm Recovery","severity":1,"eventid":1,"id":453,"clock":1689161278,"ns":726898500},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25431,"timestamp":1662012547,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":454,"clock":1689161278,"ns":731308800},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=55c92734-d682-4d71-983e-d6ec3f16059f\r\nLicensing Status=\n1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]\n38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25432,"timestamp":1662012547,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":455,"clock":1689161278,"ns":736242700},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.","lastlogsize":25433,"timestamp":1662012547,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":456,"clock":1689161278,"ns":740661900},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.","lastlogsize":25434,"timestamp":1662012547,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":457,"clock":1689161278,"ns":745095700},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.","lastlogsize":25435,"timestamp":1662012547,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":458,"clock":1689161278,"ns":749554000},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.","lastlogsize":25436,"timestamp":1662012547,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":459,"clock":1689161278,"ns":753969800},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.","lastlogsize":25437,"timestamp":1662012547,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":460,"clock":1689161278,"ns":758365500},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-08T06:10:35Z. Reason: RulesEngine.","lastlogsize":25438,"timestamp":1662012635,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":461,"clock":1689161278,"ns":763155000},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25439,"timestamp":1662012700,"source":"gupdate","severity":1,"id":462,"clock":1689161278,"ns":941413100},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25440,"timestamp":1662012792,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":463,"clock":1689161278,"ns":946944500},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25441,"timestamp":1662012794,"source":"SecurityCenter","severity":1,"eventid":15,"id":464,"clock":1689161278,"ns":952346600},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-08T06:13:45Z. Reason: RulesEngine.","lastlogsize":25442,"timestamp":1662012825,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":465,"clock":1689161278,"ns":957757900},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25443,"timestamp":1662012835,"source":"SecurityCenter","severity":1,"eventid":15,"id":466,"clock":1689161278,"ns":963046100},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25444,"timestamp":1662012837,"source":"SecurityCenter","severity":1,"eventid":15,"id":467,"clock":1689161278,"ns":968334700},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (4552,P,98) DS_Token_DB: The database engine (10.00.19044.0000) is starting a new instance (0).","lastlogsize":25445,"timestamp":1662013832,"source":"ESENT","severity":1,"eventid":102,"id":468,"clock":1689161278,"ns":973760500},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (4552,R,98) DS_Token_DB: The database engine is initiating recovery steps.","lastlogsize":25446,"timestamp":1662013832,"source":"ESENT","severity":1,"eventid":300,"id":469,"clock":1689161278,"ns":978996600},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (4552,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\\WINDOWS\\system32\\config\\systemprofile\\AppData\\Local\\DataSharing\\Storage\\DSS.log. \r\n \r\nProcessing Stats: \n[1] 0.026825 -0.006069 (8) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:32448/22) +M(C:0K, Fs:85, WS:200K # 152K, PF:140K # 76K, P:140K). \r\nLog record of type 'AttachDB ' was seen most frequently (2 times)","lastlogsize":25447,"timestamp":1662013832,"source":"ESENT","severity":1,"eventid":301,"id":470,"clock":1689161278,"ns":984260100},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (4552,U,98) DS_Token_DB: The database engine has successfully completed recovery steps.","lastlogsize":25448,"timestamp":1662013832,"source":"ESENT","severity":1,"eventid":302,"id":471,"clock":1689161278,"ns":989546400},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (4552,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) \r\n \r\nAdditional Data:\r\n lgposV2[] = 0000001F:0001:0000 - 0000001F:0008:0039 - 0000001F:0009:0000 - 0000001F:0009:0000 (00000000:0000:0000)\ncReInits = 2\n \r\n \r\nInternal Timing Sequence: \n[1] 0.000961 +J(0) +M(C:0K, Fs:148, WS:568K # 568K, PF:2772K # 2772K, P:2772K)\n[2] 0.000417 +J(0) +M(C:8K, Fs:181, WS:716K # 716K, PF:1212K # 1212K, P:1212K)\n[3] 0.000021 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K)\n[4] 0.000137 +J(0) +M(C:0K, Fs:78, WS:312K # 312K, PF:164K # 164K, P:164K)\n[5] 0.002444 +J(0) +M(C:0K, Fs:19, WS:76K # 76K, PF:20K # 20K, P:20K)\n[6] 0.006052 +J(0) +M(C:0K, Fs:26, WS:104K # 104K, PF:12K # 12K, P:12K)\n[7] 0.003647 -0.000517 (2) WT +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:64K # 64K, P:64K)\n[8] 0.039649 -0.006779 (12) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:32448/22) +M(C:0K, Fs:146, WS:368K # 372K, PF:240K # 244K, P:240K)\n[9] 0.000651 +J(0) +M(C:0K, Fs:7, WS:28K # 24K, PF:0K # 0K, P:0K)\n[10] 0.001226 -0.000359 (1) WT +J(0) +M(C:0K, Fs:14, WS:-4K # 8K, PF:8K # 48K, P:8K)\n[11] 0.000019 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[12] 0.004588 -0.000238 (1) WT +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[13] 0.051361 -0.000548 (2) CM -0.006177 (23) WT +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:52, WS:88K # 148K, PF:160K # 184K, P:160K)\n[14] 0.000030 +J(0)\n[15] 0.000016 +J(0)\n[16] 0.000790 -0.000103 (1) WT +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).","lastlogsize":25449,"timestamp":1662013832,"source":"ESENT","severity":1,"eventid":105,"id":472,"clock":1689161278,"ns":994782200},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (4552,D,50) DS_Token_DB: The database engine attached a database (1, C:\\WINDOWS\\system32\\config\\systemprofile\\AppData\\Local\\DataSharing\\Storage\\DSTokenDB2.dat). (Time=0 seconds) \r\n \r\nSaved Cache: 1 0 \r\nAdditional Data: lgposAttach = 0000001F:000B:0268,\ndbv = 1568.110.240 \r\n \r\nInternal Timing Sequence: \n[1] 0.000003 +J(0)\n[2] 0.000923 -0.000233 (1) WT +J(0) +M(C:0K, Fs:17, WS:4K # 8K, PF:4K # 0K, P:4K)\n[3] 0.008267 -0.000804 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:12, WS:44K # 0K, PF:40K # 0K, P:40K)\n[4] 0.002040 +J(0)\n[5] -\n[6] -\n[7] -\n[8] 0.000587 -0.000434 (2) CM -0.000341 (2) WT +J(CM:2, PgRf:2, Rd:4/2, Dy:0/0, Lg:54/1) +M(C:8K, Fs:5, WS:20K # 0K, PF:28K # 4K, P:28K)\n[9] 0.001001 -0.000504 (3) CM -0.000391 (3) WT +J(CM:3, PgRf:23, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:29, WS:108K # 108K, PF:196K # 204K, P:196K)\n[10] 0.000819 -0.000524 (2) CM -0.000423 (2) WT +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:64K # 56K, P:64K)\n[11] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K)\n[12] 0.000049 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K)\n[13] 0.0 +J(0)\n[14] 0.0 +J(0)\n[15] 0.000020 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).","lastlogsize":25450,"timestamp":1662013832,"source":"ESENT","severity":1,"eventid":326,"id":473,"clock":1689161279,"ns":270500},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25451,"timestamp":1662013834,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":474,"clock":1689161279,"ns":5408500},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 1 - ‎2022‎-‎09‎-‎01T06:30:51.174587500Z.","lastlogsize":25452,"timestamp":1662013851,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":475,"clock":1689161279,"ns":10212600},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-08T06:31:03Z. Reason: RulesEngine.","lastlogsize":25453,"timestamp":1662013863,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":476,"clock":1689161279,"ns":14676500},{"host":"Windows host","key":"eventlog[Application]","value":"Starting reconciliation for the store C:\\Users\\MihailsPrihodko\\AppData\\Local\\Microsoft\\Outlook\\mihails.prihodko@zabbix.com.nst for the following reason: Automatic Reconciliation.","lastlogsize":25454,"timestamp":1662013912,"source":"Outlook","severity":1,"eventid":30,"id":477,"clock":1689161279,"ns":18846700},{"host":"Windows host","key":"eventlog[Application]","value":"Starting reconciliation for the store C:\\Users\\MihailsPrihodko\\AppData\\Local\\Microsoft\\Outlook\\mihails.prihodko@zabbix.com.ost for the following reason: Automatic Reconciliation.","lastlogsize":25455,"timestamp":1662013912,"source":"Outlook","severity":1,"eventid":30,"id":478,"clock":1689161279,"ns":22974200},{"host":"Windows host","key":"eventlog[Application]","value":"Reconciliation completed for the following store: C:\\Users\\MihailsPrihodko\\AppData\\Local\\Microsoft\\Outlook\\mihails.prihodko@zabbix.com.ost. Stats: Added: 0, Deleted: 0, Modified: 1, Compared: 2031, Queries: 0, Results: 0, Version: 16.0.15427.20060.","lastlogsize":25456,"timestamp":1662013921,"source":"Outlook","severity":1,"eventid":38,"id":479,"clock":1689161279,"ns":27111500},{"host":"Windows host","key":"eventlog[Application]","value":"Reconciliation completed for the following store: C:\\Users\\MihailsPrihodko\\AppData\\Local\\Microsoft\\Outlook\\mihails.prihodko@zabbix.com.nst. Stats: Added: 0, Deleted: 0, Modified: 0, Compared: 577, Queries: 0, Results: 0, Version: 16.0.15427.20060.","lastlogsize":25457,"timestamp":1662013925,"source":"Outlook","severity":1,"eventid":38,"id":480,"clock":1689161279,"ns":31315600},{"host":"Windows host","key":"eventlog[Application]","value":"Ending session 1 started ‎2022‎-‎09‎-‎01T06:30:51.174587500Z.","lastlogsize":25458,"timestamp":1662013949,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10001,"id":481,"clock":1689161279,"ns":36001400},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25459,"timestamp":1662015828,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":482,"clock":1689161279,"ns":40466500},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 1 - ‎2022‎-‎09‎-‎01T07:04:01.659476000Z.","lastlogsize":25460,"timestamp":1662015841,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":483,"clock":1689161279,"ns":45168100},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-08T07:04:18Z. Reason: RulesEngine.","lastlogsize":25461,"timestamp":1662015858,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":484,"clock":1689161279,"ns":49627600},{"host":"Windows host","key":"eventlog[Application]","value":"Ending session 1 started ‎2022‎-‎09‎-‎01T07:04:01.659476000Z.","lastlogsize":25462,"timestamp":1662015948,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10001,"id":485,"clock":1689161279,"ns":54302400},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25463,"timestamp":1662019688,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":486,"clock":1689161279,"ns":59176600},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-08T08:08:38Z. Reason: RulesEngine.","lastlogsize":25464,"timestamp":1662019718,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":487,"clock":1689161279,"ns":64080400},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25465,"timestamp":1662023592,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":488,"clock":1689161279,"ns":69001800},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-08T09:13:47Z. Reason: RulesEngine.","lastlogsize":25466,"timestamp":1662023627,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":489,"clock":1689161279,"ns":73898500},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25467,"timestamp":1662023983,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":490,"clock":1689161279,"ns":79014300},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-08T09:20:13Z. Reason: RulesEngine.","lastlogsize":25468,"timestamp":1662024013,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":491,"clock":1689161279,"ns":83943900},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25469,"timestamp":1662024362,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":492,"clock":1689161279,"ns":88996200},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-08T09:26:33Z. Reason: RulesEngine.","lastlogsize":25470,"timestamp":1662024393,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":493,"clock":1689161279,"ns":94197800},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":25471,"timestamp":1662026656,"source":"Outlook","severity":1,"eventid":63,"id":494,"clock":1689161279,"ns":99084400},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully created restore point (Process = C:\\WINDOWS\\system32\\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint).","lastlogsize":25472,"timestamp":1662029712,"source":"System Restore","severity":1,"eventid":8194,"id":495,"clock":1689161279,"ns":104539500},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully created scheduled restore point.","lastlogsize":25473,"timestamp":1662029712,"source":"System Restore","severity":1,"eventid":8212,"id":496,"clock":1689161279,"ns":109742000},{"host":"Windows host","key":"eventlog[Application]","value":"Scoping started for shadowcopy \\\\?\\GLOBALROOT\\Device\\HarddiskVolumeShadowCopy3.","lastlogsize":25474,"timestamp":1662029719,"source":"Microsoft-Windows-System-Restore","severity":1,"eventid":8300,"id":497,"clock":1689161279,"ns":114767600},{"host":"Windows host","key":"eventlog[Application]","value":"Scoping completed for shadowcopy \\\\?\\GLOBALROOT\\Device\\HarddiskVolumeShadowCopy3.","lastlogsize":25475,"timestamp":1662029738,"source":"Microsoft-Windows-System-Restore","severity":1,"eventid":8301,"id":498,"clock":1689161279,"ns":119848700},{"host":"Windows host","key":"eventlog[Application]","value":"Scoping successfully completed for shadowcopy \\\\?\\GLOBALROOT\\Device\\HarddiskVolumeShadowCopy3.","lastlogsize":25476,"timestamp":1662029738,"source":"Microsoft-Windows-System-Restore","severity":1,"eventid":8302,"id":499,"clock":1689161279,"ns":124721900},{"host":"Windows host","key":"eventlog[Application]","value":"The VSS service is shutting down due to idle timeout. ","lastlogsize":25477,"timestamp":1662029918,"source":"VSS","severity":1,"eventid":8224,"id":500,"clock":1689161279,"ns":130056100}],"clock":1689161279,"ns":132225100}] 9284:20230712:142759.137 JSON back [{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002021"}] 9284:20230712:142759.137 In check_response() response:'{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002021"}' 9284:20230712:142759.138 info from server: 'processed: 50; failed: 0; total: 50; seconds spent: 0.002021' 9284:20230712:142759.138 End of check_response():SUCCEED 9284:20230712:142759.139 OK 9284:20230712:142759.140 End of send_buffer():SUCCEED 9284:20230712:142759.140 End of process_value():SUCCEED 9284:20230712:142759.143 In zbx_parse_eventlog_message6() EventRecordID:25478 9284:20230712:142759.143 In expand_message6() 9284:20230712:142759.144 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142759.145 ====== Fatal information: ====== 9284:20230712:142759.145 Program counter: 0x67e2cf19 9284:20230712:142759.146 === Registers: === 9284:20230712:142759.146 r8 = 18 = 24 = 24 9284:20230712:142759.147 r9 = 0 = 0 = 0 9284:20230712:142759.147 r10 = 0 = 0 = 0 9284:20230712:142759.148 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142759.149 r12 = 38639b0 = 59128240 = 59128240 9284:20230712:142759.149 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142759.150 r14 = 0 = 0 = 0 9284:20230712:142759.150 r15 = 0 = 0 = 0 9284:20230712:142759.151 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142759.151 rsi = 385e7d0 = 59107280 = 59107280 9284:20230712:142759.152 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142759.152 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142759.153 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142759.154 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142759.154 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142759.155 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142759.155 efl = 202 = 514 = 514 9284:20230712:142759.156 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142759.156 === Backtrace: === 9284:20230712:142759.315 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142759.316 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142759.316 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142759.317 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142759.317 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142759.320 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142759.320 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142759.321 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142759.322 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142759.323 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142759.323 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142759.324 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142759.325 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142759.325 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142759.327 ================================ 9284:20230712:142759.328 provider 'gupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142759.328 End of expand_message6():(null) 9284:20230712:142759.329 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.329 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25478 value:'The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142759.330 buffer: new element 0 9284:20230712:142759.330 End of process_value():SUCCEED 9284:20230712:142759.331 In zbx_parse_eventlog_message6() EventRecordID:25479 9284:20230712:142759.331 In expand_message6() 9284:20230712:142759.332 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142759.332 ====== Fatal information: ====== 9284:20230712:142759.333 Program counter: 0x67e2cf19 9284:20230712:142759.333 === Registers: === 9284:20230712:142759.334 r8 = 18 = 24 = 24 9284:20230712:142759.334 r9 = 0 = 0 = 0 9284:20230712:142759.335 r10 = 0 = 0 = 0 9284:20230712:142759.335 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142759.336 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142759.336 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142759.337 r14 = 0 = 0 = 0 9284:20230712:142759.337 r15 = 0 = 0 = 0 9284:20230712:142759.338 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142759.338 rsi = 385f130 = 59109680 = 59109680 9284:20230712:142759.339 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142759.339 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142759.340 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142759.340 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142759.341 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142759.341 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142759.342 efl = 202 = 514 = 514 9284:20230712:142759.342 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142759.343 === Backtrace: === 2184:20230712:142759.349 In collect_perfstat() 2184:20230712:142759.352 End of collect_perfstat() 9284:20230712:142759.490 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142759.491 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142759.492 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142759.492 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142759.493 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142759.495 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142759.496 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142759.497 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142759.498 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142759.499 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142759.500 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142759.501 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142759.502 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142759.503 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142759.507 ================================ 9284:20230712:142759.508 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142759.509 End of expand_message6():(null) 9284:20230712:142759.509 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.510 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25479 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started' 9284:20230712:142759.511 buffer: new element 1 9284:20230712:142759.511 End of process_value():SUCCEED 9284:20230712:142759.512 In zbx_parse_eventlog_message6() EventRecordID:25480 9284:20230712:142759.513 In expand_message6() 9284:20230712:142759.513 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142759.514 ====== Fatal information: ====== 9284:20230712:142759.515 Program counter: 0x67e2cf19 9284:20230712:142759.515 === Registers: === 9284:20230712:142759.516 r8 = 18 = 24 = 24 9284:20230712:142759.517 r9 = 0 = 0 = 0 9284:20230712:142759.517 r10 = 0 = 0 = 0 9284:20230712:142759.518 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142759.519 r12 = 6af650 = 7009872 = 7009872 9284:20230712:142759.519 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142759.520 r14 = 0 = 0 = 0 9284:20230712:142759.521 r15 = 0 = 0 = 0 9284:20230712:142759.521 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142759.522 rsi = 385e050 = 59105360 = 59105360 9284:20230712:142759.522 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142759.523 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142759.524 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142759.524 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142759.525 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142759.526 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142759.526 efl = 202 = 514 = 514 9284:20230712:142759.527 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142759.528 === Backtrace: === 9284:20230712:142759.687 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142759.688 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142759.689 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142759.689 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142759.690 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142759.692 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142759.693 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142759.694 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142759.695 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142759.696 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142759.697 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142759.698 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142759.698 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142759.699 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142759.701 ================================ 9284:20230712:142759.701 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142759.702 End of expand_message6():(null) 9284:20230712:142759.702 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.703 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25480 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142759.704 buffer: new element 2 9284:20230712:142759.704 End of process_value():SUCCEED 9284:20230712:142759.705 In zbx_parse_eventlog_message6() EventRecordID:25481 9284:20230712:142759.705 In expand_message6() 9284:20230712:142759.707 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142759.708 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.708 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25481 value:'Offline downlevel migration succeeded.' 9284:20230712:142759.709 buffer: new element 3 9284:20230712:142759.710 End of process_value():SUCCEED 9284:20230712:142759.711 In zbx_parse_eventlog_message6() EventRecordID:25482 9284:20230712:142759.711 In expand_message6() 9284:20230712:142759.713 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142759.714 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.714 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25482 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142759.715 buffer: new element 4 9284:20230712:142759.716 End of process_value():SUCCEED 9284:20230712:142759.716 In zbx_parse_eventlog_message6() EventRecordID:25483 9284:20230712:142759.717 In expand_message6() 9284:20230712:142759.719 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-08T12:14:12Z. Reason: RulesEngine. 9284:20230712:142759.719 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.720 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25483 value:'Successfully scheduled Software Protection service for re-start at 2122-08-08T12:14:12Z. Reason: RulesEngine.' 9284:20230712:142759.721 buffer: new element 5 9284:20230712:142759.721 End of process_value():SUCCEED 9284:20230712:142759.722 In zbx_parse_eventlog_message6() EventRecordID:25484 9284:20230712:142759.722 In expand_message6() 9284:20230712:142759.724 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142759.725 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.725 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25484 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142759.726 buffer: new element 6 9284:20230712:142759.726 End of process_value():SUCCEED 9284:20230712:142759.727 In zbx_parse_eventlog_message6() EventRecordID:25485 9284:20230712:142759.728 In expand_message6() 9284:20230712:142759.729 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142759.730 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.731 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25485 value:'Offline downlevel migration succeeded.' 9284:20230712:142759.731 buffer: new element 7 9284:20230712:142759.732 End of process_value():SUCCEED 9284:20230712:142759.732 In zbx_parse_eventlog_message6() EventRecordID:25486 9284:20230712:142759.733 In expand_message6() 9284:20230712:142759.735 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-08T14:23:20Z. Reason: RulesEngine. 9284:20230712:142759.735 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.735 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25486 value:'Successfully scheduled Software Protection service for re-start at 2122-08-08T14:23:20Z. Reason: RulesEngine.' 9284:20230712:142759.736 buffer: new element 8 9284:20230712:142759.736 End of process_value():SUCCEED 9284:20230712:142759.737 In zbx_parse_eventlog_message6() EventRecordID:25487 9284:20230712:142759.737 In expand_message6() 9284:20230712:142759.738 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142759.738 ====== Fatal information: ====== 9284:20230712:142759.739 Program counter: 0x67e2cf19 9284:20230712:142759.739 === Registers: === 9284:20230712:142759.740 r8 = 18 = 24 = 24 9284:20230712:142759.740 r9 = 0 = 0 = 0 9284:20230712:142759.741 r10 = 0 = 0 = 0 9284:20230712:142759.741 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142759.742 r12 = 384f670 = 59045488 = 59045488 9284:20230712:142759.742 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142759.743 r14 = 0 = 0 = 0 9284:20230712:142759.743 r15 = 0 = 0 = 0 9284:20230712:142759.744 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142759.744 rsi = 385eff0 = 59109360 = 59109360 9284:20230712:142759.745 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142759.745 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142759.746 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142759.746 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142759.747 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142759.747 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142759.748 efl = 202 = 514 = 514 9284:20230712:142759.748 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142759.749 === Backtrace: === 9284:20230712:142759.891 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142759.892 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142759.892 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142759.893 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142759.894 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142759.896 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142759.897 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142759.897 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142759.898 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142759.899 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142759.899 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142759.900 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142759.901 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142759.902 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142759.906 ================================ 9284:20230712:142759.907 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142759.907 End of expand_message6():(null) 9284:20230712:142759.908 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142759.908 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25487 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test ' 9284:20230712:142759.909 buffer: new element 9 9284:20230712:142759.909 End of process_value():SUCCEED 9284:20230712:142759.910 In zbx_parse_eventlog_message6() EventRecordID:25488 9284:20230712:142759.910 In expand_message6() 9284:20230712:142759.911 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142759.912 ====== Fatal information: ====== 9284:20230712:142759.912 Program counter: 0x67e2cf19 9284:20230712:142759.913 === Registers: === 9284:20230712:142759.913 r8 = 18 = 24 = 24 9284:20230712:142759.914 r9 = 0 = 0 = 0 9284:20230712:142759.914 r10 = 0 = 0 = 0 9284:20230712:142759.914 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142759.915 r12 = 384fbb0 = 59046832 = 59046832 9284:20230712:142759.916 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142759.916 r14 = 0 = 0 = 0 9284:20230712:142759.917 r15 = 0 = 0 = 0 9284:20230712:142759.917 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142759.918 rsi = 385e690 = 59106960 = 59106960 9284:20230712:142759.918 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142759.919 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142759.919 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142759.920 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142759.920 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142759.921 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142759.921 efl = 202 = 514 = 514 9284:20230712:142759.922 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142759.922 === Backtrace: === 9284:20230712:142800.081 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142800.082 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142800.083 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142800.084 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142800.085 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142800.087 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142800.088 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142800.089 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142800.090 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142800.091 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142800.091 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142800.093 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142800.093 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142800.094 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142800.095 ================================ 9284:20230712:142800.096 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142800.097 End of expand_message6():(null) 9284:20230712:142800.097 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.098 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25488 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 ' 9284:20230712:142800.099 buffer: new element 10 9284:20230712:142800.099 End of process_value():SUCCEED 9284:20230712:142800.100 In zbx_parse_eventlog_message6() EventRecordID:25489 9284:20230712:142800.101 In expand_message6() 9284:20230712:142800.102 End of expand_message6():The winlogon notification subscriber was unavailable to handle a notification event. 9284:20230712:142800.103 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.103 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25489 value:'The winlogon notification subscriber was unavailable to handle a notification event.' 9284:20230712:142800.104 buffer: new element 11 9284:20230712:142800.105 End of process_value():SUCCEED 9284:20230712:142800.105 In zbx_parse_eventlog_message6() EventRecordID:25490 9284:20230712:142800.106 In expand_message6() 9284:20230712:142800.107 End of expand_message6():The winlogon notification subscriber was unavailable to handle a notification event. 9284:20230712:142800.108 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.109 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25490 value:'The winlogon notification subscriber was unavailable to handle a notification event.' 9284:20230712:142800.109 buffer: new element 12 9284:20230712:142800.110 End of process_value():SUCCEED 9284:20230712:142800.110 In zbx_parse_eventlog_message6() EventRecordID:25491 9284:20230712:142800.111 In expand_message6() 9284:20230712:142800.112 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142800.113 ====== Fatal information: ====== 9284:20230712:142800.113 Program counter: 0x67e2cf19 9284:20230712:142800.114 === Registers: === 9284:20230712:142800.115 r8 = 18 = 24 = 24 9284:20230712:142800.115 r9 = 0 = 0 = 0 9284:20230712:142800.116 r10 = 0 = 0 = 0 9284:20230712:142800.116 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142800.117 r12 = 384f3d0 = 59044816 = 59044816 9284:20230712:142800.118 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142800.118 r14 = 0 = 0 = 0 9284:20230712:142800.119 r15 = 0 = 0 = 0 9284:20230712:142800.119 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142800.120 rsi = 385f950 = 59111760 = 59111760 9284:20230712:142800.121 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142800.121 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142800.122 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142800.123 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142800.123 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142800.124 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142800.125 efl = 202 = 514 = 514 9284:20230712:142800.125 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142800.126 === Backtrace: === 9284:20230712:142800.269 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142800.270 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142800.270 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142800.271 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142800.272 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142800.274 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142800.275 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142800.276 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142800.277 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142800.278 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142800.278 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142800.279 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142800.280 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142800.281 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142800.282 ================================ 9284:20230712:142800.283 provider 'BrService_4_3_4_610' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142800.283 End of expand_message6():(null) 9284:20230712:142800.284 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.285 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25491 value:'The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142800.285 buffer: new element 13 9284:20230712:142800.286 End of process_value():SUCCEED 9284:20230712:142800.286 In zbx_parse_eventlog_message6() EventRecordID:25492 9284:20230712:142800.287 In expand_message6() 9284:20230712:142800.288 End of expand_message6():Service has been successfully shut down. 9284:20230712:142800.289 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.290 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25492 value:'Service has been successfully shut down.' 9284:20230712:142800.290 buffer: new element 14 9284:20230712:142800.291 End of process_value():SUCCEED 9284:20230712:142800.291 In zbx_parse_eventlog_message6() EventRecordID:25493 9284:20230712:142800.292 In expand_message6() 9284:20230712:142800.293 End of expand_message6():Service has been successfully shut down. 9284:20230712:142800.294 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.295 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25493 value:'Service has been successfully shut down.' 9284:20230712:142800.295 buffer: new element 15 9284:20230712:142800.296 End of process_value():SUCCEED 9284:20230712:142800.296 In zbx_parse_eventlog_message6() EventRecordID:25494 9284:20230712:142800.297 In expand_message6() 9284:20230712:142800.298 End of expand_message6():Service has been successfully shut down. 9284:20230712:142800.299 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.299 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25494 value:'Service has been successfully shut down.' 9284:20230712:142800.300 buffer: new element 16 9284:20230712:142800.300 End of process_value():SUCCEED 9284:20230712:142800.301 In zbx_parse_eventlog_message6() EventRecordID:25495 9284:20230712:142800.301 In expand_message6() 9284:20230712:142800.303 End of expand_message6():Service stopped (0) 9284:20230712:142800.303 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.304 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25495 value:'Service stopped (0) ' 9284:20230712:142800.304 buffer: new element 17 9284:20230712:142800.305 End of process_value():SUCCEED 9284:20230712:142800.305 In zbx_parse_eventlog_message6() EventRecordID:25496 9284:20230712:142800.306 In expand_message6() 9284:20230712:142800.307 End of expand_message6():The Windows Security Center Service has stopped. 9284:20230712:142800.307 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.308 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25496 value:'The Windows Security Center Service has stopped.' 9284:20230712:142800.308 buffer: new element 18 9284:20230712:142800.309 End of process_value():SUCCEED 9284:20230712:142800.309 In zbx_parse_eventlog_message6() EventRecordID:25497 9284:20230712:142800.310 In expand_message6() 9284:20230712:142800.311 End of expand_message6():The User Profile Service has stopped. 9284:20230712:142800.312 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.312 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25497 value:'The User Profile Service has stopped. ' 9284:20230712:142800.313 buffer: new element 19 9284:20230712:142800.313 End of process_value():SUCCEED 9284:20230712:142800.314 In zbx_parse_eventlog_message6() EventRecordID:25498 9284:20230712:142800.314 In expand_message6() 9284:20230712:142800.315 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142800.315 ====== Fatal information: ====== 9284:20230712:142800.316 Program counter: 0x67e2cf19 9284:20230712:142800.316 === Registers: === 9284:20230712:142800.317 r8 = 18 = 24 = 24 9284:20230712:142800.317 r9 = 0 = 0 = 0 9284:20230712:142800.318 r10 = 0 = 0 = 0 9284:20230712:142800.318 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142800.319 r12 = 33f3ae0 = 54475488 = 54475488 9284:20230712:142800.319 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142800.320 r14 = 0 = 0 = 0 9284:20230712:142800.320 r15 = 0 = 0 = 0 9284:20230712:142800.321 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142800.321 rsi = 385e5f0 = 59106800 = 59106800 9284:20230712:142800.322 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142800.322 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142800.323 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142800.323 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142800.323 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142800.324 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142800.324 efl = 202 = 514 = 514 9284:20230712:142800.325 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142800.325 === Backtrace: === 2184:20230712:142800.353 In collect_perfstat() 2184:20230712:142800.356 End of collect_perfstat() 9284:20230712:142800.471 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142800.472 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142800.472 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142800.473 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142800.474 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142800.476 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142800.476 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142800.477 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142800.478 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142800.479 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142800.480 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142800.480 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142800.481 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142800.481 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142800.483 ================================ 9284:20230712:142800.483 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142800.484 End of expand_message6():(null) 9284:20230712:142800.484 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.485 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25498 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed' 9284:20230712:142800.485 buffer: new element 20 9284:20230712:142800.486 End of process_value():SUCCEED 9284:20230712:142800.486 In zbx_parse_eventlog_message6() EventRecordID:25499 9284:20230712:142800.487 In expand_message6() 9284:20230712:142800.489 End of expand_message6():The User Profile Service has started successfully. 9284:20230712:142800.489 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.490 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25499 value:'The User Profile Service has started successfully. ' 9284:20230712:142800.490 buffer: new element 21 9284:20230712:142800.490 End of process_value():SUCCEED 9284:20230712:142800.491 In zbx_parse_eventlog_message6() EventRecordID:25500 9284:20230712:142800.491 In expand_message6() 9284:20230712:142800.493 End of expand_message6():Windows Management Instrumentation Service started sucessfully 9284:20230712:142800.494 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.494 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25500 value:'Windows Management Instrumentation Service started sucessfully' 9284:20230712:142800.495 buffer: new element 22 9284:20230712:142800.495 End of process_value():SUCCEED 9284:20230712:142800.496 In zbx_parse_eventlog_message6() EventRecordID:25501 9284:20230712:142800.497 In expand_message6() 9284:20230712:142800.498 End of expand_message6():Intel(R) Dynamic Application Loader Host Interface Service started. 9284:20230712:142800.498 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.499 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25501 value:'Intel(R) Dynamic Application Loader Host Interface Service started.' 9284:20230712:142800.499 buffer: new element 23 9284:20230712:142800.500 End of process_value():SUCCEED 9284:20230712:142800.501 In zbx_parse_eventlog_message6() EventRecordID:25502 9284:20230712:142800.501 In expand_message6() 9284:20230712:142800.502 End of expand_message6():Local Management Service started. 9284:20230712:142800.503 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.504 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25502 value:'Local Management Service started.' 9284:20230712:142800.504 buffer: new element 24 9284:20230712:142800.505 End of process_value():SUCCEED 9284:20230712:142800.505 In zbx_parse_eventlog_message6() EventRecordID:25503 9284:20230712:142800.506 In expand_message6() 9284:20230712:142800.507 End of expand_message6():Service started/resumed 9284:20230712:142800.508 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.508 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25503 value:'Service started/resumed' 9284:20230712:142800.509 buffer: new element 25 9284:20230712:142800.510 End of process_value():SUCCEED 9284:20230712:142800.510 In zbx_parse_eventlog_message6() EventRecordID:25504 9284:20230712:142800.511 In expand_message6() 9284:20230712:142800.512 End of expand_message6():Windows Management Instrumentation Service subsystems initialized successfully 9284:20230712:142800.513 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.513 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25504 value:'Windows Management Instrumentation Service subsystems initialized successfully' 9284:20230712:142800.514 buffer: new element 26 9284:20230712:142800.515 End of process_value():SUCCEED 9284:20230712:142800.515 In zbx_parse_eventlog_message6() EventRecordID:25505 9284:20230712:142800.516 In expand_message6() 9284:20230712:142800.517 End of expand_message6():Service started successfully. 9284:20230712:142800.518 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.518 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25505 value:'Service started successfully.' 9284:20230712:142800.519 buffer: new element 27 9284:20230712:142800.520 End of process_value():SUCCEED 9284:20230712:142800.520 In zbx_parse_eventlog_message6() EventRecordID:25506 9284:20230712:142800.521 In expand_message6() 9284:20230712:142800.522 End of expand_message6():Service initializing 9284:20230712:142800.523 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.523 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25506 value:'Service initializing' 9284:20230712:142800.524 buffer: new element 28 9284:20230712:142800.525 End of process_value():SUCCEED 9284:20230712:142800.525 In zbx_parse_eventlog_message6() EventRecordID:25507 9284:20230712:142800.526 In expand_message6() 9284:20230712:142800.526 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142800.527 ====== Fatal information: ====== 9284:20230712:142800.528 Program counter: 0x67e2cf19 9284:20230712:142800.528 === Registers: === 9284:20230712:142800.529 r8 = 18 = 24 = 24 9284:20230712:142800.529 r9 = 0 = 0 = 0 9284:20230712:142800.530 r10 = 0 = 0 = 0 9284:20230712:142800.530 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142800.531 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142800.532 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142800.532 r14 = 0 = 0 = 0 9284:20230712:142800.533 r15 = 0 = 0 = 0 9284:20230712:142800.533 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142800.534 rsi = 385fdb0 = 59112880 = 59112880 9284:20230712:142800.534 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142800.535 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142800.536 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142800.536 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142800.537 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142800.537 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142800.538 efl = 202 = 514 = 514 9284:20230712:142800.539 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142800.539 === Backtrace: === 9284:20230712:142800.682 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142800.682 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142800.683 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142800.684 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142800.685 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142800.687 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142800.688 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142800.689 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142800.689 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142800.690 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142800.691 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142800.692 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142800.693 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142800.694 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142800.699 ================================ 9284:20230712:142800.700 provider 'AdobeARMservice' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142800.700 End of expand_message6():(null) 9284:20230712:142800.701 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.702 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25507 value:'The description for Event ID:0 in Source:'AdobeARMservice' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started' 9284:20230712:142800.702 buffer: new element 29 9284:20230712:142800.703 End of process_value():SUCCEED 9284:20230712:142800.704 In zbx_parse_eventlog_message6() EventRecordID:25508 9284:20230712:142800.704 In expand_message6() 9284:20230712:142800.706 End of expand_message6():Service started (1.0.24.0). 9284:20230712:142800.706 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.707 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25508 value:'Service started (1.0.24.0).' 9284:20230712:142800.708 buffer: new element 30 9284:20230712:142800.708 End of process_value():SUCCEED 9284:20230712:142800.709 In zbx_parse_eventlog_message6() EventRecordID:25509 9284:20230712:142800.709 In expand_message6() 9284:20230712:142800.711 End of expand_message6():Pipe server thread started. 9284:20230712:142800.711 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.712 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25509 value:'Pipe server thread started.' 9284:20230712:142800.712 buffer: new element 31 9284:20230712:142800.713 End of process_value():SUCCEED 9284:20230712:142800.713 In zbx_parse_eventlog_message6() EventRecordID:25510 9284:20230712:142800.714 In expand_message6() 9284:20230712:142800.715 End of expand_message6():Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying... 9284:20230712:142800.716 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.716 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25510 value:'Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...' 9284:20230712:142800.717 buffer: new element 32 9284:20230712:142800.717 End of process_value():SUCCEED 9284:20230712:142800.718 In zbx_parse_eventlog_message6() EventRecordID:25511 9284:20230712:142800.719 In expand_message6() 9284:20230712:142800.719 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142800.720 ====== Fatal information: ====== 9284:20230712:142800.720 Program counter: 0x67e2cf19 9284:20230712:142800.721 === Registers: === 9284:20230712:142800.721 r8 = 18 = 24 = 24 9284:20230712:142800.722 r9 = 0 = 0 = 0 9284:20230712:142800.722 r10 = 0 = 0 = 0 9284:20230712:142800.723 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142800.723 r12 = 678110 = 6783248 = 6783248 9284:20230712:142800.724 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142800.724 r14 = 0 = 0 = 0 9284:20230712:142800.725 r15 = 0 = 0 = 0 9284:20230712:142800.725 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142800.726 rsi = 385f6d0 = 59111120 = 59111120 9284:20230712:142800.726 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142800.727 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142800.728 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142800.728 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142800.729 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142800.729 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142800.730 efl = 202 = 514 = 514 9284:20230712:142800.730 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142800.731 === Backtrace: === 9284:20230712:142800.889 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142800.890 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142800.891 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142800.891 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142800.892 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142800.895 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142800.895 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142800.896 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142800.897 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142800.898 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142800.899 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142800.900 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142800.900 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142800.901 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142800.905 ================================ 9284:20230712:142800.906 provider 'LanWlanSwitchingService' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142800.907 End of expand_message6():(null) 9284:20230712:142800.907 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.908 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25511 value:'The description for Event ID:0 in Source:'LanWlanSwitchingService' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: LanWlanSwitchingService; LAN/WLAN | LAN/WWAN Switching Service in OnStart' 9284:20230712:142800.909 buffer: new element 33 9284:20230712:142800.909 End of process_value():SUCCEED 9284:20230712:142800.910 In zbx_parse_eventlog_message6() EventRecordID:25512 9284:20230712:142800.910 In expand_message6() 9284:20230712:142800.912 End of expand_message6():Service initialized 9284:20230712:142800.912 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.913 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25512 value:'Service initialized' 9284:20230712:142800.914 buffer: new element 34 9284:20230712:142800.914 End of process_value():SUCCEED 9284:20230712:142800.915 In zbx_parse_eventlog_message6() EventRecordID:25513 9284:20230712:142800.915 In expand_message6() 9284:20230712:142800.917 End of expand_message6():Service started 9284:20230712:142800.917 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.918 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25513 value:'Service started ' 9284:20230712:142800.918 buffer: new element 35 9284:20230712:142800.919 End of process_value():SUCCEED 9284:20230712:142800.919 In zbx_parse_eventlog_message6() EventRecordID:25514 9284:20230712:142800.920 In expand_message6() 9284:20230712:142800.921 End of expand_message6():The winlogon notification subscriber was unavailable to handle a critical notification event. 9284:20230712:142800.922 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142800.922 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25514 value:'The winlogon notification subscriber was unavailable to handle a critical notification event.' 9284:20230712:142800.923 buffer: new element 36 9284:20230712:142800.924 End of process_value():SUCCEED 9284:20230712:142800.924 In zbx_parse_eventlog_message6() EventRecordID:25515 9284:20230712:142800.925 In expand_message6() 9284:20230712:142800.926 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142800.926 ====== Fatal information: ====== 9284:20230712:142800.927 Program counter: 0x67e2cf19 9284:20230712:142800.927 === Registers: === 9284:20230712:142800.928 r8 = 18 = 24 = 24 9284:20230712:142800.929 r9 = 0 = 0 = 0 9284:20230712:142800.929 r10 = 0 = 0 = 0 9284:20230712:142800.930 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142800.931 r12 = 384ee90 = 59043472 = 59043472 9284:20230712:142800.931 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142800.932 r14 = 0 = 0 = 0 9284:20230712:142800.932 r15 = 0 = 0 = 0 9284:20230712:142800.933 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142800.934 rsi = 385f130 = 59109680 = 59109680 9284:20230712:142800.934 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142800.935 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142800.936 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142800.936 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142800.937 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142800.938 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142800.938 efl = 202 = 514 = 514 9284:20230712:142800.939 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142800.939 === Backtrace: === 9284:20230712:142801.101 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142801.102 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142801.103 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142801.103 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142801.104 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142801.106 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142801.107 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142801.108 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142801.109 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142801.110 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142801.111 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142801.112 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142801.112 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142801.113 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142801.115 ================================ 9284:20230712:142801.115 provider 'hpqcaslwmiex' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142801.116 End of expand_message6():(null) 9284:20230712:142801.116 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142801.117 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25515 value:'The description for Event ID:0 in Source:'hpqcaslwmiex' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed' 9284:20230712:142801.118 buffer: new element 37 9284:20230712:142801.118 End of process_value():SUCCEED 9284:20230712:142801.119 In zbx_parse_eventlog_message6() EventRecordID:25516 9284:20230712:142801.120 In expand_message6() 9284:20230712:142801.120 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142801.121 ====== Fatal information: ====== 9284:20230712:142801.121 Program counter: 0x67e2cf19 9284:20230712:142801.122 === Registers: === 9284:20230712:142801.123 r8 = 18 = 24 = 24 9284:20230712:142801.123 r9 = 0 = 0 = 0 9284:20230712:142801.124 r10 = 0 = 0 = 0 9284:20230712:142801.124 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142801.125 r12 = 63bbe0 = 6536160 = 6536160 9284:20230712:142801.125 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142801.126 r14 = 0 = 0 = 0 9284:20230712:142801.127 r15 = 0 = 0 = 0 9284:20230712:142801.127 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142801.128 rsi = 385f630 = 59110960 = 59110960 9284:20230712:142801.128 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142801.129 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142801.130 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142801.130 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142801.131 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142801.131 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142801.132 efl = 202 = 514 = 514 9284:20230712:142801.132 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142801.133 === Backtrace: === 9284:20230712:142801.279 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142801.280 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142801.280 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142801.281 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142801.282 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142801.284 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142801.285 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142801.286 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142801.287 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142801.288 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142801.288 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142801.289 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142801.290 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142801.291 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142801.292 ================================ 9284:20230712:142801.293 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142801.294 End of expand_message6():(null) 9284:20230712:142801.294 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142801.295 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25516 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 ' 9284:20230712:142801.295 buffer: new element 38 9284:20230712:142801.296 End of process_value():SUCCEED 9284:20230712:142801.297 In zbx_parse_eventlog_message6() EventRecordID:25517 9284:20230712:142801.297 In expand_message6() 9284:20230712:142801.298 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142801.299 ====== Fatal information: ====== 9284:20230712:142801.299 Program counter: 0x67e2cf19 9284:20230712:142801.300 === Registers: === 9284:20230712:142801.300 r8 = 18 = 24 = 24 9284:20230712:142801.301 r9 = 0 = 0 = 0 9284:20230712:142801.301 r10 = 0 = 0 = 0 9284:20230712:142801.302 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142801.303 r12 = 384eb10 = 59042576 = 59042576 9284:20230712:142801.303 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142801.304 r14 = 0 = 0 = 0 9284:20230712:142801.304 r15 = 0 = 0 = 0 9284:20230712:142801.305 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142801.305 rsi = 385fe50 = 59113040 = 59113040 9284:20230712:142801.306 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142801.307 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142801.307 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142801.308 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142801.308 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142801.309 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142801.310 efl = 202 = 514 = 514 9284:20230712:142801.310 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142801.311 === Backtrace: === 2184:20230712:142801.357 In collect_perfstat() 2184:20230712:142801.360 End of collect_perfstat() 9284:20230712:142801.454 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142801.455 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142801.456 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142801.456 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142801.457 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142801.459 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142801.460 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142801.461 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142801.461 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142801.462 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142801.463 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142801.464 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142801.464 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142801.465 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142801.466 ================================ 9284:20230712:142801.467 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142801.467 End of expand_message6():(null) 9284:20230712:142801.468 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142801.468 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25517 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 ' 9284:20230712:142801.469 buffer: new element 39 9284:20230712:142801.469 End of process_value():SUCCEED 9284:20230712:142801.470 In zbx_parse_eventlog_message6() EventRecordID:25518 9284:20230712:142801.470 In expand_message6() 9284:20230712:142801.471 End of expand_message6():The winlogon notification subscriber was unavailable to handle a notification event. 9284:20230712:142801.472 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142801.472 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25518 value:'The winlogon notification subscriber was unavailable to handle a notification event.' 9284:20230712:142801.473 buffer: new element 40 9284:20230712:142801.473 End of process_value():SUCCEED 9284:20230712:142801.474 In zbx_parse_eventlog_message6() EventRecordID:25519 9284:20230712:142801.474 In expand_message6() 9284:20230712:142801.475 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142801.475 ====== Fatal information: ====== 9284:20230712:142801.476 Program counter: 0x67e2cf19 9284:20230712:142801.476 === Registers: === 9284:20230712:142801.477 r8 = 18 = 24 = 24 9284:20230712:142801.477 r9 = 0 = 0 = 0 9284:20230712:142801.478 r10 = 0 = 0 = 0 9284:20230712:142801.478 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142801.479 r12 = 63cbe0 = 6540256 = 6540256 9284:20230712:142801.479 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142801.480 r14 = 0 = 0 = 0 9284:20230712:142801.480 r15 = 0 = 0 = 0 9284:20230712:142801.481 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142801.481 rsi = 385f630 = 59110960 = 59110960 9284:20230712:142801.482 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142801.482 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142801.483 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142801.483 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142801.484 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142801.484 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142801.484 efl = 202 = 514 = 514 9284:20230712:142801.485 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142801.485 === Backtrace: === 9284:20230712:142801.627 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142801.628 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142801.629 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142801.630 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142801.630 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142801.633 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142801.634 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142801.634 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142801.635 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142801.636 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142801.637 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142801.638 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142801.639 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142801.639 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142801.641 ================================ 9284:20230712:142801.641 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142801.642 End of expand_message6():(null) 9284:20230712:142801.643 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142801.643 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25519 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 ' 9284:20230712:142801.644 buffer: new element 41 9284:20230712:142801.644 End of process_value():SUCCEED 9284:20230712:142801.645 In zbx_parse_eventlog_message6() EventRecordID:25520 9284:20230712:142801.646 In expand_message6() 9284:20230712:142801.647 End of expand_message6():SearchIndexer (9200,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0). 9284:20230712:142801.648 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142801.648 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25520 value:'SearchIndexer (9200,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0).' 9284:20230712:142801.649 buffer: new element 42 9284:20230712:142801.650 End of process_value():SUCCEED 9284:20230712:142801.650 In zbx_parse_eventlog_message6() EventRecordID:25521 9284:20230712:142801.651 In expand_message6() 9284:20230712:142801.652 End of expand_message6():SearchIndexer (9200,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.002498 +J(0) +M(C:0K, Fs:318, WS:1240K # 1240K, PF:5400K # 5400K, P:5400K) [2] 0.000325 +J(0) +M(C:0K, Fs:125, WS:500K # 500K, PF:444K # 444K, P:444K) [3] 0.000963 +J(0) +M(C:0K, Fs:12, WS:40K # 40K, PF:72K # 72K, P:72K) [4] 0.000126 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:348K # 348K, P:348K) [5] 0.001190 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:24K # 32K, P:24K) [6] 0.004772 +J(0) +M(C:0K, Fs:23, WS:92K # 92K, PF:12K # 4K, P:12K) [7] 0.006723 -0.002393 (2) WT +J(0) +M(C:0K, Fs:268, WS:1068K # 1068K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.011897 -0.000177 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1024K # 12K, P:-1024K) [14] 0.000058 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:4K # 0K, P:4K) [15] 0.000149 +J(0) +M(C:0K, Fs:66, WS:260K # 0K, PF:68K # 0K, P:68K) [16] 0.000375 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K). 9284:20230712:142801.653 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142801.654 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25521 value:'SearchIndexer (9200,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.002498 +J(0) +M(C:0K, Fs:318, WS:1240K # 1240K, PF:5400K # 5400K, P:5400K) [2] 0.000325 +J(0) +M(C:0K, Fs:125, WS:500K # 500K, PF:444K # 444K, P:444K) [3] 0.000963 +J(0) +M(C:0K, Fs:12, WS:40K # 40K, PF:72K # 72K, P:72K) [4] 0.000126 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:348K # 348K, P:348K) [5] 0.001190 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:24K # 32K, P:24K) [6] 0.004772 +J(0) +M(C:0K, Fs:23, WS:92K # 92K, PF:12K # 4K, P:12K) [7] 0.006723 -0.002393 (2) WT +J(0) +M(C:0K, Fs:268, WS:1068K # 1068K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.011897 -0.000177 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1024K # 12K, P:-1024K) [14] 0.000058 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:4K # 0K, P:4K) [15] 0.000149 +J(0) +M(C:0K, Fs:66, WS:260K # 0K, PF:68K # 0K, P:68K) [16] 0.000375 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).' 9284:20230712:142801.654 buffer: new element 43 9284:20230712:142801.655 End of process_value():SUCCEED 9284:20230712:142801.655 In zbx_parse_eventlog_message6() EventRecordID:25522 9284:20230712:142801.656 In expand_message6() 9284:20230712:142801.658 End of expand_message6():SearchIndexer (9200,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000BC3:005A:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000004 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [2] 0.001319 -0.000384 (1) WT +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.004847 -0.000820 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:124K # 0K, PF:160K # 0K, P:160K) [4] 0.000276 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] - [8] 0.001275 -0.000894 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:55, WS:216K # 0K, PF:688K # 0K, P:688K) [9] 0.017480 -0.000638 (5) CM -0.016586 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:71, WS:284K # 0K, PF:288K # 212K, P:288K) [10] 0.000378 -0.000249 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:40K # 20K, PF:100K # 100K, P:100K) [11] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000046 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K) [13] 0.0 +J(0) [14] 0.0 +J(0) [15] 0.000006 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0). 9284:20230712:142801.658 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142801.659 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25522 value:'SearchIndexer (9200,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000BC3:005A:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000004 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [2] 0.001319 -0.000384 (1) WT +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.004847 -0.000820 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:124K # 0K, PF:160K # 0K, P:160K) [4] 0.000276 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] - [8] 0.001275 -0.000894 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:55, WS:216K # 0K, PF:688K # 0K, P:688K) [9] 0.017480 -0.000638 (5) CM -0.016586 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:71, WS:284K # 0K, PF:288K # 212K, P:288K) [10] 0.000378 -0.000249 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:40K # 20K, PF:100K # 100K, P:100K) [11] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000046 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K) [13] 0.0 +J(0) [14] 0.0 +J(0) [15] 0.000006 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).' 9284:20230712:142801.660 buffer: new element 44 9284:20230712:142801.660 End of process_value():SUCCEED 9284:20230712:142801.661 In zbx_parse_eventlog_message6() EventRecordID:25523 9284:20230712:142801.661 In expand_message6() 9284:20230712:142801.663 End of expand_message6():The Windows Search Service started. 9284:20230712:142801.664 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142801.664 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25523 value:'The Windows Search Service started. ' 9284:20230712:142801.665 buffer: new element 45 9284:20230712:142801.665 End of process_value():SUCCEED 9284:20230712:142801.666 In zbx_parse_eventlog_message6() EventRecordID:25524 9284:20230712:142801.666 In expand_message6() 9284:20230712:142801.667 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142801.668 ====== Fatal information: ====== 9284:20230712:142801.668 Program counter: 0x67e2cf19 9284:20230712:142801.669 === Registers: === 9284:20230712:142801.669 r8 = 18 = 24 = 24 9284:20230712:142801.670 r9 = 0 = 0 = 0 9284:20230712:142801.671 r10 = 0 = 0 = 0 9284:20230712:142801.671 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142801.672 r12 = 33f4350 = 54477648 = 54477648 9284:20230712:142801.672 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142801.673 r14 = 0 = 0 = 0 9284:20230712:142801.673 r15 = 0 = 0 = 0 9284:20230712:142801.674 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142801.675 rsi = 385ef50 = 59109200 = 59109200 9284:20230712:142801.675 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142801.676 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142801.676 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142801.677 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142801.678 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142801.678 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142801.679 efl = 202 = 514 = 514 9284:20230712:142801.679 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142801.680 === Backtrace: === 9284:20230712:142801.822 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142801.822 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142801.823 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142801.824 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142801.825 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142801.827 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142801.828 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142801.829 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142801.829 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142801.830 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142801.831 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142801.832 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142801.833 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142801.834 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142801.839 ================================ 9284:20230712:142801.840 provider 'BrService_4_3_4_610' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142801.840 End of expand_message6():(null) 9284:20230712:142801.841 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142801.842 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25524 value:'The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed' 9284:20230712:142801.842 buffer: new element 46 9284:20230712:142801.843 End of process_value():SUCCEED 9284:20230712:142801.844 In zbx_parse_eventlog_message6() EventRecordID:25525 9284:20230712:142801.844 In expand_message6() 9284:20230712:142801.845 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142801.845 ====== Fatal information: ====== 9284:20230712:142801.846 Program counter: 0x67e2cf19 9284:20230712:142801.847 === Registers: === 9284:20230712:142801.847 r8 = 18 = 24 = 24 9284:20230712:142801.848 r9 = 0 = 0 = 0 9284:20230712:142801.848 r10 = 0 = 0 = 0 9284:20230712:142801.848 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142801.849 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142801.849 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142801.850 r14 = 0 = 0 = 0 9284:20230712:142801.850 r15 = 0 = 0 = 0 9284:20230712:142801.851 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142801.851 rsi = 385f630 = 59110960 = 59110960 9284:20230712:142801.852 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142801.852 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142801.853 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142801.853 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142801.854 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142801.854 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142801.855 efl = 202 = 514 = 514 9284:20230712:142801.855 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142801.856 === Backtrace: === 9284:20230712:142802.014 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142802.014 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142802.015 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142802.016 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142802.016 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142802.019 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142802.020 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142802.020 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142802.021 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142802.022 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142802.023 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142802.024 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142802.025 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142802.025 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142802.027 ================================ 9284:20230712:142802.027 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142802.028 End of expand_message6():(null) 9284:20230712:142802.029 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.029 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25525 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started' 9284:20230712:142802.030 buffer: new element 47 9284:20230712:142802.031 End of process_value():SUCCEED 9284:20230712:142802.031 In zbx_parse_eventlog_message6() EventRecordID:25526 9284:20230712:142802.032 In expand_message6() 9284:20230712:142802.033 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142802.033 ====== Fatal information: ====== 9284:20230712:142802.034 Program counter: 0x67e2cf19 9284:20230712:142802.034 === Registers: === 9284:20230712:142802.035 r8 = 18 = 24 = 24 9284:20230712:142802.035 r9 = 0 = 0 = 0 9284:20230712:142802.036 r10 = 0 = 0 = 0 9284:20230712:142802.037 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142802.037 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142802.038 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142802.038 r14 = 0 = 0 = 0 9284:20230712:142802.039 r15 = 0 = 0 = 0 9284:20230712:142802.040 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142802.040 rsi = 385fdb0 = 59112880 = 59112880 9284:20230712:142802.041 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142802.041 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142802.042 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142802.043 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142802.043 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142802.044 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142802.044 efl = 202 = 514 = 514 9284:20230712:142802.045 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142802.046 === Backtrace: === 9284:20230712:142802.189 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142802.190 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142802.191 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142802.192 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142802.192 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142802.195 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142802.195 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142802.196 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142802.197 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142802.198 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142802.199 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142802.200 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142802.201 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142802.201 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142802.203 ================================ 9284:20230712:142802.203 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142802.204 End of expand_message6():(null) 9284:20230712:142802.204 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.205 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25526 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142802.206 buffer: new element 48 9284:20230712:142802.206 End of process_value():SUCCEED 9284:20230712:142802.207 In zbx_parse_eventlog_message6() EventRecordID:25527 9284:20230712:142802.207 In expand_message6() 9284:20230712:142802.209 End of expand_message6():The Software Protection service is starting. Parameters:TriggerStarted:6 9284:20230712:142802.210 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.210 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25527 value:'The Software Protection service is starting. Parameters:TriggerStarted:6' 9284:20230712:142802.211 buffer: new element 49 9284:20230712:142802.211 In send_buffer() host:'192.168.56.201' port:10051 entries:50/100 9284:20230712:142802.212 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:60, connection timeout:3] 9284:20230712:142802.213 JSON before sending [{"request":"agent data","session":"4027be861358abcc6136983f1f36335c","data":[{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25478,"timestamp":1662030702,"source":"gupdate","severity":1,"id":501,"clock":1689161279,"ns":330136600},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started","lastlogsize":25479,"timestamp":1662030727,"source":"dbupdate","severity":1,"id":502,"clock":1689161279,"ns":511377600},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25480,"timestamp":1662030727,"source":"dbupdate","severity":1,"id":503,"clock":1689161279,"ns":704201600},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25481,"timestamp":1662034392,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":504,"clock":1689161279,"ns":709730000},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25482,"timestamp":1662034434,"source":"SecurityCenter","severity":1,"eventid":15,"id":505,"clock":1689161279,"ns":715511000},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-08T12:14:12Z. Reason: RulesEngine.","lastlogsize":25483,"timestamp":1662034452,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":506,"clock":1689161279,"ns":721131700},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":25484,"timestamp":1662041062,"source":"Outlook","severity":1,"eventid":63,"id":507,"clock":1689161279,"ns":726402600},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25485,"timestamp":1662042169,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":508,"clock":1689161279,"ns":731963100},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-08T14:23:20Z. Reason: RulesEngine.","lastlogsize":25486,"timestamp":1662042200,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":509,"clock":1689161279,"ns":736555100},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test\n","lastlogsize":25487,"timestamp":1662044650,"source":"igfxCUIService2.0.0.0","severity":1,"id":510,"clock":1689161279,"ns":909351900},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1\n","lastlogsize":25488,"timestamp":1662044650,"source":"igfxCUIService2.0.0.0","severity":1,"id":511,"clock":1689161280,"ns":99489700},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a notification event.","lastlogsize":25489,"timestamp":1662044650,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6000,"id":512,"clock":1689161280,"ns":104651900},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a notification event.","lastlogsize":25490,"timestamp":1662044650,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6000,"id":513,"clock":1689161280,"ns":109815600},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25491,"timestamp":1662044650,"source":"BrService_4_3_4_610","severity":1,"id":514,"clock":1689161280,"ns":285829300},{"host":"Windows host","key":"eventlog[Application]","value":"Service has been successfully shut down.","lastlogsize":25492,"timestamp":1662044654,"source":"IAStorDataMgrSvc","severity":1,"id":515,"clock":1689161280,"ns":290785100},{"host":"Windows host","key":"eventlog[Application]","value":"Service has been successfully shut down.","lastlogsize":25493,"timestamp":1662044654,"source":"XTUService","severity":1,"id":516,"clock":1689161280,"ns":295737900},{"host":"Windows host","key":"eventlog[Application]","value":"Service has been successfully shut down.","lastlogsize":25494,"timestamp":1662044654,"source":"HP Comm Recovery","severity":1,"id":517,"clock":1689161280,"ns":300535500},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped (0)\n","lastlogsize":25495,"timestamp":1662044654,"source":"Bonjour Service","severity":1,"eventid":100,"id":518,"clock":1689161280,"ns":304644900},{"host":"Windows host","key":"eventlog[Application]","value":"The Windows Security Center Service has stopped.","lastlogsize":25496,"timestamp":1662044654,"source":"SecurityCenter","severity":1,"eventid":2,"id":519,"clock":1689161280,"ns":309047700},{"host":"Windows host","key":"eventlog[Application]","value":"The User Profile Service has stopped. \r\n\r\n","lastlogsize":25497,"timestamp":1662044654,"source":"Microsoft-Windows-User Profiles Service","severity":1,"eventid":1532,"id":520,"clock":1689161280,"ns":313468000},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed","lastlogsize":25498,"timestamp":1662097795,"source":"igfxCUIService2.0.0.0","severity":1,"id":521,"clock":1689161280,"ns":486009700},{"host":"Windows host","key":"eventlog[Application]","value":"The User Profile Service has started successfully. \r\n\r\n","lastlogsize":25499,"timestamp":1662097795,"source":"Microsoft-Windows-User Profiles Service","severity":1,"eventid":1531,"id":522,"clock":1689161280,"ns":490568000},{"host":"Windows host","key":"eventlog[Application]","value":"Windows Management Instrumentation Service started sucessfully","lastlogsize":25500,"timestamp":1662097796,"source":"Microsoft-Windows-WMI","severity":1,"eventid":5615,"id":523,"clock":1689161280,"ns":495417700},{"host":"Windows host","key":"eventlog[Application]","value":"Intel(R) Dynamic Application Loader Host Interface Service started.","lastlogsize":25501,"timestamp":1662097796,"source":"IntelDalJhi","severity":1,"id":524,"clock":1689161280,"ns":500060200},{"host":"Windows host","key":"eventlog[Application]","value":"Local Management Service started.","lastlogsize":25502,"timestamp":1662097796,"source":"LMS","severity":1,"eventid":2000,"id":525,"clock":1689161280,"ns":504838600},{"host":"Windows host","key":"eventlog[Application]","value":"Service started/resumed","lastlogsize":25503,"timestamp":1662097796,"source":"LMS","severity":1,"id":526,"clock":1689161280,"ns":509584400},{"host":"Windows host","key":"eventlog[Application]","value":"Windows Management Instrumentation Service subsystems initialized successfully","lastlogsize":25504,"timestamp":1662097796,"source":"Microsoft-Windows-WMI","severity":1,"eventid":5617,"id":527,"clock":1689161280,"ns":514695100},{"host":"Windows host","key":"eventlog[Application]","value":"Service started successfully.","lastlogsize":25505,"timestamp":1662097800,"source":"XTUService","severity":1,"id":528,"clock":1689161280,"ns":519700600},{"host":"Windows host","key":"eventlog[Application]","value":"Service initializing","lastlogsize":25506,"timestamp":1662097802,"source":"Bonjour Service","severity":1,"eventid":100,"id":529,"clock":1689161280,"ns":524534500},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'AdobeARMservice' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started","lastlogsize":25507,"timestamp":1662097802,"source":"AdobeARMservice","severity":1,"id":530,"clock":1689161280,"ns":702972500},{"host":"Windows host","key":"eventlog[Application]","value":"Service started (1.0.24.0).","lastlogsize":25508,"timestamp":1662097802,"source":"DbxSvc","severity":1,"eventid":336,"id":531,"clock":1689161280,"ns":708222000},{"host":"Windows host","key":"eventlog[Application]","value":"Pipe server thread started.","lastlogsize":25509,"timestamp":1662097802,"source":"DbxSvc","severity":1,"eventid":258,"id":532,"clock":1689161280,"ns":712839600},{"host":"Windows host","key":"eventlog[Application]","value":"Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...","lastlogsize":25510,"timestamp":1662097802,"source":"DbxSvc","severity":1,"eventid":320,"id":533,"clock":1689161280,"ns":717486000},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'LanWlanSwitchingService' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: LanWlanSwitchingService; LAN/WLAN | LAN/WWAN Switching Service in OnStart","lastlogsize":25511,"timestamp":1662097802,"source":"LanWlanSwitchingService","severity":1,"id":534,"clock":1689161280,"ns":909266400},{"host":"Windows host","key":"eventlog[Application]","value":"Service initialized","lastlogsize":25512,"timestamp":1662097802,"source":"Bonjour Service","severity":1,"eventid":100,"id":535,"clock":1689161280,"ns":914153400},{"host":"Windows host","key":"eventlog[Application]","value":"Service started\n","lastlogsize":25513,"timestamp":1662097802,"source":"Bonjour Service","severity":1,"eventid":100,"id":536,"clock":1689161280,"ns":918815100},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a critical notification event.","lastlogsize":25514,"timestamp":1662097805,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6003,"id":537,"clock":1689161280,"ns":923560400},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'hpqcaslwmiex' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed","lastlogsize":25515,"timestamp":1662097814,"source":"hpqcaslwmiex","severity":1,"id":538,"clock":1689161281,"ns":118313500},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1\n","lastlogsize":25516,"timestamp":1662097823,"source":"igfxCUIService2.0.0.0","severity":1,"id":539,"clock":1689161281,"ns":296109800},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1\n","lastlogsize":25517,"timestamp":1662097823,"source":"igfxCUIService2.0.0.0","severity":1,"id":540,"clock":1689161281,"ns":469196700},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a notification event.","lastlogsize":25518,"timestamp":1662097823,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6000,"id":541,"clock":1689161281,"ns":473452100},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1\n","lastlogsize":25519,"timestamp":1662097823,"source":"igfxCUIService2.0.0.0","severity":1,"id":542,"clock":1689161281,"ns":644397500},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (9200,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0).","lastlogsize":25520,"timestamp":1662097824,"source":"ESENT","severity":1,"eventid":102,"id":543,"clock":1689161281,"ns":649663500},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (9200,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) \r\n \r\nAdditional Data:\r\n \r\n \r\nInternal Timing Sequence: \n[1] 0.002498 +J(0) +M(C:0K, Fs:318, WS:1240K # 1240K, PF:5400K # 5400K, P:5400K)\n[2] 0.000325 +J(0) +M(C:0K, Fs:125, WS:500K # 500K, PF:444K # 444K, P:444K)\n[3] 0.000963 +J(0) +M(C:0K, Fs:12, WS:40K # 40K, PF:72K # 72K, P:72K)\n[4] 0.000126 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:348K # 348K, P:348K)\n[5] 0.001190 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:24K # 32K, P:24K)\n[6] 0.004772 +J(0) +M(C:0K, Fs:23, WS:92K # 92K, PF:12K # 4K, P:12K)\n[7] 0.006723 -0.002393 (2) WT +J(0) +M(C:0K, Fs:268, WS:1068K # 1068K, PF:1028K # 1028K, P:1028K)\n[8] -\n[9] -\n[10] -\n[11] -\n[12] -\n[13] 0.011897 -0.000177 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1024K # 12K, P:-1024K)\n[14] 0.000058 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:4K # 0K, P:4K)\n[15] 0.000149 +J(0) +M(C:0K, Fs:66, WS:260K # 0K, PF:68K # 0K, P:68K)\n[16] 0.000375 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).","lastlogsize":25521,"timestamp":1662097824,"source":"ESENT","severity":1,"eventid":105,"id":544,"clock":1689161281,"ns":654841900},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (9200,D,50) Windows: The database engine attached a database (1, C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb). (Time=0 seconds) \r\n \r\nSaved Cache: 0 0 \r\nAdditional Data: lgposAttach = 00000BC3:005A:0268,\ndbv = 1568.110.240 \r\n \r\nInternal Timing Sequence: \n[1] 0.000004 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[2] 0.001319 -0.000384 (1) WT +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K)\n[3] 0.004847 -0.000820 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:124K # 0K, PF:160K # 0K, P:160K)\n[4] 0.000276 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[5] -\n[6] -\n[7] -\n[8] 0.001275 -0.000894 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:55, WS:216K # 0K, PF:688K # 0K, P:688K)\n[9] 0.017480 -0.000638 (5) CM -0.016586 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:71, WS:284K # 0K, PF:288K # 212K, P:288K)\n[10] 0.000378 -0.000249 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:11, WS:40K # 20K, PF:100K # 100K, P:100K)\n[11] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K)\n[12] 0.000046 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K)\n[13] 0.0 +J(0)\n[14] 0.0 +J(0)\n[15] 0.000006 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).","lastlogsize":25522,"timestamp":1662097824,"source":"ESENT","severity":1,"eventid":326,"id":545,"clock":1689161281,"ns":660137000},{"host":"Windows host","key":"eventlog[Application]","value":"The Windows Search Service started.\n","lastlogsize":25523,"timestamp":1662097824,"source":"Microsoft-Windows-Search","severity":1,"eventid":1003,"id":546,"clock":1689161281,"ns":665308700},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed","lastlogsize":25524,"timestamp":1662097825,"source":"BrService_4_3_4_610","severity":1,"id":547,"clock":1689161281,"ns":842912900},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started","lastlogsize":25525,"timestamp":1662097826,"source":"dbupdate","severity":1,"id":548,"clock":1689161282,"ns":30585500},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25526,"timestamp":1662097827,"source":"dbupdate","severity":1,"id":549,"clock":1689161282,"ns":206224500},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service is starting.\r\nParameters:TriggerStarted:6","lastlogsize":25527,"timestamp":1662097830,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":900,"id":550,"clock":1689161282,"ns":211482800}],"clock":1689161282,"ns":213315700}] 9284:20230712:142802.218 JSON back [{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002258"}] 9284:20230712:142802.218 In check_response() response:'{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002258"}' 9284:20230712:142802.219 info from server: 'processed: 50; failed: 0; total: 50; seconds spent: 0.002258' 9284:20230712:142802.220 End of check_response():SUCCEED 9284:20230712:142802.220 OK 9284:20230712:142802.221 End of send_buffer():SUCCEED 9284:20230712:142802.222 End of process_value():SUCCEED 9284:20230712:142802.223 In zbx_parse_eventlog_message6() EventRecordID:25528 9284:20230712:142802.223 In expand_message6() 9284:20230712:142802.225 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142802.226 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.227 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25528 value:'Offline downlevel migration succeeded.' 9284:20230712:142802.227 buffer: new element 0 9284:20230712:142802.228 End of process_value():SUCCEED 9284:20230712:142802.229 In zbx_parse_eventlog_message6() EventRecordID:25529 9284:20230712:142802.229 In expand_message6() 9284:20230712:142802.231 End of expand_message6():Initialization status for service objects. C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 9284:20230712:142802.232 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.232 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25529 value:'Initialization status for service objects. C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 ' 9284:20230712:142802.233 buffer: new element 1 9284:20230712:142802.233 End of process_value():SUCCEED 9284:20230712:142802.234 In zbx_parse_eventlog_message6() EventRecordID:25530 9284:20230712:142802.235 In expand_message6() 9284:20230712:142802.237 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142802.237 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.238 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25530 value:'The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142802.238 buffer: new element 2 9284:20230712:142802.239 End of process_value():SUCCEED 9284:20230712:142802.239 In zbx_parse_eventlog_message6() EventRecordID:25531 9284:20230712:142802.240 In expand_message6() 9284:20230712:142802.241 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip. 9284:20230712:142802.242 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.242 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25531 value:'Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.' 9284:20230712:142802.243 buffer: new element 3 9284:20230712:142802.243 End of process_value():SUCCEED 9284:20230712:142802.244 In zbx_parse_eventlog_message6() EventRecordID:25532 9284:20230712:142802.244 In expand_message6() 9284:20230712:142802.246 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip. 9284:20230712:142802.246 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.247 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25532 value:'Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.' 9284:20230712:142802.247 buffer: new element 4 9284:20230712:142802.248 End of process_value():SUCCEED 9284:20230712:142802.248 In zbx_parse_eventlog_message6() EventRecordID:25533 9284:20230712:142802.249 In expand_message6() 9284:20230712:142802.250 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip. 9284:20230712:142802.251 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.251 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25533 value:'Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.' 9284:20230712:142802.252 buffer: new element 5 9284:20230712:142802.252 End of process_value():SUCCEED 9284:20230712:142802.253 In zbx_parse_eventlog_message6() EventRecordID:25534 9284:20230712:142802.253 In expand_message6() 9284:20230712:142802.255 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip. 9284:20230712:142802.255 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.256 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25534 value:'Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.' 9284:20230712:142802.256 buffer: new element 6 9284:20230712:142802.256 End of process_value():SUCCEED 9284:20230712:142802.257 In zbx_parse_eventlog_message6() EventRecordID:25535 9284:20230712:142802.257 In expand_message6() 9284:20230712:142802.259 End of expand_message6():Updated policy Kernel-RegisteredProcessors with value of 2 from Clip. 9284:20230712:142802.260 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.260 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25535 value:'Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.' 9284:20230712:142802.260 buffer: new element 7 9284:20230712:142802.261 End of process_value():SUCCEED 9284:20230712:142802.261 In zbx_parse_eventlog_message6() EventRecordID:25536 9284:20230712:142802.262 In expand_message6() 9284:20230712:142802.263 End of expand_message6():The Software Protection service has started. 10.0.19041.1889 9284:20230712:142802.264 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.264 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25536 value:'The Software Protection service has started. 10.0.19041.1889' 9284:20230712:142802.265 buffer: new element 8 9284:20230712:142802.265 End of process_value():SUCCEED 9284:20230712:142802.266 In zbx_parse_eventlog_message6() EventRecordID:25537 9284:20230712:142802.266 In expand_message6() 9284:20230712:142802.268 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142802.269 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.269 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25537 value:'The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142802.270 buffer: new element 9 9284:20230712:142802.270 End of process_value():SUCCEED 9284:20230712:142802.271 In zbx_parse_eventlog_message6() EventRecordID:25538 9284:20230712:142802.271 In expand_message6() 9284:20230712:142802.273 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip. 9284:20230712:142802.273 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.274 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25538 value:'Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.' 9284:20230712:142802.274 buffer: new element 10 9284:20230712:142802.275 End of process_value():SUCCEED 9284:20230712:142802.275 In zbx_parse_eventlog_message6() EventRecordID:25539 9284:20230712:142802.276 In expand_message6() 9284:20230712:142802.277 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip. 9284:20230712:142802.278 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.278 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25539 value:'Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.' 9284:20230712:142802.279 buffer: new element 11 9284:20230712:142802.279 End of process_value():SUCCEED 9284:20230712:142802.280 In zbx_parse_eventlog_message6() EventRecordID:25540 9284:20230712:142802.280 In expand_message6() 9284:20230712:142802.282 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip. 9284:20230712:142802.282 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.283 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25540 value:'Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.' 9284:20230712:142802.283 buffer: new element 12 9284:20230712:142802.284 End of process_value():SUCCEED 9284:20230712:142802.284 In zbx_parse_eventlog_message6() EventRecordID:25541 9284:20230712:142802.285 In expand_message6() 9284:20230712:142802.286 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip. 9284:20230712:142802.287 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.287 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25541 value:'Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.' 9284:20230712:142802.288 buffer: new element 13 9284:20230712:142802.288 End of process_value():SUCCEED 9284:20230712:142802.289 In zbx_parse_eventlog_message6() EventRecordID:25542 9284:20230712:142802.289 In expand_message6() 9284:20230712:142802.291 End of expand_message6():Updated policy Kernel-RegisteredProcessors with value of 2 from Clip. 9284:20230712:142802.291 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.292 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25542 value:'Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.' 9284:20230712:142802.292 buffer: new element 14 9284:20230712:142802.293 End of process_value():SUCCEED 9284:20230712:142802.293 In zbx_parse_eventlog_message6() EventRecordID:25543 9284:20230712:142802.294 In expand_message6() 9284:20230712:142802.295 End of expand_message6():Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying... 9284:20230712:142802.295 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.296 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25543 value:'Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...' 9284:20230712:142802.296 buffer: new element 15 9284:20230712:142802.297 End of process_value():SUCCEED 9284:20230712:142802.297 In zbx_parse_eventlog_message6() EventRecordID:25544 9284:20230712:142802.298 In expand_message6() 9284:20230712:142802.299 End of expand_message6():12754 9284:20230712:142802.300 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.300 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25544 value:'12754' 9284:20230712:142802.301 buffer: new element 16 9284:20230712:142802.301 End of process_value():SUCCEED 9284:20230712:142802.302 In zbx_parse_eventlog_message6() EventRecordID:25545 9284:20230712:142802.302 In expand_message6() 9284:20230712:142802.304 End of expand_message6():Outlook loaded the following add-in(s): Name: Microsoft Exchange Add-in Description: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability. ProgID: UmOutlookAddin.FormRegionAddin GUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\UmOutlookAddin.dll Boot Time (Milliseconds): 31 Name: Microsoft Teams Meeting Add-in for Microsoft Office Description: Microsoft Teams Meeting Add-in for Microsoft Office ProgID: TeamsAddin.FastConnect GUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D} Load Behavior: 3 HKLM: 0 Location: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22209.4\x64\Microsoft.Teams.AddinLoader.dll Boot Time (Milliseconds): 16 Name: Outlook Social Connector 2016 Description: Connects to social networking sites and provides people, activity, and status information. ProgID: OscAddin.Connect GUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\SOCIALCONNECTOR.DLL Boot Time (Milliseconds): 31 Name: OneNote Notes about Outlook Items Description: Adds Send to OneNote and Notes about this Item buttons to the command bar ProgID: OneNote.OutlookAddin GUID: {93E5752E-B889-47C5-8545-654EE2533C64} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll Boot Time (Milliseconds): 31 Name: Microsoft VBA for Outlook Addin Description: ProgID: Microsoft.VbaAddinForOutlook.1 GUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2} Load Behavior: 9 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\OUTLVBA.DLL Boot Time (Milliseconds): 0 Name: Microsoft SharePoint Server Colleague Import Add-in Description: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content ProgID: ColleagueImport.ColleagueImportAddin GUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120} Load Behavior: 3 HKLM: 0 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\ColleagueImport.dll Boot Time (Milliseconds): 16 Name: HP Sure Click Outlook Add-in 4.3.4.610 Description: HP Sure Click Outlook Add-in 4.3.4.610 ProgID: Bromium.vSentry.OutlookAddin GUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\HP\Sure Click\4.3.4.610\servers\BrOutlookAddin.dll Boot Time (Milliseconds): 250 9284:20230712:142802.304 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.305 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25545 value:'Outlook loaded the following add-in(s): Name: Microsoft Exchange Add-in Description: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability. ProgID: UmOutlookAddin.FormRegionAddin GUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\UmOutlookAddin.dll Boot Time (Milliseconds): 31 Name: Microsoft Teams Meeting Add-in for Microsoft Office Description: Microsoft Teams Meeting Add-in for Microsoft Office ProgID: TeamsAddin.FastConnect GUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D} Load Behavior: 3 HKLM: 0 Location: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22209.4\x64\Microsoft.Teams.AddinLoader.dll Boot Time (Milliseconds): 16 Name: Outlook Social Connector 2016 Description: Connects to social networking sites and provides people, activity, and status information. ProgID: OscAddin.Connect GUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\SOCIALCONNECTOR.DLL Boot Time (Milliseconds): 31 Name: OneNote Notes about Outlook Items Description: Adds Send to OneNote and Notes about this Item buttons to the command bar ProgID: OneNote.OutlookAddin GUID: {93E5752E-B889-47C5-8545-654EE2533C64} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll Boot Time (Milliseconds): 31 Name: Microsoft VBA for Outlook Addin Description: ProgID: Microsoft.VbaAddinForOutlook.1 GUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2} Load Behavior: 9 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\OUTLVBA.DLL Boot Time (Milliseconds): 0 Name: Microsoft SharePoint Server Colleague Import Add-in Description: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content ProgID: ColleagueImport.ColleagueImportAddin GUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120} Load Behavior: 3 HKLM: 0 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\ColleagueImport.dll Boot Time (Milliseconds): 16 Name: HP Sure Click Outlook Add-in 4.3.4.610 Description: HP Sure Click Outlook Add-in 4.3.4.610 ProgID: Bromium.vSentry.OutlookAddin GUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\HP\Sure Click\4.3.4.610\servers\BrOutlookAddin.dll Boot Time (Milliseconds): 250 ' 9284:20230712:142802.305 buffer: new element 17 9284:20230712:142802.306 End of process_value():SUCCEED 9284:20230712:142802.306 In zbx_parse_eventlog_message6() EventRecordID:25546 9284:20230712:142802.307 In expand_message6() 9284:20230712:142802.308 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142802.309 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.309 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25546 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142802.310 buffer: new element 18 9284:20230712:142802.310 End of process_value():SUCCEED 9284:20230712:142802.311 In zbx_parse_eventlog_message6() EventRecordID:25547 9284:20230712:142802.312 In expand_message6() 9284:20230712:142802.313 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142802.314 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.314 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25547 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142802.315 buffer: new element 19 9284:20230712:142802.315 End of process_value():SUCCEED 9284:20230712:142802.316 In zbx_parse_eventlog_message6() EventRecordID:25548 9284:20230712:142802.317 In expand_message6() 9284:20230712:142802.318 End of expand_message6():Outlook detected a change notification for your apps and will attempt to update them. 9284:20230712:142802.318 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.319 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25548 value:'Outlook detected a change notification for your apps and will attempt to update them.' 9284:20230712:142802.319 buffer: new element 20 9284:20230712:142802.320 End of process_value():SUCCEED 9284:20230712:142802.320 In zbx_parse_eventlog_message6() EventRecordID:25549 9284:20230712:142802.321 In expand_message6() 9284:20230712:142802.323 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 9284:20230712:142802.323 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.324 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25549 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] ' 9284:20230712:142802.324 buffer: new element 21 9284:20230712:142802.325 End of process_value():SUCCEED 9284:20230712:142802.326 In zbx_parse_eventlog_message6() EventRecordID:25550 9284:20230712:142802.326 In expand_message6() 9284:20230712:142802.327 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142802.328 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.329 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25550 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142802.329 buffer: new element 22 9284:20230712:142802.330 End of process_value():SUCCEED 9284:20230712:142802.330 In zbx_parse_eventlog_message6() EventRecordID:25551 9284:20230712:142802.331 In expand_message6() 2184:20230712:142802.362 In collect_perfstat() 2184:20230712:142802.365 End of collect_perfstat() 9284:20230712:142802.365 End of expand_message6():Beginning a Windows Installer transaction: C:\WINDOWS\system32\config\systemprofile\AppData\Local\mdm\{69C5B61F-B469-4819-9A2D-55B55CD911D5}.msi. Client Process Id: 15864. 9284:20230712:142802.366 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.366 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25551 value:'Beginning a Windows Installer transaction: C:\WINDOWS\system32\config\systemprofile\AppData\Local\mdm\{69C5B61F-B469-4819-9A2D-55B55CD911D5}.msi. Client Process Id: 15864.' 9284:20230712:142802.367 buffer: new element 23 9284:20230712:142802.368 End of process_value():SUCCEED 9284:20230712:142802.368 In zbx_parse_eventlog_message6() EventRecordID:25552 9284:20230712:142802.369 In expand_message6() 9284:20230712:142802.370 End of expand_message6():Product: Microsoft Intune Management Extension -- Installation completed successfully. 9284:20230712:142802.371 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.371 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25552 value:'Product: Microsoft Intune Management Extension -- Installation completed successfully.' 9284:20230712:142802.372 buffer: new element 24 9284:20230712:142802.372 End of process_value():SUCCEED 9284:20230712:142802.373 In zbx_parse_eventlog_message6() EventRecordID:25553 9284:20230712:142802.373 In expand_message6() 9284:20230712:142802.375 End of expand_message6():Windows Installer installed the product. Product Name: Microsoft Intune Management Extension. Product Version: 1.58.104.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0. 9284:20230712:142802.376 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.376 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25553 value:'Windows Installer installed the product. Product Name: Microsoft Intune Management Extension. Product Version: 1.58.104.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0.' 9284:20230712:142802.377 buffer: new element 25 9284:20230712:142802.377 End of process_value():SUCCEED 9284:20230712:142802.378 In zbx_parse_eventlog_message6() EventRecordID:25554 9284:20230712:142802.378 In expand_message6() 9284:20230712:142802.380 End of expand_message6():Ending a Windows Installer transaction: C:\WINDOWS\system32\config\systemprofile\AppData\Local\mdm\{69C5B61F-B469-4819-9A2D-55B55CD911D5}.msi. Client Process Id: 15864. 9284:20230712:142802.380 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.381 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25554 value:'Ending a Windows Installer transaction: C:\WINDOWS\system32\config\systemprofile\AppData\Local\mdm\{69C5B61F-B469-4819-9A2D-55B55CD911D5}.msi. Client Process Id: 15864.' 9284:20230712:142802.381 buffer: new element 26 9284:20230712:142802.382 End of process_value():SUCCEED 9284:20230712:142802.383 In zbx_parse_eventlog_message6() EventRecordID:25555 9284:20230712:142802.383 In expand_message6() 9284:20230712:142802.384 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142802.384 ====== Fatal information: ====== 9284:20230712:142802.385 Program counter: 0x67e2cf19 9284:20230712:142802.385 === Registers: === 9284:20230712:142802.386 r8 = 18 = 24 = 24 9284:20230712:142802.386 r9 = 0 = 0 = 0 9284:20230712:142802.387 r10 = 0 = 0 = 0 9284:20230712:142802.387 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142802.388 r12 = 6af7f0 = 7010288 = 7010288 9284:20230712:142802.389 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142802.389 r14 = 0 = 0 = 0 9284:20230712:142802.390 r15 = 0 = 0 = 0 9284:20230712:142802.390 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142802.391 rsi = 385f630 = 59110960 = 59110960 9284:20230712:142802.391 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142802.392 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142802.392 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142802.393 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142802.393 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142802.394 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142802.394 efl = 202 = 514 = 514 9284:20230712:142802.395 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142802.395 === Backtrace: === 9284:20230712:142802.538 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142802.538 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142802.539 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142802.540 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142802.541 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142802.543 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142802.544 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142802.544 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142802.545 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142802.546 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142802.547 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142802.548 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142802.549 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142802.549 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142802.554 ================================ 9284:20230712:142802.555 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142802.555 End of expand_message6():(null) 9284:20230712:142802.556 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.557 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25555 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142802.557 buffer: new element 27 9284:20230712:142802.558 End of process_value():SUCCEED 9284:20230712:142802.558 In zbx_parse_eventlog_message6() EventRecordID:25556 9284:20230712:142802.559 In expand_message6() 9284:20230712:142802.561 End of expand_message6():Service stopped. 9284:20230712:142802.561 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.562 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25556 value:'Service stopped.' 9284:20230712:142802.562 buffer: new element 28 9284:20230712:142802.563 End of process_value():SUCCEED 9284:20230712:142802.564 In zbx_parse_eventlog_message6() EventRecordID:25557 9284:20230712:142802.564 In expand_message6() 9284:20230712:142802.565 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142802.565 ====== Fatal information: ====== 9284:20230712:142802.566 Program counter: 0x67e2cf19 9284:20230712:142802.567 === Registers: === 9284:20230712:142802.567 r8 = 18 = 24 = 24 9284:20230712:142802.568 r9 = 0 = 0 = 0 9284:20230712:142802.568 r10 = 0 = 0 = 0 9284:20230712:142802.569 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142802.570 r12 = 38635f0 = 59127280 = 59127280 9284:20230712:142802.570 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142802.571 r14 = 0 = 0 = 0 9284:20230712:142802.572 r15 = 0 = 0 = 0 9284:20230712:142802.572 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142802.573 rsi = 385e7d0 = 59107280 = 59107280 9284:20230712:142802.573 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142802.574 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142802.574 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142802.575 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142802.576 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142802.576 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142802.577 efl = 202 = 514 = 514 9284:20230712:142802.577 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142802.578 === Backtrace: === 9284:20230712:142802.737 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142802.738 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142802.739 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142802.740 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142802.740 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142802.743 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142802.743 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142802.744 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142802.745 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142802.746 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142802.747 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142802.748 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142802.749 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142802.749 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142802.751 ================================ 9284:20230712:142802.752 provider 'gupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142802.752 End of expand_message6():(null) 9284:20230712:142802.753 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.754 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25557 value:'The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142802.754 buffer: new element 29 9284:20230712:142802.755 End of process_value():SUCCEED 9284:20230712:142802.755 In zbx_parse_eventlog_message6() EventRecordID:25558 9284:20230712:142802.756 In expand_message6() 9284:20230712:142802.758 End of expand_message6():Service started successfully. 9284:20230712:142802.758 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.759 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25558 value:'Service started successfully.' 9284:20230712:142802.759 buffer: new element 30 9284:20230712:142802.760 End of process_value():SUCCEED 9284:20230712:142802.761 In zbx_parse_eventlog_message6() EventRecordID:25559 9284:20230712:142802.761 In expand_message6() 9284:20230712:142802.763 End of expand_message6():Service started successfully. 9284:20230712:142802.763 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.764 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25559 value:'Service started successfully.' 9284:20230712:142802.764 buffer: new element 31 9284:20230712:142802.765 End of process_value():SUCCEED 9284:20230712:142802.766 In zbx_parse_eventlog_message6() EventRecordID:25560 9284:20230712:142802.766 In expand_message6() 9284:20230712:142802.768 End of expand_message6():Started event manager Started event manager 9284:20230712:142802.768 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.769 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25560 value:'Started event manager Started event manager' 9284:20230712:142802.769 buffer: new element 32 9284:20230712:142802.770 End of process_value():SUCCEED 9284:20230712:142802.771 In zbx_parse_eventlog_message6() EventRecordID:25561 9284:20230712:142802.771 In expand_message6() 9284:20230712:142802.773 End of expand_message6():The Windows Security Center Service has started. 9284:20230712:142802.773 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.774 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25561 value:'The Windows Security Center Service has started.' 9284:20230712:142802.774 buffer: new element 33 9284:20230712:142802.775 End of process_value():SUCCEED 9284:20230712:142802.775 In zbx_parse_eventlog_message6() EventRecordID:25562 9284:20230712:142802.776 In expand_message6() 9284:20230712:142802.777 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142802.778 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.778 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25562 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142802.779 buffer: new element 34 9284:20230712:142802.779 End of process_value():SUCCEED 9284:20230712:142802.780 In zbx_parse_eventlog_message6() EventRecordID:25563 9284:20230712:142802.780 In expand_message6() 9284:20230712:142802.782 End of expand_message6():Version : 2.0.11.0 9284:20230712:142802.782 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.783 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25563 value:'Version : 2.0.11.0' 9284:20230712:142802.783 buffer: new element 35 9284:20230712:142802.784 End of process_value():SUCCEED 9284:20230712:142802.784 In zbx_parse_eventlog_message6() EventRecordID:25564 9284:20230712:142802.784 In expand_message6() 9284:20230712:142802.786 End of expand_message6():Cloud logging is enabled. 9284:20230712:142802.786 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.787 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25564 value:'Cloud logging is enabled.' 9284:20230712:142802.788 buffer: new element 36 9284:20230712:142802.788 End of process_value():SUCCEED 9284:20230712:142802.789 In zbx_parse_eventlog_message6() EventRecordID:25565 9284:20230712:142802.789 In expand_message6() 9284:20230712:142802.791 End of expand_message6():Load Balance is enabled. 9284:20230712:142802.791 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.792 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25565 value:'Load Balance is enabled.' 9284:20230712:142802.792 buffer: new element 37 9284:20230712:142802.793 End of process_value():SUCCEED 9284:20230712:142802.793 In zbx_parse_eventlog_message6() EventRecordID:25566 9284:20230712:142802.794 In expand_message6() 9284:20230712:142802.795 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-09T05:52:57Z. Reason: RulesEngine. 9284:20230712:142802.796 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.796 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25566 value:'Successfully scheduled Software Protection service for re-start at 2122-08-09T05:52:57Z. Reason: RulesEngine.' 9284:20230712:142802.797 buffer: new element 38 9284:20230712:142802.797 End of process_value():SUCCEED 9284:20230712:142802.798 In zbx_parse_eventlog_message6() EventRecordID:25567 9284:20230712:142802.798 In expand_message6() 9284:20230712:142802.800 End of expand_message6():The Software Protection service has stopped. 9284:20230712:142802.801 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.801 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25567 value:'The Software Protection service has stopped. ' 9284:20230712:142802.802 buffer: new element 39 9284:20230712:142802.802 End of process_value():SUCCEED 9284:20230712:142802.803 In zbx_parse_eventlog_message6() EventRecordID:25568 9284:20230712:142802.803 In expand_message6() 9284:20230712:142802.805 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142802.805 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.806 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25568 value:'Offline downlevel migration succeeded.' 9284:20230712:142802.806 buffer: new element 40 9284:20230712:142802.807 End of process_value():SUCCEED 9284:20230712:142802.807 In zbx_parse_eventlog_message6() EventRecordID:25569 9284:20230712:142802.808 In expand_message6() 9284:20230712:142802.810 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142802.810 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.811 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25569 value:'The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142802.811 buffer: new element 41 9284:20230712:142802.812 End of process_value():SUCCEED 9284:20230712:142802.812 In zbx_parse_eventlog_message6() EventRecordID:25570 9284:20230712:142802.813 In expand_message6() 9284:20230712:142802.815 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip. 9284:20230712:142802.815 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.816 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25570 value:'Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.' 9284:20230712:142802.816 buffer: new element 42 9284:20230712:142802.817 End of process_value():SUCCEED 9284:20230712:142802.817 In zbx_parse_eventlog_message6() EventRecordID:25571 9284:20230712:142802.818 In expand_message6() 9284:20230712:142802.820 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip. 9284:20230712:142802.820 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.821 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25571 value:'Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.' 9284:20230712:142802.822 buffer: new element 43 9284:20230712:142802.822 End of process_value():SUCCEED 9284:20230712:142802.823 In zbx_parse_eventlog_message6() EventRecordID:25572 9284:20230712:142802.823 In expand_message6() 9284:20230712:142802.825 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip. 9284:20230712:142802.826 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.826 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25572 value:'Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.' 9284:20230712:142802.827 buffer: new element 44 9284:20230712:142802.827 End of process_value():SUCCEED 9284:20230712:142802.828 In zbx_parse_eventlog_message6() EventRecordID:25573 9284:20230712:142802.828 In expand_message6() 9284:20230712:142802.830 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip. 9284:20230712:142802.831 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.831 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25573 value:'Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.' 9284:20230712:142802.832 buffer: new element 45 9284:20230712:142802.832 End of process_value():SUCCEED 9284:20230712:142802.833 In zbx_parse_eventlog_message6() EventRecordID:25574 9284:20230712:142802.834 In expand_message6() 9284:20230712:142802.835 End of expand_message6():Updated policy Kernel-RegisteredProcessors with value of 2 from Clip. 9284:20230712:142802.836 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.836 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25574 value:'Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.' 9284:20230712:142802.837 buffer: new element 46 9284:20230712:142802.837 End of process_value():SUCCEED 9284:20230712:142802.838 In zbx_parse_eventlog_message6() EventRecordID:25575 9284:20230712:142802.839 In expand_message6() 9284:20230712:142802.840 End of expand_message6():Finish Device Check 9284:20230712:142802.840 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.841 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25575 value:'Finish Device Check' 9284:20230712:142802.842 buffer: new element 47 9284:20230712:142802.842 End of process_value():SUCCEED 9284:20230712:142802.843 In zbx_parse_eventlog_message6() EventRecordID:25576 9284:20230712:142802.843 In expand_message6() 9284:20230712:142802.845 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-09T05:56:00Z. Reason: RulesEngine. 9284:20230712:142802.846 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.846 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25576 value:'Successfully scheduled Software Protection service for re-start at 2122-08-09T05:56:00Z. Reason: RulesEngine.' 9284:20230712:142802.847 buffer: new element 48 9284:20230712:142802.847 End of process_value():SUCCEED 9284:20230712:142802.848 In zbx_parse_eventlog_message6() EventRecordID:25577 9284:20230712:142802.848 In expand_message6() 9284:20230712:142802.850 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142802.850 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142802.851 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25577 value:'Offline downlevel migration succeeded.' 9284:20230712:142802.851 buffer: new element 49 9284:20230712:142802.852 In send_buffer() host:'192.168.56.201' port:10051 entries:50/100 9284:20230712:142802.853 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:60, connection timeout:3] 9284:20230712:142802.854 JSON before sending [{"request":"agent data","session":"4027be861358abcc6136983f1f36335c","data":[{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25528,"timestamp":1662097831,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":551,"clock":1689161282,"ns":227985300},{"host":"Windows host","key":"eventlog[Application]","value":"Initialization status for service objects.\r\nC:\\WINDOWS\\system32\\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000\n","lastlogsize":25529,"timestamp":1662097831,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1066,"id":552,"clock":1689161282,"ns":233465300},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=55c92734-d682-4d71-983e-d6ec3f16059f\r\nLicensing Status=\n1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]\n38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25530,"timestamp":1662097831,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":553,"clock":1689161282,"ns":238709400},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.","lastlogsize":25531,"timestamp":1662097831,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":554,"clock":1689161282,"ns":243254000},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.","lastlogsize":25532,"timestamp":1662097831,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":555,"clock":1689161282,"ns":247700900},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.","lastlogsize":25533,"timestamp":1662097831,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":556,"clock":1689161282,"ns":252149700},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.","lastlogsize":25534,"timestamp":1662097831,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":557,"clock":1689161282,"ns":256578500},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.","lastlogsize":25535,"timestamp":1662097831,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":558,"clock":1689161282,"ns":261049500},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has started.\r\n10.0.19041.1889","lastlogsize":25536,"timestamp":1662097831,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":902,"id":559,"clock":1689161282,"ns":265447000},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=55c92734-d682-4d71-983e-d6ec3f16059f\r\nLicensing Status=\n1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]\n38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25537,"timestamp":1662097831,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":560,"clock":1689161282,"ns":270480100},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.","lastlogsize":25538,"timestamp":1662097831,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":561,"clock":1689161282,"ns":274896300},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.","lastlogsize":25539,"timestamp":1662097831,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":562,"clock":1689161282,"ns":279384500},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.","lastlogsize":25540,"timestamp":1662097831,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":563,"clock":1689161282,"ns":283825100},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.","lastlogsize":25541,"timestamp":1662097831,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":564,"clock":1689161282,"ns":288249900},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.","lastlogsize":25542,"timestamp":1662097831,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":565,"clock":1689161282,"ns":292677200},{"host":"Windows host","key":"eventlog[Application]","value":"Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...","lastlogsize":25543,"timestamp":1662097832,"source":"DbxSvc","severity":1,"eventid":320,"id":566,"clock":1689161282,"ns":296785800},{"host":"Windows host","key":"eventlog[Application]","value":"12754","lastlogsize":25544,"timestamp":1662097842,"source":"SensorFramework-LogonTask-{100ee514-48c8-f419-6760-6fb8cb2767cd}","severity":1,"eventid":92,"id":567,"clock":1689161282,"ns":301304600},{"host":"Windows host","key":"eventlog[Application]","value":"Outlook loaded the following add-in(s):\n\n\nName: Microsoft Exchange Add-in\nDescription: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability.\nProgID: UmOutlookAddin.FormRegionAddin\nGUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\UmOutlookAddin.dll\nBoot Time (Milliseconds): 31\n\nName: Microsoft Teams Meeting Add-in for Microsoft Office\nDescription: Microsoft Teams Meeting Add-in for Microsoft Office\nProgID: TeamsAddin.FastConnect\nGUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D}\nLoad Behavior: 3\nHKLM: 0\nLocation: C:\\Users\\MihailsPrihodko\\AppData\\Local\\Microsoft\\TeamsMeetingAddin\\1.0.22209.4\\x64\\Microsoft.Teams.AddinLoader.dll\nBoot Time (Milliseconds): 16\n\nName: Outlook Social Connector 2016\nDescription: Connects to social networking sites and provides people, activity, and status information.\nProgID: OscAddin.Connect\nGUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\SOCIALCONNECTOR.DLL\nBoot Time (Milliseconds): 31\n\nName: OneNote Notes about Outlook Items\nDescription: Adds Send to OneNote and Notes about this Item buttons to the command bar\nProgID: OneNote.OutlookAddin\nGUID: {93E5752E-B889-47C5-8545-654EE2533C64}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ONBttnOL.dll\nBoot Time (Milliseconds): 31\n\nName: Microsoft VBA for Outlook Addin\nDescription: \nProgID: Microsoft.VbaAddinForOutlook.1\nGUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2}\nLoad Behavior: 9\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\OUTLVBA.DLL\nBoot Time (Milliseconds): 0\n\nName: Microsoft SharePoint Server Colleague Import Add-in\nDescription: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content\nProgID: ColleagueImport.ColleagueImportAddin\nGUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120}\nLoad Behavior: 3\nHKLM: 0\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\ColleagueImport.dll\nBoot Time (Milliseconds): 16\n\nName: HP Sure Click Outlook Add-in 4.3.4.610\nDescription: HP Sure Click Outlook Add-in 4.3.4.610\nProgID: Bromium.vSentry.OutlookAddin\nGUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\HP\\Sure Click\\4.3.4.610\\servers\\BrOutlookAddin.dll\nBoot Time (Milliseconds): 250\n","lastlogsize":25545,"timestamp":1662097853,"source":"Outlook","severity":1,"eventid":45,"id":568,"clock":1689161282,"ns":305675700},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":25546,"timestamp":1662097854,"source":"Outlook","severity":1,"eventid":63,"id":569,"clock":1689161282,"ns":310449500},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25547,"timestamp":1662097855,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":570,"clock":1689161282,"ns":315422200},{"host":"Windows host","key":"eventlog[Application]","value":"Outlook detected a change notification for your apps and will attempt to update them.","lastlogsize":25548,"timestamp":1662097855,"source":"Outlook","severity":1,"eventid":63,"id":571,"clock":1689161282,"ns":319967200},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n\n","lastlogsize":25549,"timestamp":1662097855,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":572,"clock":1689161282,"ns":325005400},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":25550,"timestamp":1662097856,"source":"Outlook","severity":1,"eventid":63,"id":573,"clock":1689161282,"ns":329639600},{"host":"Windows host","key":"eventlog[Application]","value":"Beginning a Windows Installer transaction: C:\\WINDOWS\\system32\\config\\systemprofile\\AppData\\Local\\mdm\\{69C5B61F-B469-4819-9A2D-55B55CD911D5}.msi. Client Process Id: 15864.","lastlogsize":25551,"timestamp":1662097869,"source":"MsiInstaller","severity":1,"eventid":1040,"id":574,"clock":1689161282,"ns":367630300},{"host":"Windows host","key":"eventlog[Application]","value":"Product: Microsoft Intune Management Extension -- Installation completed successfully.","lastlogsize":25552,"timestamp":1662097874,"source":"MsiInstaller","severity":1,"eventid":11707,"id":575,"clock":1689161282,"ns":372410400},{"host":"Windows host","key":"eventlog[Application]","value":"Windows Installer installed the product. Product Name: Microsoft Intune Management Extension. Product Version: 1.58.104.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0.","lastlogsize":25553,"timestamp":1662097874,"source":"MsiInstaller","severity":1,"eventid":1033,"id":576,"clock":1689161282,"ns":377253900},{"host":"Windows host","key":"eventlog[Application]","value":"Ending a Windows Installer transaction: C:\\WINDOWS\\system32\\config\\systemprofile\\AppData\\Local\\mdm\\{69C5B61F-B469-4819-9A2D-55B55CD911D5}.msi. Client Process Id: 15864.","lastlogsize":25554,"timestamp":1662097874,"source":"MsiInstaller","severity":1,"eventid":1042,"id":577,"clock":1689161282,"ns":382053600},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25555,"timestamp":1662097922,"source":"dbupdate","severity":1,"id":578,"clock":1689161282,"ns":557908600},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped.","lastlogsize":25556,"timestamp":1662097922,"source":"edgeupdate","severity":1,"id":579,"clock":1689161282,"ns":563075100},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25557,"timestamp":1662097923,"source":"gupdate","severity":1,"id":580,"clock":1689161282,"ns":754932400},{"host":"Windows host","key":"eventlog[Application]","value":"Service started successfully.","lastlogsize":25558,"timestamp":1662097923,"source":"HP Comm Recovery","severity":1,"id":581,"clock":1689161282,"ns":759950200},{"host":"Windows host","key":"eventlog[Application]","value":"Service started successfully.","lastlogsize":25559,"timestamp":1662097923,"source":"IAStorDataMgrSvc","severity":1,"id":582,"clock":1689161282,"ns":764976900},{"host":"Windows host","key":"eventlog[Application]","value":"Started event manager\nStarted event manager","lastlogsize":25560,"timestamp":1662097923,"source":"IAStorDataMgrSvc","severity":1,"eventid":7303,"id":583,"clock":1689161282,"ns":770022300},{"host":"Windows host","key":"eventlog[Application]","value":"The Windows Security Center Service has started.","lastlogsize":25561,"timestamp":1662097924,"source":"SecurityCenter","severity":1,"eventid":1,"id":584,"clock":1689161282,"ns":775015600},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25562,"timestamp":1662097926,"source":"SecurityCenter","severity":1,"eventid":15,"id":585,"clock":1689161282,"ns":779357800},{"host":"Windows host","key":"eventlog[Application]","value":"Version : 2.0.11.0","lastlogsize":25563,"timestamp":1662097953,"source":"HP Comm Recovery","severity":1,"id":586,"clock":1689161282,"ns":783635200},{"host":"Windows host","key":"eventlog[Application]","value":"Cloud logging is enabled.","lastlogsize":25564,"timestamp":1662097953,"source":"HP Comm Recovery","severity":1,"id":587,"clock":1689161282,"ns":788109600},{"host":"Windows host","key":"eventlog[Application]","value":"Load Balance is enabled.","lastlogsize":25565,"timestamp":1662097953,"source":"HP Comm Recovery","severity":1,"id":588,"clock":1689161282,"ns":792817200},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-09T05:52:57Z. Reason: RulesEngine.","lastlogsize":25566,"timestamp":1662097977,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":589,"clock":1689161282,"ns":797552600},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has stopped.\r\n","lastlogsize":25567,"timestamp":1662097977,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":903,"id":590,"clock":1689161282,"ns":802221400},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25568,"timestamp":1662098096,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":591,"clock":1689161282,"ns":806860900},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=55c92734-d682-4d71-983e-d6ec3f16059f\r\nLicensing Status=\n1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]\n38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25569,"timestamp":1662098096,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":592,"clock":1689161282,"ns":811952500},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.","lastlogsize":25570,"timestamp":1662098097,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":593,"clock":1689161282,"ns":816861200},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.","lastlogsize":25571,"timestamp":1662098097,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":594,"clock":1689161282,"ns":822148900},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.","lastlogsize":25572,"timestamp":1662098097,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":595,"clock":1689161282,"ns":827411600},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.","lastlogsize":25573,"timestamp":1662098097,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":596,"clock":1689161282,"ns":832487000},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.","lastlogsize":25574,"timestamp":1662098097,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":597,"clock":1689161282,"ns":837543900},{"host":"Windows host","key":"eventlog[Application]","value":"Finish Device Check","lastlogsize":25575,"timestamp":1662098133,"source":"HP Comm Recovery","severity":1,"eventid":1,"id":598,"clock":1689161282,"ns":842198800},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-09T05:56:00Z. Reason: RulesEngine.","lastlogsize":25576,"timestamp":1662098160,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":599,"clock":1689161282,"ns":847129000},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25577,"timestamp":1662098401,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":600,"clock":1689161282,"ns":851945900}],"clock":1689161282,"ns":853794300}] 9284:20230712:142802.860 JSON back [{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.003306"}] 9284:20230712:142802.861 In check_response() response:'{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.003306"}' 9284:20230712:142802.861 info from server: 'processed: 50; failed: 0; total: 50; seconds spent: 0.003306' 9284:20230712:142802.862 End of check_response():SUCCEED 9284:20230712:142802.862 OK 9284:20230712:142802.863 End of send_buffer():SUCCEED 9284:20230712:142802.864 End of process_value():SUCCEED 9284:20230712:142802.864 End of process_eventslog6():SUCCEED last eventid:16394 9284:20230712:142802.865 In finalize_eventlog6() 9284:20230712:142802.865 End of finalize_eventlog6():SUCCEED 9284:20230712:142802.866 In need_meta_update() key:eventlog[Application] 9284:20230712:142802.867 End of need_meta_update():FAIL 9284:20230712:142802.867 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142802.868 End of send_buffer():SUCCEED 9284:20230712:142802.868 End of process_active_checks() 9284:20230712:142802.869 In get_min_nextcheck() 9284:20230712:142802.869 End of get_min_nextcheck():1689161292 9284:20230712:142802.870 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142802.871 End of send_buffer():SUCCEED 9284:20230712:142802.871 In refresh_active_checks() host:'192.168.56.201' port:10051 9284:20230712:142802.876 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:3, connection timeout:3] 9284:20230712:142802.877 sending [{"request":"active checks","host":"Windows host","host_metadata":"Q21 Ver. 02.09.01","config_revision":919,"session":"4027be861358abcc6136983f1f36335c"}] 9284:20230712:142802.878 before read 9284:20230712:142802.878 got [{"response":"success"}] 9284:20230712:142802.879 In parse_list_of_checks() 9284:20230712:142802.880 End of parse_list_of_checks():SUCCEED 9284:20230712:142802.880 End of refresh_active_checks():SUCCEED 9284:20230712:142802.881 In process_active_checks() server:'192.168.56.201' port:10051 9284:20230712:142802.882 End of process_active_checks() 9284:20230712:142802.882 In get_min_nextcheck() 9284:20230712:142802.883 End of get_min_nextcheck():1689161292 2184:20230712:142803.367 In collect_perfstat() 2184:20230712:142803.369 End of collect_perfstat() 9284:20230712:142803.884 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142803.885 End of send_buffer():SUCCEED 2184:20230712:142804.373 In collect_perfstat() 2184:20230712:142804.376 End of collect_perfstat() 9284:20230712:142804.888 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142804.890 End of send_buffer():SUCCEED 2184:20230712:142805.379 In collect_perfstat() 2184:20230712:142805.382 End of collect_perfstat() 17028:20230712:142805.605 Requested [system.sw.os.get] 17028:20230712:142805.606 [MPLOG] in system_sw_os_get() 17028:20230712:142805.608 [MPLOG] end system_sw_os_get() 17028:20230712:142805.609 Sending back [{"os_type":"windows","product_name":"Windows 10 Pro","architecture":"x86_64","build_number":"19045","build_revision":"3086","build":"19045.3086","edition":"Professional","composition":"Enterprise","display_version":"22H2","version":"6.3","version_pretty":"Windows 10 Pro Build 19045.3086","version_full":"Windows 10 Pro 19041.1.amd64fre.vb_release.191206-1406 Build 19045.3086"}] 9284:20230712:142805.894 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142805.897 End of send_buffer():SUCCEED 2184:20230712:142806.384 In collect_perfstat() 2184:20230712:142806.387 End of collect_perfstat() 9284:20230712:142806.899 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142806.900 End of send_buffer():SUCCEED 2184:20230712:142807.397 In collect_perfstat() 2184:20230712:142807.399 End of collect_perfstat() 14488:20230712:142807.609 Requested [agent.ping] 14488:20230712:142807.610 Sending back [1] 9284:20230712:142807.903 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142807.905 End of send_buffer():SUCCEED 9284:20230712:142807.908 In refresh_active_checks() host:'192.168.56.201' port:10051 9284:20230712:142807.923 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:3, connection timeout:3] 9284:20230712:142807.927 sending [{"request":"active checks","host":"Windows host","host_metadata":"Q21 Ver. 02.09.01","config_revision":919,"session":"4027be861358abcc6136983f1f36335c"}] 9284:20230712:142807.929 before read 9284:20230712:142807.932 got [{"response":"success"}] 9284:20230712:142807.934 In parse_list_of_checks() 9284:20230712:142807.937 End of parse_list_of_checks():SUCCEED 9284:20230712:142807.939 End of refresh_active_checks():SUCCEED 9284:20230712:142807.940 In process_active_checks() server:'192.168.56.201' port:10051 9284:20230712:142807.942 End of process_active_checks() 9284:20230712:142807.943 In get_min_nextcheck() 9284:20230712:142807.945 End of get_min_nextcheck():1689161292 2184:20230712:142808.401 In collect_perfstat() 2184:20230712:142808.404 End of collect_perfstat() 9284:20230712:142808.948 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142808.951 End of send_buffer():SUCCEED 2184:20230712:142809.406 In collect_perfstat() 2184:20230712:142809.409 End of collect_perfstat() 9284:20230712:142809.954 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142809.957 End of send_buffer():SUCCEED 2184:20230712:142810.413 In collect_perfstat() 2184:20230712:142810.419 End of collect_perfstat() 9284:20230712:142810.961 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142810.963 End of send_buffer():SUCCEED 2184:20230712:142811.423 In collect_perfstat() 2184:20230712:142811.430 End of collect_perfstat() 9284:20230712:142811.966 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142811.969 End of send_buffer():SUCCEED 2184:20230712:142812.432 In collect_perfstat() 2184:20230712:142812.434 End of collect_perfstat() 9284:20230712:142812.973 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142812.975 End of send_buffer():SUCCEED 9284:20230712:142812.978 In refresh_active_checks() host:'192.168.56.201' port:10051 9284:20230712:142812.992 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:3, connection timeout:3] 9284:20230712:142812.996 sending [{"request":"active checks","host":"Windows host","host_metadata":"Q21 Ver. 02.09.01","config_revision":919,"session":"4027be861358abcc6136983f1f36335c"}] 9284:20230712:142812.998 before read 9284:20230712:142812.999 got [{"response":"success"}] 9284:20230712:142813.000 In parse_list_of_checks() 9284:20230712:142813.001 End of parse_list_of_checks():SUCCEED 9284:20230712:142813.002 End of refresh_active_checks():SUCCEED 9284:20230712:142813.003 In process_active_checks() server:'192.168.56.201' port:10051 9284:20230712:142813.003 In initialize_eventlog6() source:'Application' previous lastlogsize:25577 9284:20230712:142813.004 In zbx_open_eventlog6() lastlogsize:25577 9284:20230712:142813.005 In get_eventlog6_id() 9284:20230712:142813.006 End of get_eventlog6_id():SUCCEED id:94304984 9284:20230712:142813.007 In get_eventlog6_id() 9284:20230712:142813.008 End of get_eventlog6_id():SUCCEED id:94304976 9284:20230712:142813.008 End of zbx_open_eventlog6():SUCCEED FirstID:24378 LastID:70732 9284:20230712:142813.009 In zbx_get_handle_eventlog6(), previous lastlogsize:25577 9284:20230712:142813.010 End of zbx_get_handle_eventlog6():SUCCEED 9284:20230712:142813.011 End of initialize_eventlog6():SUCCEED 9284:20230712:142813.011 In process_eventslog6() source: 'Application' previous lastlogsize: 25577, FirstID: 24378, LastID: 70732 9284:20230712:142813.019 In zbx_parse_eventlog_message6() EventRecordID:25578 9284:20230712:142813.019 In expand_message6() 9284:20230712:142813.021 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142813.022 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.023 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25578 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142813.023 buffer: new element 0 9284:20230712:142813.024 End of process_value():SUCCEED 9284:20230712:142813.025 In zbx_parse_eventlog_message6() EventRecordID:25579 9284:20230712:142813.025 In expand_message6() 9284:20230712:142813.027 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-09T06:00:33Z. Reason: RulesEngine. 9284:20230712:142813.028 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.028 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25579 value:'Successfully scheduled Software Protection service for re-start at 2122-08-09T06:00:33Z. Reason: RulesEngine.' 9284:20230712:142813.029 buffer: new element 1 9284:20230712:142813.030 End of process_value():SUCCEED 9284:20230712:142813.030 In zbx_parse_eventlog_message6() EventRecordID:25580 9284:20230712:142813.031 In expand_message6() 9284:20230712:142813.033 End of expand_message6():The Open procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available. 9284:20230712:142813.033 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.034 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25580 value:'The Open procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available.' 9284:20230712:142813.035 buffer: new element 2 9284:20230712:142813.035 End of process_value():SUCCEED 9284:20230712:142813.036 In zbx_parse_eventlog_message6() EventRecordID:25581 9284:20230712:142813.037 In expand_message6() 9284:20230712:142813.038 End of expand_message6():The Open procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available. 9284:20230712:142813.039 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.040 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25581 value:'The Open procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available.' 9284:20230712:142813.040 buffer: new element 3 9284:20230712:142813.041 End of process_value():SUCCEED 9284:20230712:142813.042 In zbx_parse_eventlog_message6() EventRecordID:25582 9284:20230712:142813.042 In expand_message6() 9284:20230712:142813.044 End of expand_message6():The Open procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available. 9284:20230712:142813.045 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.045 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25582 value:'The Open procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available.' 9284:20230712:142813.046 buffer: new element 4 9284:20230712:142813.047 End of process_value():SUCCEED 9284:20230712:142813.047 In zbx_parse_eventlog_message6() EventRecordID:25583 9284:20230712:142813.048 In expand_message6() 9284:20230712:142813.050 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142813.050 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.051 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25583 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142813.052 buffer: new element 5 9284:20230712:142813.052 End of process_value():SUCCEED 9284:20230712:142813.053 In zbx_parse_eventlog_message6() EventRecordID:25584 9284:20230712:142813.054 In expand_message6() 9284:20230712:142813.056 End of expand_message6():The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted. 9284:20230712:142813.056 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.057 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25584 value:'The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.' 9284:20230712:142813.058 buffer: new element 6 9284:20230712:142813.058 End of process_value():SUCCEED 9284:20230712:142813.059 In zbx_parse_eventlog_message6() EventRecordID:25585 9284:20230712:142813.060 In expand_message6() 9284:20230712:142813.061 End of expand_message6():Service stopped. 9284:20230712:142813.062 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.063 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25585 value:'Service stopped.' 9284:20230712:142813.063 buffer: new element 7 9284:20230712:142813.064 End of process_value():SUCCEED 9284:20230712:142813.065 In zbx_parse_eventlog_message6() EventRecordID:25586 9284:20230712:142813.065 In expand_message6() 9284:20230712:142813.066 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142813.067 ====== Fatal information: ====== 9284:20230712:142813.067 Program counter: 0x67e2cf19 9284:20230712:142813.068 === Registers: === 9284:20230712:142813.069 r8 = 18 = 24 = 24 9284:20230712:142813.069 r9 = 0 = 0 = 0 9284:20230712:142813.070 r10 = 0 = 0 = 0 9284:20230712:142813.071 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142813.071 r12 = 3863a70 = 59128432 = 59128432 9284:20230712:142813.072 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142813.072 r14 = 0 = 0 = 0 9284:20230712:142813.073 r15 = 0 = 0 = 0 9284:20230712:142813.074 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142813.074 rsi = 385e730 = 59107120 = 59107120 9284:20230712:142813.075 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142813.076 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142813.076 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142813.077 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142813.077 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142813.078 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142813.078 efl = 202 = 514 = 514 9284:20230712:142813.079 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142813.079 === Backtrace: === 9284:20230712:142813.223 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142813.224 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142813.225 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142813.226 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142813.227 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142813.229 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142813.230 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142813.231 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142813.231 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142813.232 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142813.233 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142813.234 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142813.235 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142813.235 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142813.241 ================================ 9284:20230712:142813.242 provider 'gupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142813.242 End of expand_message6():(null) 9284:20230712:142813.243 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.244 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25586 value:'The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142813.244 buffer: new element 8 9284:20230712:142813.245 End of process_value():SUCCEED 9284:20230712:142813.246 In zbx_parse_eventlog_message6() EventRecordID:25587 9284:20230712:142813.246 In expand_message6() 9284:20230712:142813.248 End of expand_message6():svchost (12780,P,98) DS_Token_DB: The database engine (10.00.19044.0000) is starting a new instance (0). 9284:20230712:142813.249 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.249 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25587 value:'svchost (12780,P,98) DS_Token_DB: The database engine (10.00.19044.0000) is starting a new instance (0).' 9284:20230712:142813.250 buffer: new element 9 9284:20230712:142813.250 End of process_value():SUCCEED 9284:20230712:142813.251 In zbx_parse_eventlog_message6() EventRecordID:25588 9284:20230712:142813.252 In expand_message6() 9284:20230712:142813.253 End of expand_message6():svchost (12780,R,98) DS_Token_DB: The database engine is initiating recovery steps. 9284:20230712:142813.254 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.255 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25588 value:'svchost (12780,R,98) DS_Token_DB: The database engine is initiating recovery steps.' 9284:20230712:142813.255 buffer: new element 10 9284:20230712:142813.256 End of process_value():SUCCEED 9284:20230712:142813.256 In zbx_parse_eventlog_message6() EventRecordID:25589 9284:20230712:142813.257 In expand_message6() 9284:20230712:142813.259 End of expand_message6():svchost (12780,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Processing Stats: [1] 0.017597 -0.003530 (9) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:48672/33) +M(C:0K, Fs:105, WS:212K # 164K, PF:148K # 84K, P:148K). Log record of type 'AttachDB ' was seen most frequently (3 times) 9284:20230712:142813.259 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.260 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25589 value:'svchost (12780,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Processing Stats: [1] 0.017597 -0.003530 (9) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:48672/33) +M(C:0K, Fs:105, WS:212K # 164K, PF:148K # 84K, P:148K). Log record of type 'AttachDB ' was seen most frequently (3 times)' 9284:20230712:142813.260 buffer: new element 11 9284:20230712:142813.261 End of process_value():SUCCEED 9284:20230712:142813.262 In zbx_parse_eventlog_message6() EventRecordID:25590 9284:20230712:142813.262 In expand_message6() 9284:20230712:142813.264 End of expand_message6():svchost (12780,U,98) DS_Token_DB: The database engine has successfully completed recovery steps. 9284:20230712:142813.265 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.265 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25590 value:'svchost (12780,U,98) DS_Token_DB: The database engine has successfully completed recovery steps.' 9284:20230712:142813.266 buffer: new element 12 9284:20230712:142813.266 End of process_value():SUCCEED 9284:20230712:142813.267 In zbx_parse_eventlog_message6() EventRecordID:25591 9284:20230712:142813.268 In expand_message6() 9284:20230712:142813.269 End of expand_message6():svchost (12780,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 0000001F:0001:0000 - 0000001F:000C:0039 - 0000001F:000D:0000 - 0000001F:000D:0000 (00000000:0000:0000) cReInits = 3 Internal Timing Sequence: [1] 0.000824 +J(0) +M(C:0K, Fs:148, WS:568K # 568K, PF:2776K # 2776K, P:2776K) [2] 0.000465 +J(0) +M(C:8K, Fs:195, WS:772K # 772K, PF:1212K # 1212K, P:1212K) [3] 0.000019 +J(0) +M(C:0K, Fs:8, WS:28K # 28K, PF:68K # 68K, P:68K) [4] 0.000138 +J(0) +M(C:0K, Fs:76, WS:304K # 304K, PF:164K # 164K, P:164K) [5] 0.002520 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K) [6] 0.006191 +J(0) +M(C:0K, Fs:26, WS:104K # 104K, PF:12K # 12K, P:12K) [7] 0.003541 -0.000380 (2) WT +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:64K # 64K, P:64K) [8] 0.031165 -0.004223 (13) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:48672/33) +M(C:0K, Fs:164, WS:372K # 376K, PF:240K # 244K, P:240K) [9] 0.000787 +J(0) +M(C:0K, Fs:7, WS:28K # 24K, PF:0K # 0K, P:0K) [10] 0.000943 -0.000251 (1) WT +J(0) +M(C:0K, Fs:3, WS:-52K # 0K, PF:-4K # 0K, P:-4K) [11] 0.000022 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [12] 0.005539 -0.000303 (1) WT +J(0) +M(C:0K, Fs:12, WS:48K # 0K, PF:12K # 4K, P:12K) [13] 0.064144 -0.000329 (2) CM -0.006538 (30) WT +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:4729/4) +M(C:0K, Fs:96, WS:188K # 252K, PF:160K # 228K, P:160K) [14] 0.000021 +J(0) [15] 0.000011 +J(0) [16] 0.000731 -0.000065 (1) WT +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K). 9284:20230712:142813.270 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.270 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25591 value:'svchost (12780,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 0000001F:0001:0000 - 0000001F:000C:0039 - 0000001F:000D:0000 - 0000001F:000D:0000 (00000000:0000:0000) cReInits = 3 Internal Timing Sequence: [1] 0.000824 +J(0) +M(C:0K, Fs:148, WS:568K # 568K, PF:2776K # 2776K, P:2776K) [2] 0.000465 +J(0) +M(C:8K, Fs:195, WS:772K # 772K, PF:1212K # 1212K, P:1212K) [3] 0.000019 +J(0) +M(C:0K, Fs:8, WS:28K # 28K, PF:68K # 68K, P:68K) [4] 0.000138 +J(0) +M(C:0K, Fs:76, WS:304K # 304K, PF:164K # 164K, P:164K) [5] 0.002520 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K) [6] 0.006191 +J(0) +M(C:0K, Fs:26, WS:104K # 104K, PF:12K # 12K, P:12K) [7] 0.003541 -0.000380 (2) WT +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:64K # 64K, P:64K) [8] 0.031165 -0.004223 (13) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:48672/33) +M(C:0K, Fs:164, WS:372K # 376K, PF:240K # 244K, P:240K) [9] 0.000787 +J(0) +M(C:0K, Fs:7, WS:28K # 24K, PF:0K # 0K, P:0K) [10] 0.000943 -0.000251 (1) WT +J(0) +M(C:0K, Fs:3, WS:-52K # 0K, PF:-4K # 0K, P:-4K) [11] 0.000022 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [12] 0.005539 -0.000303 (1) WT +J(0) +M(C:0K, Fs:12, WS:48K # 0K, PF:12K # 4K, P:12K) [13] 0.064144 -0.000329 (2) CM -0.006538 (30) WT +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:4729/4) +M(C:0K, Fs:96, WS:188K # 252K, PF:160K # 228K, P:160K) [14] 0.000021 +J(0) [15] 0.000011 +J(0) [16] 0.000731 -0.000065 (1) WT +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).' 9284:20230712:142813.271 buffer: new element 13 9284:20230712:142813.272 End of process_value():SUCCEED 9284:20230712:142813.272 In zbx_parse_eventlog_message6() EventRecordID:25592 9284:20230712:142813.273 In expand_message6() 9284:20230712:142813.275 End of expand_message6():svchost (12780,D,50) DS_Token_DB: The database engine attached a database (1, C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000020:0001:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000004 +J(0) [2] 0.001089 -0.000214 (1) WT +J(0) +M(C:0K, Fs:17, WS:4K # 8K, PF:4K # 0K, P:4K) [3] 0.012499 -0.000954 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:11, WS:40K # 0K, PF:36K # 0K, P:36K) [4] 0.004390 +J(0) [5] - [6] - [7] - [8] 0.000579 -0.000308 (2) CM -0.000220 (2) WT +J(CM:2, PgRf:2, Rd:6/2, Dy:0/0, Lg:54/1) +M(C:16K, Fs:7, WS:28K # 4K, PF:36K # 8K, P:36K) [9] 0.001179 -0.000798 (5) CM -0.000624 (5) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:29, WS:104K # 104K, PF:200K # 208K, P:200K) [10] 0.000692 -0.000543 (3) CM -0.000453 (3) WT +J(CM:3, PgRf:40, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:68K # 60K, P:68K) [11] 0.000180 -0.000148 (1) CM -0.000114 (1) WT +J(CM:1, PgRf:1, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000252 -0.000161 (1) CM -0.000122 (1) WT +J(CM:1, PgRf:42, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [13] 0.000001 +J(0) [14] 0.0 +J(0) [15] 0.000226 -0.000201 (1) CM -0.000164 (1) WT +J(CM:1, PgRf:1, Rd:0/1, Dy:0/0, Lg:0/0). 9284:20230712:142813.275 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.276 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25592 value:'svchost (12780,D,50) DS_Token_DB: The database engine attached a database (1, C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000020:0001:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000004 +J(0) [2] 0.001089 -0.000214 (1) WT +J(0) +M(C:0K, Fs:17, WS:4K # 8K, PF:4K # 0K, P:4K) [3] 0.012499 -0.000954 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:11, WS:40K # 0K, PF:36K # 0K, P:36K) [4] 0.004390 +J(0) [5] - [6] - [7] - [8] 0.000579 -0.000308 (2) CM -0.000220 (2) WT +J(CM:2, PgRf:2, Rd:6/2, Dy:0/0, Lg:54/1) +M(C:16K, Fs:7, WS:28K # 4K, PF:36K # 8K, P:36K) [9] 0.001179 -0.000798 (5) CM -0.000624 (5) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:29, WS:104K # 104K, PF:200K # 208K, P:200K) [10] 0.000692 -0.000543 (3) CM -0.000453 (3) WT +J(CM:3, PgRf:40, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:68K # 60K, P:68K) [11] 0.000180 -0.000148 (1) CM -0.000114 (1) WT +J(CM:1, PgRf:1, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000252 -0.000161 (1) CM -0.000122 (1) WT +J(CM:1, PgRf:42, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [13] 0.000001 +J(0) [14] 0.0 +J(0) [15] 0.000226 -0.000201 (1) CM -0.000164 (1) WT +J(CM:1, PgRf:1, Rd:0/1, Dy:0/0, Lg:0/0).' 9284:20230712:142813.276 buffer: new element 14 9284:20230712:142813.277 End of process_value():SUCCEED 9284:20230712:142813.278 In zbx_parse_eventlog_message6() EventRecordID:25593 9284:20230712:142813.278 In expand_message6() 9284:20230712:142813.280 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142813.280 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.281 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25593 value:'Offline downlevel migration succeeded.' 9284:20230712:142813.282 buffer: new element 15 9284:20230712:142813.282 End of process_value():SUCCEED 9284:20230712:142813.283 In zbx_parse_eventlog_message6() EventRecordID:25594 9284:20230712:142813.283 In expand_message6() 9284:20230712:142813.285 End of expand_message6():Starting session 1 - ‎2022‎-‎09‎-‎02T07:14:01.122425600Z. 9284:20230712:142813.286 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.287 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25594 value:'Starting session 1 - ‎2022‎-‎09‎-‎02T07:14:01.122425600Z.' 9284:20230712:142813.287 buffer: new element 16 9284:20230712:142813.288 End of process_value():SUCCEED 9284:20230712:142813.288 In zbx_parse_eventlog_message6() EventRecordID:25595 9284:20230712:142813.289 In expand_message6() 9284:20230712:142813.291 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-09T07:14:40Z. Reason: RulesEngine. 9284:20230712:142813.291 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.292 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25595 value:'Successfully scheduled Software Protection service for re-start at 2122-08-09T07:14:40Z. Reason: RulesEngine.' 9284:20230712:142813.293 buffer: new element 17 9284:20230712:142813.293 End of process_value():SUCCEED 9284:20230712:142813.294 In zbx_parse_eventlog_message6() EventRecordID:25596 9284:20230712:142813.295 In expand_message6() 9284:20230712:142813.297 End of expand_message6():Ending session 1 started ‎2022‎-‎09‎-‎02T07:14:01.122425600Z. 9284:20230712:142813.297 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.298 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25596 value:'Ending session 1 started ‎2022‎-‎09‎-‎02T07:14:01.122425600Z.' 9284:20230712:142813.298 buffer: new element 18 9284:20230712:142813.299 End of process_value():SUCCEED 9284:20230712:142813.299 In zbx_parse_eventlog_message6() EventRecordID:25597 9284:20230712:142813.300 In expand_message6() 9284:20230712:142813.302 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142813.302 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.303 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25597 value:'Offline downlevel migration succeeded.' 9284:20230712:142813.304 buffer: new element 19 9284:20230712:142813.304 End of process_value():SUCCEED 9284:20230712:142813.305 In zbx_parse_eventlog_message6() EventRecordID:25598 9284:20230712:142813.305 In expand_message6() 9284:20230712:142813.307 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-09T07:55:27Z. Reason: RulesEngine. 9284:20230712:142813.308 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.308 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25598 value:'Successfully scheduled Software Protection service for re-start at 2122-08-09T07:55:27Z. Reason: RulesEngine.' 9284:20230712:142813.309 buffer: new element 20 9284:20230712:142813.310 End of process_value():SUCCEED 9284:20230712:142813.310 In zbx_parse_eventlog_message6() EventRecordID:25599 9284:20230712:142813.311 In expand_message6() 9284:20230712:142813.312 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142813.313 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.313 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25599 value:'Offline downlevel migration succeeded.' 9284:20230712:142813.314 buffer: new element 21 9284:20230712:142813.315 End of process_value():SUCCEED 9284:20230712:142813.315 In zbx_parse_eventlog_message6() EventRecordID:25600 9284:20230712:142813.316 In expand_message6() 9284:20230712:142813.317 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142813.318 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.318 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25600 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142813.319 buffer: new element 22 9284:20230712:142813.319 End of process_value():SUCCEED 9284:20230712:142813.320 In zbx_parse_eventlog_message6() EventRecordID:25601 9284:20230712:142813.321 In expand_message6() 9284:20230712:142813.322 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-09T09:00:39Z. Reason: RulesEngine. 9284:20230712:142813.323 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.324 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25601 value:'Successfully scheduled Software Protection service for re-start at 2122-08-09T09:00:39Z. Reason: RulesEngine.' 9284:20230712:142813.324 buffer: new element 23 9284:20230712:142813.325 End of process_value():SUCCEED 9284:20230712:142813.325 In zbx_parse_eventlog_message6() EventRecordID:25602 9284:20230712:142813.326 In expand_message6() 9284:20230712:142813.327 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142813.328 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.329 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25602 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142813.329 buffer: new element 24 9284:20230712:142813.330 End of process_value():SUCCEED 9284:20230712:142813.330 In zbx_parse_eventlog_message6() EventRecordID:25603 9284:20230712:142813.331 In expand_message6() 9284:20230712:142813.332 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142813.333 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.334 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25603 value:'Offline downlevel migration succeeded.' 9284:20230712:142813.334 buffer: new element 25 9284:20230712:142813.335 End of process_value():SUCCEED 9284:20230712:142813.335 In zbx_parse_eventlog_message6() EventRecordID:25604 9284:20230712:142813.336 In expand_message6() 9284:20230712:142813.338 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-09T09:56:05Z. Reason: RulesEngine. 9284:20230712:142813.338 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.339 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25604 value:'Successfully scheduled Software Protection service for re-start at 2122-08-09T09:56:05Z. Reason: RulesEngine.' 9284:20230712:142813.339 buffer: new element 26 9284:20230712:142813.340 End of process_value():SUCCEED 9284:20230712:142813.340 In zbx_parse_eventlog_message6() EventRecordID:25605 9284:20230712:142813.341 In expand_message6() 9284:20230712:142813.343 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142813.343 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.344 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25605 value:'Offline downlevel migration succeeded.' 9284:20230712:142813.344 buffer: new element 27 9284:20230712:142813.345 End of process_value():SUCCEED 9284:20230712:142813.345 In zbx_parse_eventlog_message6() EventRecordID:25606 9284:20230712:142813.346 In expand_message6() 9284:20230712:142813.348 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-09T10:22:43Z. Reason: RulesEngine. 9284:20230712:142813.348 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.349 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25606 value:'Successfully scheduled Software Protection service for re-start at 2122-08-09T10:22:43Z. Reason: RulesEngine.' 9284:20230712:142813.349 buffer: new element 28 9284:20230712:142813.350 End of process_value():SUCCEED 9284:20230712:142813.350 In zbx_parse_eventlog_message6() EventRecordID:25607 9284:20230712:142813.351 In expand_message6() 9284:20230712:142813.352 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142813.352 ====== Fatal information: ====== 9284:20230712:142813.353 Program counter: 0x67e2cf19 9284:20230712:142813.353 === Registers: === 9284:20230712:142813.354 r8 = 18 = 24 = 24 9284:20230712:142813.355 r9 = 0 = 0 = 0 9284:20230712:142813.355 r10 = 0 = 0 = 0 9284:20230712:142813.356 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142813.356 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142813.357 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142813.357 r14 = 0 = 0 = 0 9284:20230712:142813.358 r15 = 0 = 0 = 0 9284:20230712:142813.358 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142813.359 rsi = 385fc70 = 59112560 = 59112560 9284:20230712:142813.359 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142813.360 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142813.360 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142813.361 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142813.362 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142813.362 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142813.363 efl = 202 = 514 = 514 9284:20230712:142813.363 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142813.364 === Backtrace: === 2184:20230712:142813.436 In collect_perfstat() 2184:20230712:142813.439 End of collect_perfstat() 9284:20230712:142813.525 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142813.526 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142813.526 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142813.527 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142813.528 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142813.530 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142813.530 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142813.531 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142813.532 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142813.532 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142813.533 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142813.534 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142813.535 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142813.535 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142813.537 ================================ 9284:20230712:142813.537 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142813.538 End of expand_message6():(null) 9284:20230712:142813.538 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.539 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25607 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started' 9284:20230712:142813.539 buffer: new element 29 9284:20230712:142813.540 End of process_value():SUCCEED 9284:20230712:142813.540 In zbx_parse_eventlog_message6() EventRecordID:25608 9284:20230712:142813.541 In expand_message6() 9284:20230712:142813.541 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142813.542 ====== Fatal information: ====== 9284:20230712:142813.542 Program counter: 0x67e2cf19 9284:20230712:142813.543 === Registers: === 9284:20230712:142813.543 r8 = 18 = 24 = 24 9284:20230712:142813.544 r9 = 0 = 0 = 0 9284:20230712:142813.544 r10 = 0 = 0 = 0 9284:20230712:142813.545 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142813.545 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142813.546 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142813.546 r14 = 0 = 0 = 0 9284:20230712:142813.547 r15 = 0 = 0 = 0 9284:20230712:142813.547 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142813.548 rsi = 385e730 = 59107120 = 59107120 9284:20230712:142813.548 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142813.549 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142813.549 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142813.550 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142813.550 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142813.551 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142813.551 efl = 202 = 514 = 514 9284:20230712:142813.552 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142813.552 === Backtrace: === 9284:20230712:142813.695 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142813.696 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142813.696 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142813.697 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142813.698 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142813.700 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142813.701 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142813.702 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142813.703 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142813.703 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142813.704 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142813.705 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142813.706 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142813.707 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142813.708 ================================ 9284:20230712:142813.709 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142813.709 End of expand_message6():(null) 9284:20230712:142813.710 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.711 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25608 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142813.711 buffer: new element 30 9284:20230712:142813.712 End of process_value():SUCCEED 9284:20230712:142813.712 In zbx_parse_eventlog_message6() EventRecordID:25609 9284:20230712:142813.713 In expand_message6() 9284:20230712:142813.715 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142813.715 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.716 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25609 value:'Offline downlevel migration succeeded.' 9284:20230712:142813.717 buffer: new element 31 9284:20230712:142813.717 End of process_value():SUCCEED 9284:20230712:142813.718 In zbx_parse_eventlog_message6() EventRecordID:25610 9284:20230712:142813.718 In expand_message6() 9284:20230712:142813.720 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-09T11:02:59Z. Reason: RulesEngine. 9284:20230712:142813.721 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.721 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25610 value:'Successfully scheduled Software Protection service for re-start at 2122-08-09T11:02:59Z. Reason: RulesEngine.' 9284:20230712:142813.722 buffer: new element 32 9284:20230712:142813.722 End of process_value():SUCCEED 9284:20230712:142813.723 In zbx_parse_eventlog_message6() EventRecordID:25611 9284:20230712:142813.723 In expand_message6() 9284:20230712:142813.724 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142813.725 ====== Fatal information: ====== 9284:20230712:142813.725 Program counter: 0x67e2cf19 9284:20230712:142813.726 === Registers: === 9284:20230712:142813.727 r8 = 18 = 24 = 24 9284:20230712:142813.727 r9 = 0 = 0 = 0 9284:20230712:142813.728 r10 = 0 = 0 = 0 9284:20230712:142813.728 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142813.729 r12 = 38639b0 = 59128240 = 59128240 9284:20230712:142813.729 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142813.730 r14 = 0 = 0 = 0 9284:20230712:142813.731 r15 = 0 = 0 = 0 9284:20230712:142813.731 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142813.732 rsi = 385fc70 = 59112560 = 59112560 9284:20230712:142813.733 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142813.733 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142813.734 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142813.734 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142813.735 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142813.735 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142813.736 efl = 202 = 514 = 514 9284:20230712:142813.737 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142813.737 === Backtrace: === 9284:20230712:142813.881 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142813.882 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142813.883 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142813.884 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142813.885 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142813.887 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142813.888 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142813.889 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142813.890 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142813.891 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142813.892 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142813.893 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142813.894 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142813.894 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142813.896 ================================ 9284:20230712:142813.896 provider 'gupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142813.897 End of expand_message6():(null) 9284:20230712:142813.898 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.898 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25611 value:'The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142813.899 buffer: new element 33 9284:20230712:142813.900 End of process_value():SUCCEED 9284:20230712:142813.900 In zbx_parse_eventlog_message6() EventRecordID:25612 9284:20230712:142813.901 In expand_message6() 9284:20230712:142813.903 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142813.903 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.904 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25612 value:'Offline downlevel migration succeeded.' 9284:20230712:142813.905 buffer: new element 34 9284:20230712:142813.905 End of process_value():SUCCEED 9284:20230712:142813.906 In zbx_parse_eventlog_message6() EventRecordID:25613 9284:20230712:142813.907 In expand_message6() 9284:20230712:142813.908 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-09T11:45:54Z. Reason: RulesEngine. 9284:20230712:142813.909 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.910 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25613 value:'Successfully scheduled Software Protection service for re-start at 2122-08-09T11:45:54Z. Reason: RulesEngine.' 9284:20230712:142813.910 buffer: new element 35 9284:20230712:142813.911 End of process_value():SUCCEED 9284:20230712:142813.912 In zbx_parse_eventlog_message6() EventRecordID:25614 9284:20230712:142813.912 In expand_message6() 9284:20230712:142813.914 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142813.915 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.915 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25614 value:'Offline downlevel migration succeeded.' 9284:20230712:142813.916 buffer: new element 36 9284:20230712:142813.916 End of process_value():SUCCEED 9284:20230712:142813.917 In zbx_parse_eventlog_message6() EventRecordID:25615 9284:20230712:142813.918 In expand_message6() 9284:20230712:142813.919 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-09T11:55:29Z. Reason: RulesEngine. 9284:20230712:142813.920 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.920 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25615 value:'Successfully scheduled Software Protection service for re-start at 2122-08-09T11:55:29Z. Reason: RulesEngine.' 9284:20230712:142813.921 buffer: new element 37 9284:20230712:142813.921 End of process_value():SUCCEED 9284:20230712:142813.922 In zbx_parse_eventlog_message6() EventRecordID:25616 9284:20230712:142813.923 In expand_message6() 9284:20230712:142813.924 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142813.925 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.925 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25616 value:'Offline downlevel migration succeeded.' 9284:20230712:142813.926 buffer: new element 38 9284:20230712:142813.926 End of process_value():SUCCEED 9284:20230712:142813.927 In zbx_parse_eventlog_message6() EventRecordID:25617 9284:20230712:142813.927 In expand_message6() 9284:20230712:142813.929 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-09T12:00:36Z. Reason: RulesEngine. 9284:20230712:142813.930 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.930 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25617 value:'Successfully scheduled Software Protection service for re-start at 2122-08-09T12:00:36Z. Reason: RulesEngine.' 9284:20230712:142813.931 buffer: new element 39 9284:20230712:142813.931 End of process_value():SUCCEED 9284:20230712:142813.932 In zbx_parse_eventlog_message6() EventRecordID:25618 9284:20230712:142813.932 In expand_message6() 9284:20230712:142813.934 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142813.934 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.935 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25618 value:'Offline downlevel migration succeeded.' 9284:20230712:142813.936 buffer: new element 40 9284:20230712:142813.936 End of process_value():SUCCEED 9284:20230712:142813.937 In zbx_parse_eventlog_message6() EventRecordID:25619 9284:20230712:142813.937 In expand_message6() 9284:20230712:142813.939 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-09T13:31:28Z. Reason: RulesEngine. 9284:20230712:142813.939 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.940 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25619 value:'Successfully scheduled Software Protection service for re-start at 2122-08-09T13:31:28Z. Reason: RulesEngine.' 9284:20230712:142813.940 buffer: new element 41 9284:20230712:142813.941 End of process_value():SUCCEED 9284:20230712:142813.942 In zbx_parse_eventlog_message6() EventRecordID:25620 9284:20230712:142813.942 In expand_message6() 9284:20230712:142813.943 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142813.944 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.945 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25620 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142813.945 buffer: new element 42 9284:20230712:142813.946 End of process_value():SUCCEED 9284:20230712:142813.946 In zbx_parse_eventlog_message6() EventRecordID:25621 9284:20230712:142813.947 In expand_message6() 9284:20230712:142813.948 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142813.949 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.949 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25621 value:'Offline downlevel migration succeeded.' 9284:20230712:142813.950 buffer: new element 43 9284:20230712:142813.951 End of process_value():SUCCEED 9284:20230712:142813.951 In zbx_parse_eventlog_message6() EventRecordID:25622 9284:20230712:142813.952 In expand_message6() 9284:20230712:142813.953 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-09T14:27:09Z. Reason: RulesEngine. 9284:20230712:142813.954 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.954 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25622 value:'Successfully scheduled Software Protection service for re-start at 2122-08-09T14:27:09Z. Reason: RulesEngine.' 9284:20230712:142813.955 buffer: new element 44 9284:20230712:142813.956 End of process_value():SUCCEED 9284:20230712:142813.956 In zbx_parse_eventlog_message6() EventRecordID:25623 9284:20230712:142813.957 In expand_message6() 9284:20230712:142813.958 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142813.959 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.959 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25623 value:'Offline downlevel migration succeeded.' 9284:20230712:142813.960 buffer: new element 45 9284:20230712:142813.960 End of process_value():SUCCEED 9284:20230712:142813.961 In zbx_parse_eventlog_message6() EventRecordID:25624 9284:20230712:142813.962 In expand_message6() 9284:20230712:142813.963 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142813.964 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.964 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25624 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142813.965 buffer: new element 46 9284:20230712:142813.966 End of process_value():SUCCEED 9284:20230712:142813.966 In zbx_parse_eventlog_message6() EventRecordID:25625 9284:20230712:142813.967 In expand_message6() 9284:20230712:142813.968 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-09T14:51:19Z. Reason: RulesEngine. 9284:20230712:142813.969 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.970 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25625 value:'Successfully scheduled Software Protection service for re-start at 2122-08-09T14:51:19Z. Reason: RulesEngine.' 9284:20230712:142813.971 buffer: new element 47 9284:20230712:142813.971 End of process_value():SUCCEED 9284:20230712:142813.972 In zbx_parse_eventlog_message6() EventRecordID:25626 9284:20230712:142813.972 In expand_message6() 9284:20230712:142813.984 End of expand_message6():The following application attempted to veto the shutdown: VBoxSVC.exe. 9284:20230712:142813.985 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.986 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25626 value:'The following application attempted to veto the shutdown: VBoxSVC.exe.' 9284:20230712:142813.987 buffer: new element 48 9284:20230712:142813.987 End of process_value():SUCCEED 9284:20230712:142813.988 In zbx_parse_eventlog_message6() EventRecordID:25627 9284:20230712:142813.989 In expand_message6() 9284:20230712:142813.991 End of expand_message6():The following application attempted to veto the shutdown: VirtualBox.exe. 9284:20230712:142813.992 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142813.992 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25627 value:'The following application attempted to veto the shutdown: VirtualBox.exe.' 9284:20230712:142813.993 buffer: new element 49 9284:20230712:142813.993 In send_buffer() host:'192.168.56.201' port:10051 entries:50/100 9284:20230712:142813.994 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:60, connection timeout:3] 9284:20230712:142813.995 JSON before sending [{"request":"agent data","session":"4027be861358abcc6136983f1f36335c","data":[{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25578,"timestamp":1662098403,"source":"SecurityCenter","severity":1,"eventid":15,"id":601,"clock":1689161293,"ns":24053700},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-09T06:00:33Z. Reason: RulesEngine.","lastlogsize":25579,"timestamp":1662098433,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":602,"clock":1689161293,"ns":29664600},{"host":"Windows host","key":"eventlog[Application]","value":"The Open procedure for service \"ASP.NET\" in DLL \"C:\\Windows\\System32\\aspnet_counters.dll\" failed with error code The parameter is incorrect.. Performance data for this service will not be available.","lastlogsize":25580,"timestamp":1662098435,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":1008,"id":603,"clock":1689161293,"ns":35281800},{"host":"Windows host","key":"eventlog[Application]","value":"The Open procedure for service \"ASP.NET_4.0.30319\" in DLL \"C:\\Windows\\System32\\aspnet_counters.dll\" failed with error code The parameter is incorrect.. Performance data for this service will not be available.","lastlogsize":25581,"timestamp":1662098435,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":1008,"id":604,"clock":1689161293,"ns":41076000},{"host":"Windows host","key":"eventlog[Application]","value":"The Open procedure for service \"aspnet_state\" in DLL \"C:\\Windows\\System32\\aspnet_counters.dll\" failed with error code The parameter is incorrect.. Performance data for this service will not be available.","lastlogsize":25582,"timestamp":1662098436,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":1008,"id":605,"clock":1689161293,"ns":46708200},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25583,"timestamp":1662098440,"source":"SecurityCenter","severity":1,"eventid":15,"id":606,"clock":1689161293,"ns":52276300},{"host":"Windows host","key":"eventlog[Application]","value":"The configuration information of the performance library \"C:\\Windows\\System32\\perfts.dll\" for the \"TermService\" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.","lastlogsize":25584,"timestamp":1662098440,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":2003,"id":607,"clock":1689161293,"ns":58402800},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped.","lastlogsize":25585,"timestamp":1662098888,"source":"edgeupdate","severity":1,"id":608,"clock":1689161293,"ns":64009300},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25586,"timestamp":1662099107,"source":"gupdate","severity":1,"id":609,"clock":1689161293,"ns":245026000},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (12780,P,98) DS_Token_DB: The database engine (10.00.19044.0000) is starting a new instance (0).","lastlogsize":25587,"timestamp":1662102797,"source":"ESENT","severity":1,"eventid":102,"id":610,"clock":1689161293,"ns":250493700},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (12780,R,98) DS_Token_DB: The database engine is initiating recovery steps.","lastlogsize":25588,"timestamp":1662102797,"source":"ESENT","severity":1,"eventid":300,"id":611,"clock":1689161293,"ns":255762800},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (12780,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\\WINDOWS\\system32\\config\\systemprofile\\AppData\\Local\\DataSharing\\Storage\\DSS.log. \r\n \r\nProcessing Stats: \n[1] 0.017597 -0.003530 (9) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:48672/33) +M(C:0K, Fs:105, WS:212K # 164K, PF:148K # 84K, P:148K). \r\nLog record of type 'AttachDB ' was seen most frequently (3 times)","lastlogsize":25589,"timestamp":1662102797,"source":"ESENT","severity":1,"eventid":301,"id":612,"clock":1689161293,"ns":261014800},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (12780,U,98) DS_Token_DB: The database engine has successfully completed recovery steps.","lastlogsize":25590,"timestamp":1662102798,"source":"ESENT","severity":1,"eventid":302,"id":613,"clock":1689161293,"ns":266375000},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (12780,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) \r\n \r\nAdditional Data:\r\n lgposV2[] = 0000001F:0001:0000 - 0000001F:000C:0039 - 0000001F:000D:0000 - 0000001F:000D:0000 (00000000:0000:0000)\ncReInits = 3\n \r\n \r\nInternal Timing Sequence: \n[1] 0.000824 +J(0) +M(C:0K, Fs:148, WS:568K # 568K, PF:2776K # 2776K, P:2776K)\n[2] 0.000465 +J(0) +M(C:8K, Fs:195, WS:772K # 772K, PF:1212K # 1212K, P:1212K)\n[3] 0.000019 +J(0) +M(C:0K, Fs:8, WS:28K # 28K, PF:68K # 68K, P:68K)\n[4] 0.000138 +J(0) +M(C:0K, Fs:76, WS:304K # 304K, PF:164K # 164K, P:164K)\n[5] 0.002520 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K)\n[6] 0.006191 +J(0) +M(C:0K, Fs:26, WS:104K # 104K, PF:12K # 12K, P:12K)\n[7] 0.003541 -0.000380 (2) WT +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:64K # 64K, P:64K)\n[8] 0.031165 -0.004223 (13) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:48672/33) +M(C:0K, Fs:164, WS:372K # 376K, PF:240K # 244K, P:240K)\n[9] 0.000787 +J(0) +M(C:0K, Fs:7, WS:28K # 24K, PF:0K # 0K, P:0K)\n[10] 0.000943 -0.000251 (1) WT +J(0) +M(C:0K, Fs:3, WS:-52K # 0K, PF:-4K # 0K, P:-4K)\n[11] 0.000022 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[12] 0.005539 -0.000303 (1) WT +J(0) +M(C:0K, Fs:12, WS:48K # 0K, PF:12K # 4K, P:12K)\n[13] 0.064144 -0.000329 (2) CM -0.006538 (30) WT +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:4729/4) +M(C:0K, Fs:96, WS:188K # 252K, PF:160K # 228K, P:160K)\n[14] 0.000021 +J(0)\n[15] 0.000011 +J(0)\n[16] 0.000731 -0.000065 (1) WT +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).","lastlogsize":25591,"timestamp":1662102798,"source":"ESENT","severity":1,"eventid":105,"id":614,"clock":1689161293,"ns":271640800},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (12780,D,50) DS_Token_DB: The database engine attached a database (1, C:\\WINDOWS\\system32\\config\\systemprofile\\AppData\\Local\\DataSharing\\Storage\\DSTokenDB2.dat). (Time=0 seconds) \r\n \r\nSaved Cache: 1 0 \r\nAdditional Data: lgposAttach = 00000020:0001:0268,\ndbv = 1568.110.240 \r\n \r\nInternal Timing Sequence: \n[1] 0.000004 +J(0)\n[2] 0.001089 -0.000214 (1) WT +J(0) +M(C:0K, Fs:17, WS:4K # 8K, PF:4K # 0K, P:4K)\n[3] 0.012499 -0.000954 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:11, WS:40K # 0K, PF:36K # 0K, P:36K)\n[4] 0.004390 +J(0)\n[5] -\n[6] -\n[7] -\n[8] 0.000579 -0.000308 (2) CM -0.000220 (2) WT +J(CM:2, PgRf:2, Rd:6/2, Dy:0/0, Lg:54/1) +M(C:16K, Fs:7, WS:28K # 4K, PF:36K # 8K, P:36K)\n[9] 0.001179 -0.000798 (5) CM -0.000624 (5) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:29, WS:104K # 104K, PF:200K # 208K, P:200K)\n[10] 0.000692 -0.000543 (3) CM -0.000453 (3) WT +J(CM:3, PgRf:40, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:68K # 60K, P:68K)\n[11] 0.000180 -0.000148 (1) CM -0.000114 (1) WT +J(CM:1, PgRf:1, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K)\n[12] 0.000252 -0.000161 (1) CM -0.000122 (1) WT +J(CM:1, PgRf:42, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K)\n[13] 0.000001 +J(0)\n[14] 0.0 +J(0)\n[15] 0.000226 -0.000201 (1) CM -0.000164 (1) WT +J(CM:1, PgRf:1, Rd:0/1, Dy:0/0, Lg:0/0).","lastlogsize":25592,"timestamp":1662102798,"source":"ESENT","severity":1,"eventid":326,"id":615,"clock":1689161293,"ns":276973600},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25593,"timestamp":1662102800,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":616,"clock":1689161293,"ns":282204500},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 1 - ‎2022‎-‎09‎-‎02T07:14:01.122425600Z.","lastlogsize":25594,"timestamp":1662102841,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":617,"clock":1689161293,"ns":287735500},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-09T07:14:40Z. Reason: RulesEngine.","lastlogsize":25595,"timestamp":1662102880,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":618,"clock":1689161293,"ns":293327800},{"host":"Windows host","key":"eventlog[Application]","value":"Ending session 1 started ‎2022‎-‎09‎-‎02T07:14:01.122425600Z.","lastlogsize":25596,"timestamp":1662102988,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10001,"id":619,"clock":1689161293,"ns":298904100},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25597,"timestamp":1662105296,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":620,"clock":1689161293,"ns":304249000},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-09T07:55:27Z. Reason: RulesEngine.","lastlogsize":25598,"timestamp":1662105327,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":621,"clock":1689161293,"ns":309522700},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25599,"timestamp":1662109201,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":622,"clock":1689161293,"ns":314679800},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25600,"timestamp":1662109219,"source":"SecurityCenter","severity":1,"eventid":15,"id":623,"clock":1689161293,"ns":319428500},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-09T09:00:39Z. Reason: RulesEngine.","lastlogsize":25601,"timestamp":1662109239,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":624,"clock":1689161293,"ns":324717400},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":25602,"timestamp":1662112257,"source":"Outlook","severity":1,"eventid":63,"id":625,"clock":1689161293,"ns":329654800},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25603,"timestamp":1662112535,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":626,"clock":1689161293,"ns":334698800},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-09T09:56:05Z. Reason: RulesEngine.","lastlogsize":25604,"timestamp":1662112566,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":627,"clock":1689161293,"ns":339845300},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25605,"timestamp":1662114132,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":628,"clock":1689161293,"ns":344930900},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-09T10:22:43Z. Reason: RulesEngine.","lastlogsize":25606,"timestamp":1662114163,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":629,"clock":1689161293,"ns":349902900},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started","lastlogsize":25607,"timestamp":1662116380,"source":"dbupdate","severity":1,"id":630,"clock":1689161293,"ns":539788200},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25608,"timestamp":1662116380,"source":"dbupdate","severity":1,"id":631,"clock":1689161293,"ns":711790900},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25609,"timestamp":1662116548,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":632,"clock":1689161293,"ns":717181300},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-09T11:02:59Z. Reason: RulesEngine.","lastlogsize":25610,"timestamp":1662116579,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":633,"clock":1689161293,"ns":722352000},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25611,"timestamp":1662117071,"source":"gupdate","severity":1,"id":634,"clock":1689161293,"ns":899728700},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25612,"timestamp":1662119124,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":635,"clock":1689161293,"ns":905393900},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-09T11:45:54Z. Reason: RulesEngine.","lastlogsize":25613,"timestamp":1662119154,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":636,"clock":1689161293,"ns":910899800},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25614,"timestamp":1662119698,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":637,"clock":1689161293,"ns":916428800},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-09T11:55:29Z. Reason: RulesEngine.","lastlogsize":25615,"timestamp":1662119729,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":638,"clock":1689161293,"ns":921460400},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25616,"timestamp":1662120002,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":639,"clock":1689161293,"ns":926337300},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-09T12:00:36Z. Reason: RulesEngine.","lastlogsize":25617,"timestamp":1662120036,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":640,"clock":1689161293,"ns":931290500},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25618,"timestamp":1662125457,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":641,"clock":1689161293,"ns":936125000},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-09T13:31:28Z. Reason: RulesEngine.","lastlogsize":25619,"timestamp":1662125488,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":642,"clock":1689161293,"ns":941000000},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":25620,"timestamp":1662126661,"source":"Outlook","severity":1,"eventid":63,"id":643,"clock":1689161293,"ns":945709300},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25621,"timestamp":1662128799,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":644,"clock":1689161293,"ns":950598700},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-09T14:27:09Z. Reason: RulesEngine.","lastlogsize":25622,"timestamp":1662128830,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":645,"clock":1689161293,"ns":955539900},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25623,"timestamp":1662130246,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":646,"clock":1689161293,"ns":960461500},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25624,"timestamp":1662130253,"source":"SecurityCenter","severity":1,"eventid":15,"id":647,"clock":1689161293,"ns":965551700},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-09T14:51:19Z. Reason: RulesEngine.","lastlogsize":25625,"timestamp":1662130279,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":648,"clock":1689161293,"ns":971126500},{"host":"Windows host","key":"eventlog[Application]","value":"The following application attempted to veto the shutdown: VBoxSVC.exe.","lastlogsize":25626,"timestamp":1662130747,"source":"Microsoft-Windows-Winsrv","severity":1,"eventid":10001,"id":649,"clock":1689161293,"ns":987286000},{"host":"Windows host","key":"eventlog[Application]","value":"The following application attempted to veto the shutdown: VirtualBox.exe.","lastlogsize":25627,"timestamp":1662130747,"source":"Microsoft-Windows-Winsrv","severity":1,"eventid":10001,"id":650,"clock":1689161293,"ns":993482000}],"clock":1689161293,"ns":995270400}] 9284:20230712:142813.999 JSON back [{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.001022"}] 9284:20230712:142813.999 In check_response() response:'{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.001022"}' 9284:20230712:142814.000 info from server: 'processed: 50; failed: 0; total: 50; seconds spent: 0.001022' 9284:20230712:142814.001 End of check_response():SUCCEED 9284:20230712:142814.001 OK 9284:20230712:142814.002 End of send_buffer():SUCCEED 9284:20230712:142814.002 End of process_value():SUCCEED 9284:20230712:142814.003 In zbx_parse_eventlog_message6() EventRecordID:25628 9284:20230712:142814.004 In expand_message6() 9284:20230712:142814.005 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142814.005 ====== Fatal information: ====== 9284:20230712:142814.006 Program counter: 0x67e2cf19 9284:20230712:142814.007 === Registers: === 9284:20230712:142814.007 r8 = 18 = 24 = 24 9284:20230712:142814.008 r9 = 0 = 0 = 0 9284:20230712:142814.008 r10 = 0 = 0 = 0 9284:20230712:142814.009 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142814.009 r12 = 384fbb0 = 59046832 = 59046832 9284:20230712:142814.010 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142814.011 r14 = 0 = 0 = 0 9284:20230712:142814.011 r15 = 0 = 0 = 0 9284:20230712:142814.012 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142814.013 rsi = 385e870 = 59107440 = 59107440 9284:20230712:142814.013 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142814.014 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142814.014 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142814.015 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142814.015 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142814.016 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142814.016 efl = 202 = 514 = 514 9284:20230712:142814.017 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142814.018 === Backtrace: === 9284:20230712:142814.170 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142814.171 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142814.172 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142814.172 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142814.173 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142814.175 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142814.176 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142814.177 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142814.178 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142814.179 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142814.180 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142814.181 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142814.182 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142814.183 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142814.184 ================================ 9284:20230712:142814.185 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142814.186 End of expand_message6():(null) 9284:20230712:142814.186 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.187 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25628 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test ' 9284:20230712:142814.188 buffer: new element 0 9284:20230712:142814.188 End of process_value():SUCCEED 9284:20230712:142814.189 In zbx_parse_eventlog_message6() EventRecordID:25629 9284:20230712:142814.190 In expand_message6() 9284:20230712:142814.190 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142814.191 ====== Fatal information: ====== 9284:20230712:142814.192 Program counter: 0x67e2cf19 9284:20230712:142814.192 === Registers: === 9284:20230712:142814.193 r8 = 18 = 24 = 24 9284:20230712:142814.194 r9 = 0 = 0 = 0 9284:20230712:142814.194 r10 = 0 = 0 = 0 9284:20230712:142814.195 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142814.196 r12 = 384f3d0 = 59044816 = 59044816 9284:20230712:142814.197 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142814.198 r14 = 0 = 0 = 0 9284:20230712:142814.198 r15 = 0 = 0 = 0 9284:20230712:142814.199 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142814.200 rsi = 385fe50 = 59113040 = 59113040 9284:20230712:142814.201 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142814.202 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142814.203 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142814.203 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142814.204 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142814.205 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142814.206 efl = 202 = 514 = 514 9284:20230712:142814.206 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142814.207 === Backtrace: === 9284:20230712:142814.350 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142814.351 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142814.352 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142814.352 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142814.353 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142814.356 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142814.356 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142814.357 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142814.358 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142814.359 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142814.360 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142814.361 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142814.362 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142814.363 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142814.364 ================================ 9284:20230712:142814.365 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142814.366 End of expand_message6():(null) 9284:20230712:142814.366 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.367 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25629 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 ' 9284:20230712:142814.368 buffer: new element 1 9284:20230712:142814.368 End of process_value():SUCCEED 9284:20230712:142814.369 In zbx_parse_eventlog_message6() EventRecordID:25630 9284:20230712:142814.370 In expand_message6() 9284:20230712:142814.371 End of expand_message6():The winlogon notification subscriber was unavailable to handle a notification event. 9284:20230712:142814.372 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.372 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25630 value:'The winlogon notification subscriber was unavailable to handle a notification event.' 9284:20230712:142814.373 buffer: new element 2 9284:20230712:142814.374 End of process_value():SUCCEED 9284:20230712:142814.374 In zbx_parse_eventlog_message6() EventRecordID:25631 9284:20230712:142814.375 In expand_message6() 9284:20230712:142814.376 End of expand_message6():The winlogon notification subscriber was unavailable to handle a notification event. 9284:20230712:142814.377 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.378 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25631 value:'The winlogon notification subscriber was unavailable to handle a notification event.' 9284:20230712:142814.378 buffer: new element 3 9284:20230712:142814.379 End of process_value():SUCCEED 9284:20230712:142814.380 In zbx_parse_eventlog_message6() EventRecordID:25632 9284:20230712:142814.380 In expand_message6() 9284:20230712:142814.381 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142814.382 ====== Fatal information: ====== 9284:20230712:142814.382 Program counter: 0x67e2cf19 9284:20230712:142814.383 === Registers: === 9284:20230712:142814.384 r8 = 18 = 24 = 24 9284:20230712:142814.384 r9 = 0 = 0 = 0 9284:20230712:142814.385 r10 = 0 = 0 = 0 9284:20230712:142814.386 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142814.386 r12 = 384ebf0 = 59042800 = 59042800 9284:20230712:142814.387 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142814.388 r14 = 0 = 0 = 0 9284:20230712:142814.388 r15 = 0 = 0 = 0 9284:20230712:142814.389 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142814.390 rsi = 385f6d0 = 59111120 = 59111120 9284:20230712:142814.390 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142814.391 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142814.392 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142814.392 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142814.393 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142814.393 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142814.394 efl = 202 = 514 = 514 9284:20230712:142814.394 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142814.395 === Backtrace: === 2184:20230712:142814.440 In collect_perfstat() 2184:20230712:142814.443 End of collect_perfstat() 9284:20230712:142814.539 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142814.539 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142814.540 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142814.541 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142814.542 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142814.544 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142814.545 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142814.546 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142814.546 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142814.547 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142814.548 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142814.549 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142814.550 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142814.550 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142814.552 ================================ 9284:20230712:142814.552 provider 'BrService_4_3_4_610' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142814.553 End of expand_message6():(null) 9284:20230712:142814.553 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.554 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25632 value:'The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142814.555 buffer: new element 4 9284:20230712:142814.555 End of process_value():SUCCEED 9284:20230712:142814.556 In zbx_parse_eventlog_message6() EventRecordID:25633 9284:20230712:142814.556 In expand_message6() 9284:20230712:142814.557 End of expand_message6():Service has been successfully shut down. 9284:20230712:142814.558 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.559 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25633 value:'Service has been successfully shut down.' 9284:20230712:142814.559 buffer: new element 5 9284:20230712:142814.560 End of process_value():SUCCEED 9284:20230712:142814.560 In zbx_parse_eventlog_message6() EventRecordID:25634 9284:20230712:142814.561 In expand_message6() 9284:20230712:142814.562 End of expand_message6():Service has been successfully shut down. 9284:20230712:142814.563 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.563 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25634 value:'Service has been successfully shut down.' 9284:20230712:142814.564 buffer: new element 6 9284:20230712:142814.564 End of process_value():SUCCEED 9284:20230712:142814.565 In zbx_parse_eventlog_message6() EventRecordID:25635 9284:20230712:142814.565 In expand_message6() 9284:20230712:142814.567 End of expand_message6():Service has been successfully shut down. 9284:20230712:142814.567 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.568 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25635 value:'Service has been successfully shut down.' 9284:20230712:142814.568 buffer: new element 7 9284:20230712:142814.569 End of process_value():SUCCEED 9284:20230712:142814.569 In zbx_parse_eventlog_message6() EventRecordID:25636 9284:20230712:142814.570 In expand_message6() 9284:20230712:142814.571 End of expand_message6():Service stopped (0) 9284:20230712:142814.572 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.572 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25636 value:'Service stopped (0) ' 9284:20230712:142814.573 buffer: new element 8 9284:20230712:142814.573 End of process_value():SUCCEED 9284:20230712:142814.574 In zbx_parse_eventlog_message6() EventRecordID:25637 9284:20230712:142814.575 In expand_message6() 9284:20230712:142814.576 End of expand_message6():The Windows Security Center Service has stopped. 9284:20230712:142814.577 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.577 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25637 value:'The Windows Security Center Service has stopped.' 9284:20230712:142814.578 buffer: new element 9 9284:20230712:142814.578 End of process_value():SUCCEED 9284:20230712:142814.579 In zbx_parse_eventlog_message6() EventRecordID:25638 9284:20230712:142814.579 In expand_message6() 9284:20230712:142814.581 End of expand_message6():The User Profile Service has stopped. 9284:20230712:142814.581 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.582 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25638 value:'The User Profile Service has stopped. ' 9284:20230712:142814.582 buffer: new element 10 9284:20230712:142814.583 End of process_value():SUCCEED 9284:20230712:142814.584 In zbx_parse_eventlog_message6() EventRecordID:25639 9284:20230712:142814.584 In expand_message6() 9284:20230712:142814.585 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142814.585 ====== Fatal information: ====== 9284:20230712:142814.586 Program counter: 0x67e2cf19 9284:20230712:142814.586 === Registers: === 9284:20230712:142814.587 r8 = 18 = 24 = 24 9284:20230712:142814.588 r9 = 0 = 0 = 0 9284:20230712:142814.588 r10 = 0 = 0 = 0 9284:20230712:142814.589 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142814.589 r12 = 33f3720 = 54474528 = 54474528 9284:20230712:142814.590 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142814.590 r14 = 0 = 0 = 0 9284:20230712:142814.591 r15 = 0 = 0 = 0 9284:20230712:142814.591 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142814.592 rsi = 385f770 = 59111280 = 59111280 9284:20230712:142814.592 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142814.593 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142814.594 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142814.594 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142814.595 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142814.595 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142814.596 efl = 202 = 514 = 514 9284:20230712:142814.596 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142814.597 === Backtrace: === 9284:20230712:142814.739 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142814.740 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142814.741 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142814.741 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142814.742 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142814.744 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142814.745 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142814.746 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142814.747 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142814.748 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142814.749 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142814.750 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142814.750 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142814.751 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142814.752 ================================ 9284:20230712:142814.753 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142814.753 End of expand_message6():(null) 9284:20230712:142814.754 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.755 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25639 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed' 9284:20230712:142814.755 buffer: new element 11 9284:20230712:142814.756 End of process_value():SUCCEED 9284:20230712:142814.756 In zbx_parse_eventlog_message6() EventRecordID:25640 9284:20230712:142814.757 In expand_message6() 9284:20230712:142814.759 End of expand_message6():The User Profile Service has started successfully. 9284:20230712:142814.759 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.760 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25640 value:'The User Profile Service has started successfully. ' 9284:20230712:142814.760 buffer: new element 12 9284:20230712:142814.761 End of process_value():SUCCEED 9284:20230712:142814.762 In zbx_parse_eventlog_message6() EventRecordID:25641 9284:20230712:142814.762 In expand_message6() 9284:20230712:142814.764 End of expand_message6():Windows Management Instrumentation Service started sucessfully 9284:20230712:142814.764 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.765 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25641 value:'Windows Management Instrumentation Service started sucessfully' 9284:20230712:142814.766 buffer: new element 13 9284:20230712:142814.766 End of process_value():SUCCEED 9284:20230712:142814.767 In zbx_parse_eventlog_message6() EventRecordID:25642 9284:20230712:142814.767 In expand_message6() 9284:20230712:142814.768 End of expand_message6():Intel(R) Dynamic Application Loader Host Interface Service started. 9284:20230712:142814.769 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.770 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25642 value:'Intel(R) Dynamic Application Loader Host Interface Service started.' 9284:20230712:142814.770 buffer: new element 14 9284:20230712:142814.771 End of process_value():SUCCEED 9284:20230712:142814.771 In zbx_parse_eventlog_message6() EventRecordID:25643 9284:20230712:142814.772 In expand_message6() 9284:20230712:142814.773 End of expand_message6():Local Management Service started. 9284:20230712:142814.774 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.774 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25643 value:'Local Management Service started.' 9284:20230712:142814.775 buffer: new element 15 9284:20230712:142814.775 End of process_value():SUCCEED 9284:20230712:142814.776 In zbx_parse_eventlog_message6() EventRecordID:25644 9284:20230712:142814.777 In expand_message6() 9284:20230712:142814.778 End of expand_message6():Service started/resumed 9284:20230712:142814.778 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.779 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25644 value:'Service started/resumed' 9284:20230712:142814.779 buffer: new element 16 9284:20230712:142814.780 End of process_value():SUCCEED 9284:20230712:142814.781 In zbx_parse_eventlog_message6() EventRecordID:25645 9284:20230712:142814.781 In expand_message6() 9284:20230712:142814.783 End of expand_message6():Windows Management Instrumentation Service subsystems initialized successfully 9284:20230712:142814.783 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.784 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25645 value:'Windows Management Instrumentation Service subsystems initialized successfully' 9284:20230712:142814.785 buffer: new element 17 9284:20230712:142814.785 End of process_value():SUCCEED 9284:20230712:142814.786 In zbx_parse_eventlog_message6() EventRecordID:25646 9284:20230712:142814.786 In expand_message6() 9284:20230712:142814.788 End of expand_message6():Service started successfully. 9284:20230712:142814.789 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.789 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25646 value:'Service started successfully.' 9284:20230712:142814.790 buffer: new element 18 9284:20230712:142814.790 End of process_value():SUCCEED 9284:20230712:142814.791 In zbx_parse_eventlog_message6() EventRecordID:25647 9284:20230712:142814.792 In expand_message6() 9284:20230712:142814.793 End of expand_message6():Service started (1.0.24.0). 9284:20230712:142814.794 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.794 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25647 value:'Service started (1.0.24.0).' 9284:20230712:142814.795 buffer: new element 19 9284:20230712:142814.795 End of process_value():SUCCEED 9284:20230712:142814.796 In zbx_parse_eventlog_message6() EventRecordID:25648 9284:20230712:142814.797 In expand_message6() 9284:20230712:142814.798 End of expand_message6():Pipe server thread started. 9284:20230712:142814.798 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.799 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25648 value:'Pipe server thread started.' 9284:20230712:142814.800 buffer: new element 20 9284:20230712:142814.800 End of process_value():SUCCEED 9284:20230712:142814.801 In zbx_parse_eventlog_message6() EventRecordID:25649 9284:20230712:142814.801 In expand_message6() 9284:20230712:142814.803 End of expand_message6():Service initializing 9284:20230712:142814.803 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.804 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25649 value:'Service initializing' 9284:20230712:142814.804 buffer: new element 21 9284:20230712:142814.805 End of process_value():SUCCEED 9284:20230712:142814.806 In zbx_parse_eventlog_message6() EventRecordID:25650 9284:20230712:142814.806 In expand_message6() 9284:20230712:142814.808 End of expand_message6():Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying... 9284:20230712:142814.808 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.809 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25650 value:'Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...' 9284:20230712:142814.809 buffer: new element 22 9284:20230712:142814.810 End of process_value():SUCCEED 9284:20230712:142814.811 In zbx_parse_eventlog_message6() EventRecordID:25651 9284:20230712:142814.811 In expand_message6() 9284:20230712:142814.812 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142814.812 ====== Fatal information: ====== 9284:20230712:142814.813 Program counter: 0x67e2cf19 9284:20230712:142814.813 === Registers: === 9284:20230712:142814.814 r8 = 18 = 24 = 24 9284:20230712:142814.814 r9 = 0 = 0 = 0 9284:20230712:142814.815 r10 = 0 = 0 = 0 9284:20230712:142814.815 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142814.816 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142814.816 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142814.817 r14 = 0 = 0 = 0 9284:20230712:142814.817 r15 = 0 = 0 = 0 9284:20230712:142814.818 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142814.818 rsi = 385fbd0 = 59112400 = 59112400 9284:20230712:142814.819 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142814.819 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142814.820 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142814.820 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142814.821 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142814.821 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142814.822 efl = 202 = 514 = 514 9284:20230712:142814.822 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142814.823 === Backtrace: === 9284:20230712:142814.965 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142814.966 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142814.966 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142814.967 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142814.968 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142814.970 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142814.971 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142814.971 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142814.972 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142814.973 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142814.974 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142814.975 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142814.975 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142814.976 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142814.977 ================================ 9284:20230712:142814.978 provider 'AdobeARMservice' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142814.978 End of expand_message6():(null) 9284:20230712:142814.979 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142814.979 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25651 value:'The description for Event ID:0 in Source:'AdobeARMservice' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started' 9284:20230712:142814.980 buffer: new element 23 9284:20230712:142814.981 End of process_value():SUCCEED 9284:20230712:142814.981 In zbx_parse_eventlog_message6() EventRecordID:25652 9284:20230712:142814.982 In expand_message6() 9284:20230712:142814.982 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142814.983 ====== Fatal information: ====== 9284:20230712:142814.983 Program counter: 0x67e2cf19 9284:20230712:142814.984 === Registers: === 9284:20230712:142814.984 r8 = 18 = 24 = 24 9284:20230712:142814.985 r9 = 0 = 0 = 0 9284:20230712:142814.986 r10 = 0 = 0 = 0 9284:20230712:142814.986 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142814.987 r12 = 678950 = 6785360 = 6785360 9284:20230712:142814.987 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142814.988 r14 = 0 = 0 = 0 9284:20230712:142814.988 r15 = 0 = 0 = 0 9284:20230712:142814.989 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142814.989 rsi = 385e910 = 59107600 = 59107600 9284:20230712:142814.990 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142814.990 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142814.991 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142814.991 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142814.992 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142814.992 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142814.993 efl = 202 = 514 = 514 9284:20230712:142814.993 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142814.994 === Backtrace: === 9284:20230712:142815.143 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142815.144 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142815.145 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142815.146 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142815.146 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142815.149 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142815.149 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142815.150 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142815.151 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142815.152 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142815.153 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142815.153 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142815.154 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142815.155 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142815.160 ================================ 9284:20230712:142815.160 provider 'LanWlanSwitchingService' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142815.161 End of expand_message6():(null) 9284:20230712:142815.161 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142815.162 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25652 value:'The description for Event ID:0 in Source:'LanWlanSwitchingService' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: LanWlanSwitchingService; LAN/WLAN | LAN/WWAN Switching Service in OnStart' 9284:20230712:142815.163 buffer: new element 24 9284:20230712:142815.163 End of process_value():SUCCEED 9284:20230712:142815.164 In zbx_parse_eventlog_message6() EventRecordID:25653 9284:20230712:142815.164 In expand_message6() 9284:20230712:142815.166 End of expand_message6():Service initialized 9284:20230712:142815.166 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142815.167 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25653 value:'Service initialized' 9284:20230712:142815.167 buffer: new element 25 9284:20230712:142815.168 End of process_value():SUCCEED 9284:20230712:142815.168 In zbx_parse_eventlog_message6() EventRecordID:25654 9284:20230712:142815.169 In expand_message6() 9284:20230712:142815.170 End of expand_message6():Service started 9284:20230712:142815.171 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142815.171 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25654 value:'Service started ' 9284:20230712:142815.172 buffer: new element 26 9284:20230712:142815.173 End of process_value():SUCCEED 9284:20230712:142815.173 In zbx_parse_eventlog_message6() EventRecordID:25655 9284:20230712:142815.174 In expand_message6() 9284:20230712:142815.175 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142815.175 ====== Fatal information: ====== 9284:20230712:142815.176 Program counter: 0x67e2cf19 9284:20230712:142815.176 === Registers: === 9284:20230712:142815.177 r8 = 18 = 24 = 24 9284:20230712:142815.178 r9 = 0 = 0 = 0 9284:20230712:142815.178 r10 = 0 = 0 = 0 9284:20230712:142815.179 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142815.180 r12 = 384f670 = 59045488 = 59045488 9284:20230712:142815.180 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142815.181 r14 = 0 = 0 = 0 9284:20230712:142815.182 r15 = 0 = 0 = 0 9284:20230712:142815.183 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142815.183 rsi = 385e0f0 = 59105520 = 59105520 9284:20230712:142815.184 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142815.184 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142815.185 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142815.186 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142815.186 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142815.187 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142815.187 efl = 202 = 514 = 514 9284:20230712:142815.188 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142815.189 === Backtrace: === 9284:20230712:142815.355 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142815.355 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142815.356 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142815.357 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142815.357 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142815.360 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142815.361 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142815.361 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142815.362 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142815.363 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142815.364 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142815.365 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142815.366 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142815.367 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142815.368 ================================ 9284:20230712:142815.369 provider 'hpqcaslwmiex' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142815.369 End of expand_message6():(null) 9284:20230712:142815.370 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142815.371 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25655 value:'The description for Event ID:0 in Source:'hpqcaslwmiex' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed' 9284:20230712:142815.372 buffer: new element 27 9284:20230712:142815.372 End of process_value():SUCCEED 9284:20230712:142815.373 In zbx_parse_eventlog_message6() EventRecordID:25656 9284:20230712:142815.374 In expand_message6() 9284:20230712:142815.375 End of expand_message6():Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying... 9284:20230712:142815.376 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142815.376 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25656 value:'Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...' 9284:20230712:142815.377 buffer: new element 28 9284:20230712:142815.378 End of process_value():SUCCEED 9284:20230712:142815.378 In zbx_parse_eventlog_message6() EventRecordID:25657 9284:20230712:142815.379 In expand_message6() 9284:20230712:142815.380 End of expand_message6():The winlogon notification subscriber was unavailable to handle a critical notification event. 9284:20230712:142815.381 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142815.382 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25657 value:'The winlogon notification subscriber was unavailable to handle a critical notification event.' 9284:20230712:142815.382 buffer: new element 29 9284:20230712:142815.383 End of process_value():SUCCEED 9284:20230712:142815.383 In zbx_parse_eventlog_message6() EventRecordID:25658 9284:20230712:142815.384 In expand_message6() 9284:20230712:142815.385 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142815.386 ====== Fatal information: ====== 9284:20230712:142815.386 Program counter: 0x67e2cf19 9284:20230712:142815.387 === Registers: === 9284:20230712:142815.387 r8 = 18 = 24 = 24 9284:20230712:142815.388 r9 = 0 = 0 = 0 9284:20230712:142815.389 r10 = 0 = 0 = 0 9284:20230712:142815.390 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142815.390 r12 = 63d4e0 = 6542560 = 6542560 9284:20230712:142815.391 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142815.392 r14 = 0 = 0 = 0 9284:20230712:142815.392 r15 = 0 = 0 = 0 9284:20230712:142815.393 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142815.393 rsi = 385e2d0 = 59106000 = 59106000 9284:20230712:142815.394 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142815.395 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142815.395 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142815.396 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142815.396 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142815.397 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142815.398 efl = 202 = 514 = 514 9284:20230712:142815.398 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142815.399 === Backtrace: === 2184:20230712:142815.444 In collect_perfstat() 2184:20230712:142815.447 End of collect_perfstat() 9284:20230712:142815.543 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142815.544 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142815.545 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142815.545 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142815.546 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142815.549 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142815.549 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142815.550 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142815.551 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142815.552 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142815.553 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142815.554 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142815.554 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142815.555 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142815.557 ================================ 9284:20230712:142815.557 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142815.558 End of expand_message6():(null) 9284:20230712:142815.559 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142815.559 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25658 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 ' 9284:20230712:142815.560 buffer: new element 30 9284:20230712:142815.561 End of process_value():SUCCEED 9284:20230712:142815.561 In zbx_parse_eventlog_message6() EventRecordID:25659 9284:20230712:142815.562 In expand_message6() 9284:20230712:142815.562 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142815.563 ====== Fatal information: ====== 9284:20230712:142815.564 Program counter: 0x67e2cf19 9284:20230712:142815.564 === Registers: === 9284:20230712:142815.565 r8 = 18 = 24 = 24 9284:20230712:142815.565 r9 = 0 = 0 = 0 9284:20230712:142815.566 r10 = 0 = 0 = 0 9284:20230712:142815.567 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142815.567 r12 = 384fc90 = 59047056 = 59047056 9284:20230712:142815.568 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142815.568 r14 = 0 = 0 = 0 9284:20230712:142815.569 r15 = 0 = 0 = 0 9284:20230712:142815.570 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142815.570 rsi = 385e370 = 59106160 = 59106160 9284:20230712:142815.571 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142815.571 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142815.572 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142815.572 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142815.573 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142815.573 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142815.574 efl = 202 = 514 = 514 9284:20230712:142815.574 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142815.575 === Backtrace: === 19844:20230712:142815.618 Requested [system.sw.os.get] 19844:20230712:142815.619 [MPLOG] in system_sw_os_get() 19844:20230712:142815.620 [MPLOG] end system_sw_os_get() 19844:20230712:142815.621 Sending back [{"os_type":"windows","product_name":"Windows 10 Pro","architecture":"x86_64","build_number":"19045","build_revision":"3086","build":"19045.3086","edition":"Professional","composition":"Enterprise","display_version":"22H2","version":"6.3","version_pretty":"Windows 10 Pro Build 19045.3086","version_full":"Windows 10 Pro 19041.1.amd64fre.vb_release.191206-1406 Build 19045.3086"}] 9284:20230712:142815.718 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142815.719 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142815.719 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142815.720 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142815.721 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142815.723 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142815.724 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142815.725 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142815.726 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142815.727 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142815.728 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142815.729 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142815.730 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142815.730 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142815.736 ================================ 9284:20230712:142815.736 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142815.737 End of expand_message6():(null) 9284:20230712:142815.738 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142815.738 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25659 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 ' 9284:20230712:142815.739 buffer: new element 31 9284:20230712:142815.740 End of process_value():SUCCEED 9284:20230712:142815.740 In zbx_parse_eventlog_message6() EventRecordID:25660 9284:20230712:142815.741 In expand_message6() 9284:20230712:142815.743 End of expand_message6():The winlogon notification subscriber was unavailable to handle a notification event. 9284:20230712:142815.743 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142815.744 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25660 value:'The winlogon notification subscriber was unavailable to handle a notification event.' 9284:20230712:142815.745 buffer: new element 32 9284:20230712:142815.745 End of process_value():SUCCEED 9284:20230712:142815.746 In zbx_parse_eventlog_message6() EventRecordID:25661 9284:20230712:142815.747 In expand_message6() 9284:20230712:142815.747 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142815.748 ====== Fatal information: ====== 9284:20230712:142815.749 Program counter: 0x67e2cf19 9284:20230712:142815.749 === Registers: === 9284:20230712:142815.750 r8 = 18 = 24 = 24 9284:20230712:142815.751 r9 = 0 = 0 = 0 9284:20230712:142815.752 r10 = 0 = 0 = 0 9284:20230712:142815.752 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142815.753 r12 = 63c2e0 = 6537952 = 6537952 9284:20230712:142815.754 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142815.755 r14 = 0 = 0 = 0 9284:20230712:142815.755 r15 = 0 = 0 = 0 9284:20230712:142815.756 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142815.757 rsi = 385f950 = 59111760 = 59111760 9284:20230712:142815.758 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142815.758 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142815.759 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142815.760 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142815.760 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142815.761 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142815.762 efl = 202 = 514 = 514 9284:20230712:142815.762 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142815.763 === Backtrace: === 9284:20230712:142815.923 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142815.924 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142815.925 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142815.926 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142815.926 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142815.929 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142815.930 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142815.931 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142815.932 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142815.933 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142815.933 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142815.935 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142815.935 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142815.936 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142815.941 ================================ 9284:20230712:142815.941 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142815.942 End of expand_message6():(null) 9284:20230712:142815.943 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142815.944 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25661 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 ' 9284:20230712:142815.944 buffer: new element 33 9284:20230712:142815.945 End of process_value():SUCCEED 9284:20230712:142815.946 In zbx_parse_eventlog_message6() EventRecordID:25662 9284:20230712:142815.946 In expand_message6() 9284:20230712:142815.947 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142815.948 ====== Fatal information: ====== 9284:20230712:142815.948 Program counter: 0x67e2cf19 9284:20230712:142815.949 === Registers: === 9284:20230712:142815.950 r8 = 18 = 24 = 24 9284:20230712:142815.950 r9 = 0 = 0 = 0 9284:20230712:142815.951 r10 = 0 = 0 = 0 9284:20230712:142815.952 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142815.952 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142815.953 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142815.954 r14 = 0 = 0 = 0 9284:20230712:142815.954 r15 = 0 = 0 = 0 9284:20230712:142815.955 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142815.956 rsi = 385ee10 = 59108880 = 59108880 9284:20230712:142815.956 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142815.957 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142815.957 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142815.958 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142815.959 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142815.959 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142815.960 efl = 202 = 514 = 514 9284:20230712:142815.961 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142815.961 === Backtrace: === 9284:20230712:142816.122 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142816.123 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142816.123 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142816.124 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142816.125 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142816.127 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142816.128 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142816.129 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142816.130 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142816.131 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142816.132 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142816.133 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142816.134 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142816.135 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142816.136 ================================ 9284:20230712:142816.137 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142816.138 End of expand_message6():(null) 9284:20230712:142816.138 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.139 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25662 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started' 9284:20230712:142816.140 buffer: new element 34 9284:20230712:142816.140 End of process_value():SUCCEED 9284:20230712:142816.141 In zbx_parse_eventlog_message6() EventRecordID:25663 9284:20230712:142816.142 In expand_message6() 9284:20230712:142816.143 End of expand_message6():SearchIndexer (8540,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0). 9284:20230712:142816.144 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.144 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25663 value:'SearchIndexer (8540,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0).' 9284:20230712:142816.145 buffer: new element 35 9284:20230712:142816.146 End of process_value():SUCCEED 9284:20230712:142816.146 In zbx_parse_eventlog_message6() EventRecordID:25664 9284:20230712:142816.147 In expand_message6() 9284:20230712:142816.148 End of expand_message6():SearchIndexer (8540,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.001503 +J(0) +M(C:0K, Fs:323, WS:1260K # 1260K, PF:5412K # 5412K, P:5412K) [2] 0.000275 +J(0) +M(C:0K, Fs:125, WS:500K # 500K, PF:444K # 444K, P:444K) [3] 0.000765 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K) [4] 0.000107 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:348K # 348K, P:348K) [5] 0.001342 +J(0) +M(C:0K, Fs:11, WS:44K # 44K, PF:20K # 20K, P:20K) [6] 0.004571 +J(0) +M(C:0K, Fs:26, WS:100K # 100K, PF:28K # 28K, P:28K) [7] 0.004790 -0.002077 (2) WT +J(0) +M(C:0K, Fs:270, WS:1080K # 1080K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.010844 -0.000177 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1020K # 12K, P:-1020K) [14] 0.000020 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [15] 0.000086 +J(0) +M(C:0K, Fs:65, WS:260K # 0K, PF:64K # 0K, P:64K) [16] 0.000192 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K). 9284:20230712:142816.149 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.149 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25664 value:'SearchIndexer (8540,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.001503 +J(0) +M(C:0K, Fs:323, WS:1260K # 1260K, PF:5412K # 5412K, P:5412K) [2] 0.000275 +J(0) +M(C:0K, Fs:125, WS:500K # 500K, PF:444K # 444K, P:444K) [3] 0.000765 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K) [4] 0.000107 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:348K # 348K, P:348K) [5] 0.001342 +J(0) +M(C:0K, Fs:11, WS:44K # 44K, PF:20K # 20K, P:20K) [6] 0.004571 +J(0) +M(C:0K, Fs:26, WS:100K # 100K, PF:28K # 28K, P:28K) [7] 0.004790 -0.002077 (2) WT +J(0) +M(C:0K, Fs:270, WS:1080K # 1080K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.010844 -0.000177 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1020K # 12K, P:-1020K) [14] 0.000020 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [15] 0.000086 +J(0) +M(C:0K, Fs:65, WS:260K # 0K, PF:64K # 0K, P:64K) [16] 0.000192 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).' 9284:20230712:142816.150 buffer: new element 36 9284:20230712:142816.150 End of process_value():SUCCEED 9284:20230712:142816.151 In zbx_parse_eventlog_message6() EventRecordID:25665 9284:20230712:142816.152 In expand_message6() 9284:20230712:142816.153 End of expand_message6():SearchIndexer (8540,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000BC4:006E:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000004 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [2] 0.001121 -0.000320 (1) WT +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.004695 -0.000958 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:39, WS:124K # 0K, PF:136K # 0K, P:136K) [4] 0.000189 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] - [8] 0.001233 -0.000820 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:57, WS:220K # 0K, PF:712K # 0K, P:712K) [9] 0.017432 -0.000232 (5) CM -0.016930 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:97, WS:380K # 88K, PF:408K # 332K, P:408K) [10] 0.000192 -0.000092 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 40K, PF:96K # 96K, P:96K) [11] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000046 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K) [13] 0.000001 +J(0) [14] 0.0 +J(0) [15] 0.000006 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0). 9284:20230712:142816.154 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.154 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25665 value:'SearchIndexer (8540,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000BC4:006E:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000004 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [2] 0.001121 -0.000320 (1) WT +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.004695 -0.000958 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:39, WS:124K # 0K, PF:136K # 0K, P:136K) [4] 0.000189 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] - [8] 0.001233 -0.000820 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:57, WS:220K # 0K, PF:712K # 0K, P:712K) [9] 0.017432 -0.000232 (5) CM -0.016930 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:97, WS:380K # 88K, PF:408K # 332K, P:408K) [10] 0.000192 -0.000092 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 40K, PF:96K # 96K, P:96K) [11] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000046 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K) [13] 0.000001 +J(0) [14] 0.0 +J(0) [15] 0.000006 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).' 9284:20230712:142816.155 buffer: new element 37 9284:20230712:142816.155 End of process_value():SUCCEED 9284:20230712:142816.156 In zbx_parse_eventlog_message6() EventRecordID:25666 9284:20230712:142816.157 In expand_message6() 9284:20230712:142816.158 End of expand_message6():The Windows Search Service started. 9284:20230712:142816.159 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.159 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25666 value:'The Windows Search Service started. ' 9284:20230712:142816.160 buffer: new element 38 9284:20230712:142816.160 End of process_value():SUCCEED 9284:20230712:142816.161 In zbx_parse_eventlog_message6() EventRecordID:25667 9284:20230712:142816.162 In expand_message6() 9284:20230712:142816.162 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142816.163 ====== Fatal information: ====== 9284:20230712:142816.163 Program counter: 0x67e2cf19 9284:20230712:142816.164 === Registers: === 9284:20230712:142816.164 r8 = 18 = 24 = 24 9284:20230712:142816.165 r9 = 0 = 0 = 0 9284:20230712:142816.165 r10 = 0 = 0 = 0 9284:20230712:142816.166 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142816.167 r12 = 6af650 = 7009872 = 7009872 9284:20230712:142816.167 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142816.168 r14 = 0 = 0 = 0 9284:20230712:142816.168 r15 = 0 = 0 = 0 9284:20230712:142816.169 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142816.169 rsi = 385f130 = 59109680 = 59109680 9284:20230712:142816.170 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142816.170 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142816.171 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142816.171 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142816.172 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142816.173 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142816.173 efl = 202 = 514 = 514 9284:20230712:142816.174 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142816.174 === Backtrace: === 9284:20230712:142816.318 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142816.318 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142816.319 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142816.320 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142816.321 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142816.323 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142816.324 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142816.324 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142816.325 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142816.326 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142816.327 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142816.328 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142816.329 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142816.329 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142816.331 ================================ 9284:20230712:142816.332 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142816.332 End of expand_message6():(null) 9284:20230712:142816.333 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.333 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25667 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142816.334 buffer: new element 39 9284:20230712:142816.335 End of process_value():SUCCEED 9284:20230712:142816.335 In zbx_parse_eventlog_message6() EventRecordID:25668 9284:20230712:142816.336 In expand_message6() 9284:20230712:142816.336 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142816.337 ====== Fatal information: ====== 9284:20230712:142816.338 Program counter: 0x67e2cf19 9284:20230712:142816.338 === Registers: === 9284:20230712:142816.339 r8 = 18 = 24 = 24 9284:20230712:142816.339 r9 = 0 = 0 = 0 9284:20230712:142816.340 r10 = 0 = 0 = 0 9284:20230712:142816.341 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142816.341 r12 = 33f5070 = 54481008 = 54481008 9284:20230712:142816.342 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142816.342 r14 = 0 = 0 = 0 9284:20230712:142816.343 r15 = 0 = 0 = 0 9284:20230712:142816.343 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142816.344 rsi = 385e690 = 59106960 = 59106960 9284:20230712:142816.345 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142816.345 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142816.346 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142816.346 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142816.347 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142816.347 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142816.348 efl = 202 = 514 = 514 9284:20230712:142816.349 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142816.349 === Backtrace: === 2184:20230712:142816.449 In collect_perfstat() 2184:20230712:142816.452 End of collect_perfstat() 9284:20230712:142816.493 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142816.494 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142816.495 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142816.495 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142816.496 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142816.499 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142816.499 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142816.500 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142816.501 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142816.502 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142816.503 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142816.504 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142816.505 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142816.506 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142816.508 ================================ 9284:20230712:142816.509 provider 'BrService_4_3_4_610' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142816.509 End of expand_message6():(null) 9284:20230712:142816.510 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.511 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25668 value:'The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed' 9284:20230712:142816.511 buffer: new element 40 9284:20230712:142816.512 End of process_value():SUCCEED 9284:20230712:142816.513 In zbx_parse_eventlog_message6() EventRecordID:25669 9284:20230712:142816.513 In expand_message6() 9284:20230712:142816.515 End of expand_message6():The Software Protection service is starting. Parameters:TriggerStarted:6 9284:20230712:142816.516 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.516 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25669 value:'The Software Protection service is starting. Parameters:TriggerStarted:6' 9284:20230712:142816.517 buffer: new element 41 9284:20230712:142816.518 End of process_value():SUCCEED 9284:20230712:142816.518 In zbx_parse_eventlog_message6() EventRecordID:25670 9284:20230712:142816.519 In expand_message6() 9284:20230712:142816.521 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142816.521 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.522 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25670 value:'Offline downlevel migration succeeded.' 9284:20230712:142816.523 buffer: new element 42 9284:20230712:142816.523 End of process_value():SUCCEED 9284:20230712:142816.524 In zbx_parse_eventlog_message6() EventRecordID:25671 9284:20230712:142816.525 In expand_message6() 9284:20230712:142816.526 End of expand_message6():Initialization status for service objects. C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 9284:20230712:142816.527 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.528 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25671 value:'Initialization status for service objects. C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 ' 9284:20230712:142816.528 buffer: new element 43 9284:20230712:142816.529 End of process_value():SUCCEED 9284:20230712:142816.530 In zbx_parse_eventlog_message6() EventRecordID:25672 9284:20230712:142816.530 In expand_message6() 9284:20230712:142816.532 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142816.533 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.534 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25672 value:'The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142816.534 buffer: new element 44 9284:20230712:142816.535 End of process_value():SUCCEED 9284:20230712:142816.536 In zbx_parse_eventlog_message6() EventRecordID:25673 9284:20230712:142816.536 In expand_message6() 9284:20230712:142816.538 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip. 9284:20230712:142816.539 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.539 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25673 value:'Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.' 9284:20230712:142816.540 buffer: new element 45 9284:20230712:142816.540 End of process_value():SUCCEED 9284:20230712:142816.541 In zbx_parse_eventlog_message6() EventRecordID:25674 9284:20230712:142816.541 In expand_message6() 9284:20230712:142816.543 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip. 9284:20230712:142816.543 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.544 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25674 value:'Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.' 9284:20230712:142816.545 buffer: new element 46 9284:20230712:142816.545 End of process_value():SUCCEED 9284:20230712:142816.546 In zbx_parse_eventlog_message6() EventRecordID:25675 9284:20230712:142816.546 In expand_message6() 9284:20230712:142816.548 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip. 9284:20230712:142816.548 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.549 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25675 value:'Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.' 9284:20230712:142816.549 buffer: new element 47 9284:20230712:142816.550 End of process_value():SUCCEED 9284:20230712:142816.551 In zbx_parse_eventlog_message6() EventRecordID:25676 9284:20230712:142816.551 In expand_message6() 9284:20230712:142816.553 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip. 9284:20230712:142816.553 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.554 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25676 value:'Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.' 9284:20230712:142816.554 buffer: new element 48 9284:20230712:142816.555 End of process_value():SUCCEED 9284:20230712:142816.555 In zbx_parse_eventlog_message6() EventRecordID:25677 9284:20230712:142816.556 In expand_message6() 9284:20230712:142816.557 End of expand_message6():Updated policy Kernel-RegisteredProcessors with value of 2 from Clip. 9284:20230712:142816.558 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.558 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25677 value:'Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.' 9284:20230712:142816.559 buffer: new element 49 9284:20230712:142816.559 In send_buffer() host:'192.168.56.201' port:10051 entries:50/100 9284:20230712:142816.560 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:60, connection timeout:3] 9284:20230712:142816.561 JSON before sending [{"request":"agent data","session":"4027be861358abcc6136983f1f36335c","data":[{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test\n","lastlogsize":25628,"timestamp":1662130758,"source":"igfxCUIService2.0.0.0","severity":1,"id":651,"clock":1689161294,"ns":188263500},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1\n","lastlogsize":25629,"timestamp":1662130758,"source":"igfxCUIService2.0.0.0","severity":1,"id":652,"clock":1689161294,"ns":368360600},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a notification event.","lastlogsize":25630,"timestamp":1662130758,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6000,"id":653,"clock":1689161294,"ns":373659700},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a notification event.","lastlogsize":25631,"timestamp":1662130758,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6000,"id":654,"clock":1689161294,"ns":378833100},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25632,"timestamp":1662130758,"source":"BrService_4_3_4_610","severity":1,"id":655,"clock":1689161294,"ns":555083600},{"host":"Windows host","key":"eventlog[Application]","value":"Service has been successfully shut down.","lastlogsize":25633,"timestamp":1662130762,"source":"IAStorDataMgrSvc","severity":1,"id":656,"clock":1689161294,"ns":559658400},{"host":"Windows host","key":"eventlog[Application]","value":"Service has been successfully shut down.","lastlogsize":25634,"timestamp":1662130762,"source":"XTUService","severity":1,"id":657,"clock":1689161294,"ns":564346500},{"host":"Windows host","key":"eventlog[Application]","value":"Service has been successfully shut down.","lastlogsize":25635,"timestamp":1662130762,"source":"HP Comm Recovery","severity":1,"id":658,"clock":1689161294,"ns":568894000},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped (0)\n","lastlogsize":25636,"timestamp":1662130762,"source":"Bonjour Service","severity":1,"eventid":100,"id":659,"clock":1689161294,"ns":573491400},{"host":"Windows host","key":"eventlog[Application]","value":"The Windows Security Center Service has stopped.","lastlogsize":25637,"timestamp":1662130762,"source":"SecurityCenter","severity":1,"eventid":2,"id":660,"clock":1689161294,"ns":578196800},{"host":"Windows host","key":"eventlog[Application]","value":"The User Profile Service has stopped. \r\n\r\n","lastlogsize":25638,"timestamp":1662130762,"source":"Microsoft-Windows-User Profiles Service","severity":1,"eventid":1532,"id":661,"clock":1689161294,"ns":583076000},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed","lastlogsize":25639,"timestamp":1662358155,"source":"igfxCUIService2.0.0.0","severity":1,"id":662,"clock":1689161294,"ns":755846400},{"host":"Windows host","key":"eventlog[Application]","value":"The User Profile Service has started successfully. \r\n\r\n","lastlogsize":25640,"timestamp":1662358155,"source":"Microsoft-Windows-User Profiles Service","severity":1,"eventid":1531,"id":663,"clock":1689161294,"ns":761099400},{"host":"Windows host","key":"eventlog[Application]","value":"Windows Management Instrumentation Service started sucessfully","lastlogsize":25641,"timestamp":1662358156,"source":"Microsoft-Windows-WMI","severity":1,"eventid":5615,"id":664,"clock":1689161294,"ns":766212800},{"host":"Windows host","key":"eventlog[Application]","value":"Intel(R) Dynamic Application Loader Host Interface Service started.","lastlogsize":25642,"timestamp":1662358156,"source":"IntelDalJhi","severity":1,"id":665,"clock":1689161294,"ns":770837400},{"host":"Windows host","key":"eventlog[Application]","value":"Local Management Service started.","lastlogsize":25643,"timestamp":1662358156,"source":"LMS","severity":1,"eventid":2000,"id":666,"clock":1689161294,"ns":775471200},{"host":"Windows host","key":"eventlog[Application]","value":"Service started/resumed","lastlogsize":25644,"timestamp":1662358156,"source":"LMS","severity":1,"id":667,"clock":1689161294,"ns":780109000},{"host":"Windows host","key":"eventlog[Application]","value":"Windows Management Instrumentation Service subsystems initialized successfully","lastlogsize":25645,"timestamp":1662358156,"source":"Microsoft-Windows-WMI","severity":1,"eventid":5617,"id":668,"clock":1689161294,"ns":785262400},{"host":"Windows host","key":"eventlog[Application]","value":"Service started successfully.","lastlogsize":25646,"timestamp":1662358160,"source":"XTUService","severity":1,"id":669,"clock":1689161294,"ns":790468800},{"host":"Windows host","key":"eventlog[Application]","value":"Service started (1.0.24.0).","lastlogsize":25647,"timestamp":1662358162,"source":"DbxSvc","severity":1,"eventid":336,"id":670,"clock":1689161294,"ns":795373300},{"host":"Windows host","key":"eventlog[Application]","value":"Pipe server thread started.","lastlogsize":25648,"timestamp":1662358162,"source":"DbxSvc","severity":1,"eventid":258,"id":671,"clock":1689161294,"ns":800263900},{"host":"Windows host","key":"eventlog[Application]","value":"Service initializing","lastlogsize":25649,"timestamp":1662358162,"source":"Bonjour Service","severity":1,"eventid":100,"id":672,"clock":1689161294,"ns":805113400},{"host":"Windows host","key":"eventlog[Application]","value":"Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...","lastlogsize":25650,"timestamp":1662358162,"source":"DbxSvc","severity":1,"eventid":320,"id":673,"clock":1689161294,"ns":809988500},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'AdobeARMservice' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started","lastlogsize":25651,"timestamp":1662358162,"source":"AdobeARMservice","severity":1,"id":674,"clock":1689161294,"ns":980563300},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'LanWlanSwitchingService' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: LanWlanSwitchingService; LAN/WLAN | LAN/WWAN Switching Service in OnStart","lastlogsize":25652,"timestamp":1662358162,"source":"LanWlanSwitchingService","severity":1,"id":675,"clock":1689161295,"ns":163087800},{"host":"Windows host","key":"eventlog[Application]","value":"Service initialized","lastlogsize":25653,"timestamp":1662358162,"source":"Bonjour Service","severity":1,"eventid":100,"id":676,"clock":1689161295,"ns":167962000},{"host":"Windows host","key":"eventlog[Application]","value":"Service started\n","lastlogsize":25654,"timestamp":1662358163,"source":"Bonjour Service","severity":1,"eventid":100,"id":677,"clock":1689161295,"ns":172645400},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'hpqcaslwmiex' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed","lastlogsize":25655,"timestamp":1662358174,"source":"hpqcaslwmiex","severity":1,"id":678,"clock":1689161295,"ns":372205700},{"host":"Windows host","key":"eventlog[Application]","value":"Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...","lastlogsize":25656,"timestamp":1662358192,"source":"DbxSvc","severity":1,"eventid":320,"id":679,"clock":1689161295,"ns":377687200},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a critical notification event.","lastlogsize":25657,"timestamp":1662358206,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6003,"id":680,"clock":1689161295,"ns":382821400},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1\n","lastlogsize":25658,"timestamp":1662358221,"source":"igfxCUIService2.0.0.0","severity":1,"id":681,"clock":1689161295,"ns":560624900},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1\n","lastlogsize":25659,"timestamp":1662358221,"source":"igfxCUIService2.0.0.0","severity":1,"id":682,"clock":1689161295,"ns":739669800},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a notification event.","lastlogsize":25660,"timestamp":1662358221,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6000,"id":683,"clock":1689161295,"ns":745295400},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1\n","lastlogsize":25661,"timestamp":1662358221,"source":"igfxCUIService2.0.0.0","severity":1,"id":684,"clock":1689161295,"ns":944964400},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started","lastlogsize":25662,"timestamp":1662358222,"source":"dbupdate","severity":1,"id":685,"clock":1689161296,"ns":140407800},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (8540,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0).","lastlogsize":25663,"timestamp":1662358222,"source":"ESENT","severity":1,"eventid":102,"id":686,"clock":1689161296,"ns":145583000},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (8540,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) \r\n \r\nAdditional Data:\r\n \r\n \r\nInternal Timing Sequence: \n[1] 0.001503 +J(0) +M(C:0K, Fs:323, WS:1260K # 1260K, PF:5412K # 5412K, P:5412K)\n[2] 0.000275 +J(0) +M(C:0K, Fs:125, WS:500K # 500K, PF:444K # 444K, P:444K)\n[3] 0.000765 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K)\n[4] 0.000107 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:348K # 348K, P:348K)\n[5] 0.001342 +J(0) +M(C:0K, Fs:11, WS:44K # 44K, PF:20K # 20K, P:20K)\n[6] 0.004571 +J(0) +M(C:0K, Fs:26, WS:100K # 100K, PF:28K # 28K, P:28K)\n[7] 0.004790 -0.002077 (2) WT +J(0) +M(C:0K, Fs:270, WS:1080K # 1080K, PF:1028K # 1028K, P:1028K)\n[8] -\n[9] -\n[10] -\n[11] -\n[12] -\n[13] 0.010844 -0.000177 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1020K # 12K, P:-1020K)\n[14] 0.000020 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[15] 0.000086 +J(0) +M(C:0K, Fs:65, WS:260K # 0K, PF:64K # 0K, P:64K)\n[16] 0.000192 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).","lastlogsize":25664,"timestamp":1662358222,"source":"ESENT","severity":1,"eventid":105,"id":687,"clock":1689161296,"ns":150509300},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (8540,D,50) Windows: The database engine attached a database (1, C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb). (Time=0 seconds) \r\n \r\nSaved Cache: 0 0 \r\nAdditional Data: lgposAttach = 00000BC4:006E:0268,\ndbv = 1568.110.240 \r\n \r\nInternal Timing Sequence: \n[1] 0.000004 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[2] 0.001121 -0.000320 (1) WT +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K)\n[3] 0.004695 -0.000958 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:39, WS:124K # 0K, PF:136K # 0K, P:136K)\n[4] 0.000189 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[5] -\n[6] -\n[7] -\n[8] 0.001233 -0.000820 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:57, WS:220K # 0K, PF:712K # 0K, P:712K)\n[9] 0.017432 -0.000232 (5) CM -0.016930 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:97, WS:380K # 88K, PF:408K # 332K, P:408K)\n[10] 0.000192 -0.000092 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 40K, PF:96K # 96K, P:96K)\n[11] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K)\n[12] 0.000046 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K)\n[13] 0.000001 +J(0)\n[14] 0.0 +J(0)\n[15] 0.000006 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).","lastlogsize":25665,"timestamp":1662358222,"source":"ESENT","severity":1,"eventid":326,"id":688,"clock":1689161296,"ns":155410800},{"host":"Windows host","key":"eventlog[Application]","value":"The Windows Search Service started.\n","lastlogsize":25666,"timestamp":1662358223,"source":"Microsoft-Windows-Search","severity":1,"eventid":1003,"id":689,"clock":1689161296,"ns":160461900},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25667,"timestamp":1662358223,"source":"dbupdate","severity":1,"id":690,"clock":1689161296,"ns":334598300},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed","lastlogsize":25668,"timestamp":1662358223,"source":"BrService_4_3_4_610","severity":1,"id":691,"clock":1689161296,"ns":511984800},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service is starting.\r\nParameters:TriggerStarted:6","lastlogsize":25669,"timestamp":1662358227,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":900,"id":692,"clock":1689161296,"ns":517668300},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25670,"timestamp":1662358227,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":693,"clock":1689161296,"ns":523272000},{"host":"Windows host","key":"eventlog[Application]","value":"Initialization status for service objects.\r\nC:\\WINDOWS\\system32\\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000\n","lastlogsize":25671,"timestamp":1662358227,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1066,"id":694,"clock":1689161296,"ns":528993700},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=55c92734-d682-4d71-983e-d6ec3f16059f\r\nLicensing Status=\n1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]\n38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25672,"timestamp":1662358227,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":695,"clock":1689161296,"ns":535065500},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.","lastlogsize":25673,"timestamp":1662358228,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":696,"clock":1689161296,"ns":540237400},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.","lastlogsize":25674,"timestamp":1662358228,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":697,"clock":1689161296,"ns":545101900},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.","lastlogsize":25675,"timestamp":1662358228,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":698,"clock":1689161296,"ns":549983500},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.","lastlogsize":25676,"timestamp":1662358228,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":699,"clock":1689161296,"ns":554720000},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.","lastlogsize":25677,"timestamp":1662358228,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":700,"clock":1689161296,"ns":559189700}],"clock":1689161296,"ns":560863500}] 9284:20230712:142816.566 JSON back [{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002537"}] 9284:20230712:142816.566 In check_response() response:'{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002537"}' 9284:20230712:142816.567 info from server: 'processed: 50; failed: 0; total: 50; seconds spent: 0.002537' 9284:20230712:142816.568 End of check_response():SUCCEED 9284:20230712:142816.568 OK 9284:20230712:142816.569 End of send_buffer():SUCCEED 9284:20230712:142816.569 End of process_value():SUCCEED 9284:20230712:142816.572 In zbx_parse_eventlog_message6() EventRecordID:25678 9284:20230712:142816.572 In expand_message6() 9284:20230712:142816.574 End of expand_message6():The Software Protection service has started. 10.0.19041.1889 9284:20230712:142816.574 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.575 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25678 value:'The Software Protection service has started. 10.0.19041.1889' 9284:20230712:142816.576 buffer: new element 0 9284:20230712:142816.576 End of process_value():SUCCEED 9284:20230712:142816.577 In zbx_parse_eventlog_message6() EventRecordID:25679 9284:20230712:142816.577 In expand_message6() 9284:20230712:142816.579 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142816.580 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.580 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25679 value:'The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142816.581 buffer: new element 1 9284:20230712:142816.581 End of process_value():SUCCEED 9284:20230712:142816.582 In zbx_parse_eventlog_message6() EventRecordID:25680 9284:20230712:142816.582 In expand_message6() 9284:20230712:142816.584 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip. 9284:20230712:142816.584 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.585 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25680 value:'Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.' 9284:20230712:142816.586 buffer: new element 2 9284:20230712:142816.586 End of process_value():SUCCEED 9284:20230712:142816.587 In zbx_parse_eventlog_message6() EventRecordID:25681 9284:20230712:142816.587 In expand_message6() 9284:20230712:142816.589 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip. 9284:20230712:142816.590 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.590 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25681 value:'Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.' 9284:20230712:142816.591 buffer: new element 3 9284:20230712:142816.591 End of process_value():SUCCEED 9284:20230712:142816.592 In zbx_parse_eventlog_message6() EventRecordID:25682 9284:20230712:142816.592 In expand_message6() 9284:20230712:142816.594 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip. 9284:20230712:142816.595 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.595 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25682 value:'Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.' 9284:20230712:142816.596 buffer: new element 4 9284:20230712:142816.596 End of process_value():SUCCEED 9284:20230712:142816.597 In zbx_parse_eventlog_message6() EventRecordID:25683 9284:20230712:142816.597 In expand_message6() 9284:20230712:142816.599 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip. 9284:20230712:142816.600 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.600 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25683 value:'Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.' 9284:20230712:142816.601 buffer: new element 5 9284:20230712:142816.601 End of process_value():SUCCEED 9284:20230712:142816.602 In zbx_parse_eventlog_message6() EventRecordID:25684 9284:20230712:142816.602 In expand_message6() 9284:20230712:142816.604 End of expand_message6():Updated policy Kernel-RegisteredProcessors with value of 2 from Clip. 9284:20230712:142816.605 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.605 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25684 value:'Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.' 9284:20230712:142816.606 buffer: new element 6 9284:20230712:142816.606 End of process_value():SUCCEED 9284:20230712:142816.607 In zbx_parse_eventlog_message6() EventRecordID:25685 9284:20230712:142816.607 In expand_message6() 9284:20230712:142816.609 End of expand_message6():12848 9284:20230712:142816.610 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.610 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25685 value:'12848' 9284:20230712:142816.611 buffer: new element 7 9284:20230712:142816.611 End of process_value():SUCCEED 9284:20230712:142816.612 In zbx_parse_eventlog_message6() EventRecordID:25686 9284:20230712:142816.612 In expand_message6() 9284:20230712:142816.614 End of expand_message6():Outlook loaded the following add-in(s): Name: Microsoft Exchange Add-in Description: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability. ProgID: UmOutlookAddin.FormRegionAddin GUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\UmOutlookAddin.dll Boot Time (Milliseconds): 15 Name: Microsoft Teams Meeting Add-in for Microsoft Office Description: Microsoft Teams Meeting Add-in for Microsoft Office ProgID: TeamsAddin.FastConnect GUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D} Load Behavior: 3 HKLM: 0 Location: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22209.4\x64\Microsoft.Teams.AddinLoader.dll Boot Time (Milliseconds): 16 Name: Outlook Social Connector 2016 Description: Connects to social networking sites and provides people, activity, and status information. ProgID: OscAddin.Connect GUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\SOCIALCONNECTOR.DLL Boot Time (Milliseconds): 31 Name: OneNote Notes about Outlook Items Description: Adds Send to OneNote and Notes about this Item buttons to the command bar ProgID: OneNote.OutlookAddin GUID: {93E5752E-B889-47C5-8545-654EE2533C64} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll Boot Time (Milliseconds): 31 Name: Microsoft VBA for Outlook Addin Description: ProgID: Microsoft.VbaAddinForOutlook.1 GUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2} Load Behavior: 9 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\OUTLVBA.DLL Boot Time (Milliseconds): 0 Name: Microsoft SharePoint Server Colleague Import Add-in Description: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content ProgID: ColleagueImport.ColleagueImportAddin GUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120} Load Behavior: 3 HKLM: 0 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\ColleagueImport.dll Boot Time (Milliseconds): 16 Name: HP Sure Click Outlook Add-in 4.3.4.610 Description: HP Sure Click Outlook Add-in 4.3.4.610 ProgID: Bromium.vSentry.OutlookAddin GUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\HP\Sure Click\4.3.4.610\servers\BrOutlookAddin.dll Boot Time (Milliseconds): 234 9284:20230712:142816.614 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.615 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25686 value:'Outlook loaded the following add-in(s): Name: Microsoft Exchange Add-in Description: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability. ProgID: UmOutlookAddin.FormRegionAddin GUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\UmOutlookAddin.dll Boot Time (Milliseconds): 15 Name: Microsoft Teams Meeting Add-in for Microsoft Office Description: Microsoft Teams Meeting Add-in for Microsoft Office ProgID: TeamsAddin.FastConnect GUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D} Load Behavior: 3 HKLM: 0 Location: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22209.4\x64\Microsoft.Teams.AddinLoader.dll Boot Time (Milliseconds): 16 Name: Outlook Social Connector 2016 Description: Connects to social networking sites and provides people, activity, and status information. ProgID: OscAddin.Connect GUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\SOCIALCONNECTOR.DLL Boot Time (Milliseconds): 31 Name: OneNote Notes about Outlook Items Description: Adds Send to OneNote and Notes about this Item buttons to the command bar ProgID: OneNote.OutlookAddin GUID: {93E5752E-B889-47C5-8545-654EE2533C64} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll Boot Time (Milliseconds): 31 Name: Microsoft VBA for Outlook Addin Description: ProgID: Microsoft.VbaAddinForOutlook.1 GUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2} Load Behavior: 9 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\OUTLVBA.DLL Boot Time (Milliseconds): 0 Name: Microsoft SharePoint Server Colleague Import Add-in Description: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content ProgID: ColleagueImport.ColleagueImportAddin GUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120} Load Behavior: 3 HKLM: 0 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\ColleagueImport.dll Boot Time (Milliseconds): 16 Name: HP Sure Click Outlook Add-in 4.3.4.610 Description: HP Sure Click Outlook Add-in 4.3.4.610 ProgID: Bromium.vSentry.OutlookAddin GUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\HP\Sure Click\4.3.4.610\servers\BrOutlookAddin.dll Boot Time (Milliseconds): 234 ' 9284:20230712:142816.616 buffer: new element 8 9284:20230712:142816.616 End of process_value():SUCCEED 9284:20230712:142816.617 In zbx_parse_eventlog_message6() EventRecordID:25687 9284:20230712:142816.617 In expand_message6() 9284:20230712:142816.619 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142816.620 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.621 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25687 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142816.621 buffer: new element 9 9284:20230712:142816.622 End of process_value():SUCCEED 9284:20230712:142816.622 In zbx_parse_eventlog_message6() EventRecordID:25688 9284:20230712:142816.623 In expand_message6() 9284:20230712:142816.625 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 9284:20230712:142816.625 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.626 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25688 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] ' 9284:20230712:142816.626 buffer: new element 10 9284:20230712:142816.627 End of process_value():SUCCEED 9284:20230712:142816.627 In zbx_parse_eventlog_message6() EventRecordID:25689 9284:20230712:142816.628 In expand_message6() 9284:20230712:142816.629 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142816.630 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.630 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25689 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142816.631 buffer: new element 11 9284:20230712:142816.631 End of process_value():SUCCEED 9284:20230712:142816.632 In zbx_parse_eventlog_message6() EventRecordID:25690 9284:20230712:142816.633 In expand_message6() 9284:20230712:142816.634 End of expand_message6():Outlook detected a change notification for your apps and will attempt to update them. 9284:20230712:142816.634 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.635 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25690 value:'Outlook detected a change notification for your apps and will attempt to update them.' 9284:20230712:142816.636 buffer: new element 12 9284:20230712:142816.636 End of process_value():SUCCEED 9284:20230712:142816.637 In zbx_parse_eventlog_message6() EventRecordID:25691 9284:20230712:142816.637 In expand_message6() 9284:20230712:142816.638 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142816.639 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.639 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25691 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142816.640 buffer: new element 13 9284:20230712:142816.640 End of process_value():SUCCEED 9284:20230712:142816.641 In zbx_parse_eventlog_message6() EventRecordID:25692 9284:20230712:142816.641 In expand_message6() 9284:20230712:142816.642 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142816.642 ====== Fatal information: ====== 9284:20230712:142816.643 Program counter: 0x67e2cf19 9284:20230712:142816.643 === Registers: === 9284:20230712:142816.644 r8 = 18 = 24 = 24 9284:20230712:142816.644 r9 = 0 = 0 = 0 9284:20230712:142816.645 r10 = 0 = 0 = 0 9284:20230712:142816.645 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142816.646 r12 = 6af650 = 7009872 = 7009872 9284:20230712:142816.646 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142816.647 r14 = 0 = 0 = 0 9284:20230712:142816.647 r15 = 0 = 0 = 0 9284:20230712:142816.648 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142816.648 rsi = 385f270 = 59110000 = 59110000 9284:20230712:142816.649 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142816.649 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142816.649 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142816.650 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142816.650 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142816.651 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142816.652 efl = 202 = 514 = 514 9284:20230712:142816.652 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142816.653 === Backtrace: === 9284:20230712:142816.796 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142816.797 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142816.798 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142816.798 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142816.799 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142816.801 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142816.802 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142816.803 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142816.804 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142816.805 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142816.806 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142816.806 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142816.807 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142816.808 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142816.809 ================================ 9284:20230712:142816.810 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142816.811 End of expand_message6():(null) 9284:20230712:142816.811 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.812 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25692 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142816.812 buffer: new element 14 9284:20230712:142816.813 End of process_value():SUCCEED 9284:20230712:142816.814 In zbx_parse_eventlog_message6() EventRecordID:25693 9284:20230712:142816.814 In expand_message6() 9284:20230712:142816.816 End of expand_message6():Service stopped. 9284:20230712:142816.816 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.817 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25693 value:'Service stopped.' 9284:20230712:142816.817 buffer: new element 15 9284:20230712:142816.818 End of process_value():SUCCEED 9284:20230712:142816.819 In zbx_parse_eventlog_message6() EventRecordID:25694 9284:20230712:142816.819 In expand_message6() 9284:20230712:142816.820 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142816.821 ====== Fatal information: ====== 9284:20230712:142816.821 Program counter: 0x67e2cf19 9284:20230712:142816.822 === Registers: === 9284:20230712:142816.822 r8 = 18 = 24 = 24 9284:20230712:142816.823 r9 = 0 = 0 = 0 9284:20230712:142816.823 r10 = 0 = 0 = 0 9284:20230712:142816.824 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142816.825 r12 = 3862db0 = 59125168 = 59125168 9284:20230712:142816.825 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142816.826 r14 = 0 = 0 = 0 9284:20230712:142816.826 r15 = 0 = 0 = 0 9284:20230712:142816.827 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142816.827 rsi = 385e730 = 59107120 = 59107120 9284:20230712:142816.828 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142816.829 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142816.829 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142816.830 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142816.830 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142816.831 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142816.832 efl = 202 = 514 = 514 9284:20230712:142816.832 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142816.833 === Backtrace: === 9284:20230712:142816.975 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142816.976 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142816.977 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142816.978 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142816.978 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142816.981 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142816.982 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142816.983 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142816.984 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142816.984 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142816.985 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142816.986 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142816.987 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142816.988 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142816.990 ================================ 9284:20230712:142816.990 provider 'gupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142816.991 End of expand_message6():(null) 9284:20230712:142816.992 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.993 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25694 value:'The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142816.993 buffer: new element 16 9284:20230712:142816.994 End of process_value():SUCCEED 9284:20230712:142816.995 In zbx_parse_eventlog_message6() EventRecordID:25695 9284:20230712:142816.995 In expand_message6() 9284:20230712:142816.997 End of expand_message6():Service started successfully. 9284:20230712:142816.997 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142816.998 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25695 value:'Service started successfully.' 9284:20230712:142816.999 buffer: new element 17 9284:20230712:142816.999 End of process_value():SUCCEED 9284:20230712:142817.000 In zbx_parse_eventlog_message6() EventRecordID:25696 9284:20230712:142817.001 In expand_message6() 9284:20230712:142817.002 End of expand_message6():Service started successfully. 9284:20230712:142817.003 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.003 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25696 value:'Service started successfully.' 9284:20230712:142817.004 buffer: new element 18 9284:20230712:142817.004 End of process_value():SUCCEED 9284:20230712:142817.005 In zbx_parse_eventlog_message6() EventRecordID:25697 9284:20230712:142817.006 In expand_message6() 9284:20230712:142817.007 End of expand_message6():Started event manager Started event manager 9284:20230712:142817.008 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.009 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25697 value:'Started event manager Started event manager' 9284:20230712:142817.009 buffer: new element 19 9284:20230712:142817.010 End of process_value():SUCCEED 9284:20230712:142817.011 In zbx_parse_eventlog_message6() EventRecordID:25698 9284:20230712:142817.011 In expand_message6() 9284:20230712:142817.012 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142817.013 ====== Fatal information: ====== 9284:20230712:142817.013 Program counter: 0x67e2cf19 9284:20230712:142817.014 === Registers: === 9284:20230712:142817.014 r8 = 18 = 24 = 24 9284:20230712:142817.015 r9 = 0 = 0 = 0 9284:20230712:142817.015 r10 = 0 = 0 = 0 9284:20230712:142817.016 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142817.017 r12 = 3863230 = 59126320 = 59126320 9284:20230712:142817.017 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142817.018 r14 = 0 = 0 = 0 9284:20230712:142817.018 r15 = 0 = 0 = 0 9284:20230712:142817.019 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142817.019 rsi = 385f6d0 = 59111120 = 59111120 9284:20230712:142817.020 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142817.020 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142817.021 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142817.021 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142817.022 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142817.022 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142817.023 efl = 202 = 514 = 514 9284:20230712:142817.024 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142817.024 === Backtrace: === 9284:20230712:142817.167 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142817.168 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142817.168 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142817.169 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142817.170 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142817.172 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142817.173 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142817.173 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142817.174 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142817.175 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142817.176 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142817.177 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142817.177 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142817.178 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142817.179 ================================ 9284:20230712:142817.180 provider 'gupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142817.181 End of expand_message6():(null) 9284:20230712:142817.181 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.182 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25698 value:'The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142817.182 buffer: new element 20 9284:20230712:142817.183 End of process_value():SUCCEED 9284:20230712:142817.183 In zbx_parse_eventlog_message6() EventRecordID:25699 9284:20230712:142817.184 In expand_message6() 9284:20230712:142817.185 End of expand_message6():The Windows Security Center Service has started. 9284:20230712:142817.186 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.187 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25699 value:'The Windows Security Center Service has started.' 9284:20230712:142817.187 buffer: new element 21 9284:20230712:142817.188 End of process_value():SUCCEED 9284:20230712:142817.188 In zbx_parse_eventlog_message6() EventRecordID:25700 9284:20230712:142817.189 In expand_message6() 9284:20230712:142817.190 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142817.191 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.192 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25700 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142817.192 buffer: new element 22 9284:20230712:142817.193 End of process_value():SUCCEED 9284:20230712:142817.193 In zbx_parse_eventlog_message6() EventRecordID:25701 9284:20230712:142817.194 In expand_message6() 9284:20230712:142817.195 End of expand_message6():Version : 2.0.11.0 9284:20230712:142817.196 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.196 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25701 value:'Version : 2.0.11.0' 9284:20230712:142817.197 buffer: new element 23 9284:20230712:142817.197 End of process_value():SUCCEED 9284:20230712:142817.198 In zbx_parse_eventlog_message6() EventRecordID:25702 9284:20230712:142817.199 In expand_message6() 9284:20230712:142817.200 End of expand_message6():Cloud logging is enabled. 9284:20230712:142817.201 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.201 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25702 value:'Cloud logging is enabled.' 9284:20230712:142817.202 buffer: new element 24 9284:20230712:142817.202 End of process_value():SUCCEED 9284:20230712:142817.203 In zbx_parse_eventlog_message6() EventRecordID:25703 9284:20230712:142817.203 In expand_message6() 9284:20230712:142817.205 End of expand_message6():Load Balance is enabled. 9284:20230712:142817.205 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.206 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25703 value:'Load Balance is enabled.' 9284:20230712:142817.207 buffer: new element 25 9284:20230712:142817.207 End of process_value():SUCCEED 9284:20230712:142817.208 In zbx_parse_eventlog_message6() EventRecordID:25704 9284:20230712:142817.208 In expand_message6() 9284:20230712:142817.210 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-12T06:12:38Z. Reason: RulesEngine. 9284:20230712:142817.211 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.211 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25704 value:'Successfully scheduled Software Protection service for re-start at 2122-08-12T06:12:38Z. Reason: RulesEngine.' 9284:20230712:142817.212 buffer: new element 26 9284:20230712:142817.212 End of process_value():SUCCEED 9284:20230712:142817.213 In zbx_parse_eventlog_message6() EventRecordID:25705 9284:20230712:142817.213 In expand_message6() 9284:20230712:142817.215 End of expand_message6():The Software Protection service has stopped. 9284:20230712:142817.215 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.216 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25705 value:'The Software Protection service has stopped. ' 9284:20230712:142817.216 buffer: new element 27 9284:20230712:142817.217 End of process_value():SUCCEED 9284:20230712:142817.217 In zbx_parse_eventlog_message6() EventRecordID:25706 9284:20230712:142817.218 In expand_message6() 9284:20230712:142817.219 End of expand_message6():Finish Device Check 9284:20230712:142817.220 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.220 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25706 value:'Finish Device Check' 9284:20230712:142817.221 buffer: new element 28 9284:20230712:142817.221 End of process_value():SUCCEED 9284:20230712:142817.222 In zbx_parse_eventlog_message6() EventRecordID:25707 9284:20230712:142817.222 In expand_message6() 9284:20230712:142817.224 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142817.224 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.225 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25707 value:'Offline downlevel migration succeeded.' 9284:20230712:142817.225 buffer: new element 29 9284:20230712:142817.226 End of process_value():SUCCEED 9284:20230712:142817.226 In zbx_parse_eventlog_message6() EventRecordID:25708 9284:20230712:142817.227 In expand_message6() 9284:20230712:142817.229 End of expand_message6():Starting session 0 - ‎2022‎-‎09‎-‎05T06:15:36.567197100Z. 9284:20230712:142817.229 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.230 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25708 value:'Starting session 0 - ‎2022‎-‎09‎-‎05T06:15:36.567197100Z.' 9284:20230712:142817.231 buffer: new element 30 9284:20230712:142817.231 End of process_value():SUCCEED 9284:20230712:142817.232 In zbx_parse_eventlog_message6() EventRecordID:25709 9284:20230712:142817.233 In expand_message6() 9284:20230712:142817.235 End of expand_message6():Ending session 0 started ‎2022‎-‎09‎-‎05T06:15:36.567197100Z. 9284:20230712:142817.235 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.236 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25709 value:'Ending session 0 started ‎2022‎-‎09‎-‎05T06:15:36.567197100Z.' 9284:20230712:142817.237 buffer: new element 31 9284:20230712:142817.237 End of process_value():SUCCEED 9284:20230712:142817.238 In zbx_parse_eventlog_message6() EventRecordID:25710 9284:20230712:142817.238 In expand_message6() 9284:20230712:142817.240 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-12T06:15:54Z. Reason: RulesEngine. 9284:20230712:142817.241 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.241 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25710 value:'Successfully scheduled Software Protection service for re-start at 2122-08-12T06:15:54Z. Reason: RulesEngine.' 9284:20230712:142817.242 buffer: new element 32 9284:20230712:142817.243 End of process_value():SUCCEED 9284:20230712:142817.243 In zbx_parse_eventlog_message6() EventRecordID:25711 9284:20230712:142817.244 In expand_message6() 9284:20230712:142817.246 End of expand_message6():Starting session 0 - ‎2022‎-‎09‎-‎05T06:16:36.780954100Z. 9284:20230712:142817.247 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.248 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25711 value:'Starting session 0 - ‎2022‎-‎09‎-‎05T06:16:36.780954100Z.' 9284:20230712:142817.248 buffer: new element 33 9284:20230712:142817.249 End of process_value():SUCCEED 9284:20230712:142817.250 In zbx_parse_eventlog_message6() EventRecordID:25712 9284:20230712:142817.250 In expand_message6() 9284:20230712:142817.252 End of expand_message6():Ending session 0 started ‎2022‎-‎09‎-‎05T06:16:36.780954100Z. 9284:20230712:142817.253 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.254 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25712 value:'Ending session 0 started ‎2022‎-‎09‎-‎05T06:16:36.780954100Z.' 9284:20230712:142817.254 buffer: new element 34 9284:20230712:142817.255 End of process_value():SUCCEED 9284:20230712:142817.256 In zbx_parse_eventlog_message6() EventRecordID:25713 9284:20230712:142817.256 In expand_message6() 9284:20230712:142817.258 End of expand_message6():Starting session 0 - ‎2022‎-‎09‎-‎05T06:17:38.371735700Z. 9284:20230712:142817.259 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.260 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25713 value:'Starting session 0 - ‎2022‎-‎09‎-‎05T06:17:38.371735700Z.' 9284:20230712:142817.260 buffer: new element 35 9284:20230712:142817.261 End of process_value():SUCCEED 9284:20230712:142817.262 In zbx_parse_eventlog_message6() EventRecordID:25714 9284:20230712:142817.262 In expand_message6() 9284:20230712:142817.264 End of expand_message6():Ending session 0 started ‎2022‎-‎09‎-‎05T06:17:38.371735700Z. 9284:20230712:142817.265 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.266 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25714 value:'Ending session 0 started ‎2022‎-‎09‎-‎05T06:17:38.371735700Z.' 9284:20230712:142817.266 buffer: new element 36 9284:20230712:142817.267 End of process_value():SUCCEED 9284:20230712:142817.267 In zbx_parse_eventlog_message6() EventRecordID:25715 9284:20230712:142817.268 In expand_message6() 9284:20230712:142817.270 End of expand_message6():Starting session 0 - ‎2022‎-‎09‎-‎05T06:17:41.038166200Z. 9284:20230712:142817.271 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.271 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25715 value:'Starting session 0 - ‎2022‎-‎09‎-‎05T06:17:41.038166200Z.' 9284:20230712:142817.272 buffer: new element 37 9284:20230712:142817.273 End of process_value():SUCCEED 9284:20230712:142817.273 In zbx_parse_eventlog_message6() EventRecordID:25716 9284:20230712:142817.274 In expand_message6() 9284:20230712:142817.276 End of expand_message6():Ending session 0 started ‎2022‎-‎09‎-‎05T06:17:41.038166200Z. 9284:20230712:142817.277 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.277 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25716 value:'Ending session 0 started ‎2022‎-‎09‎-‎05T06:17:41.038166200Z.' 9284:20230712:142817.278 buffer: new element 38 9284:20230712:142817.279 End of process_value():SUCCEED 9284:20230712:142817.279 In zbx_parse_eventlog_message6() EventRecordID:25717 9284:20230712:142817.280 In expand_message6() 9284:20230712:142817.282 End of expand_message6():Starting session 0 - ‎2022‎-‎09‎-‎05T06:17:44.738206600Z. 9284:20230712:142817.283 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.283 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25717 value:'Starting session 0 - ‎2022‎-‎09‎-‎05T06:17:44.738206600Z.' 9284:20230712:142817.284 buffer: new element 39 9284:20230712:142817.285 End of process_value():SUCCEED 9284:20230712:142817.285 In zbx_parse_eventlog_message6() EventRecordID:25718 9284:20230712:142817.286 In expand_message6() 9284:20230712:142817.288 End of expand_message6():Ending session 0 started ‎2022‎-‎09‎-‎05T06:17:44.738206600Z. 9284:20230712:142817.289 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.289 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25718 value:'Ending session 0 started ‎2022‎-‎09‎-‎05T06:17:44.738206600Z.' 9284:20230712:142817.290 buffer: new element 40 9284:20230712:142817.291 End of process_value():SUCCEED 9284:20230712:142817.291 In zbx_parse_eventlog_message6() EventRecordID:25719 9284:20230712:142817.292 In expand_message6() 9284:20230712:142817.294 End of expand_message6():Starting session 0 - ‎2022‎-‎09‎-‎05T06:17:44.890433200Z. 9284:20230712:142817.295 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.295 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25719 value:'Starting session 0 - ‎2022‎-‎09‎-‎05T06:17:44.890433200Z.' 9284:20230712:142817.296 buffer: new element 41 9284:20230712:142817.297 End of process_value():SUCCEED 9284:20230712:142817.297 In zbx_parse_eventlog_message6() EventRecordID:25720 9284:20230712:142817.298 In expand_message6() 9284:20230712:142817.300 End of expand_message6():Ending session 0 started ‎2022‎-‎09‎-‎05T06:17:44.890433200Z. 9284:20230712:142817.301 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.301 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25720 value:'Ending session 0 started ‎2022‎-‎09‎-‎05T06:17:44.890433200Z.' 9284:20230712:142817.302 buffer: new element 42 9284:20230712:142817.303 End of process_value():SUCCEED 9284:20230712:142817.303 In zbx_parse_eventlog_message6() EventRecordID:25721 9284:20230712:142817.304 In expand_message6() 9284:20230712:142817.305 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142817.306 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.307 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25721 value:'Offline downlevel migration succeeded.' 9284:20230712:142817.307 buffer: new element 43 9284:20230712:142817.308 End of process_value():SUCCEED 9284:20230712:142817.309 In zbx_parse_eventlog_message6() EventRecordID:25722 9284:20230712:142817.309 In expand_message6() 9284:20230712:142817.311 End of expand_message6():Starting session 1 - ‎2022‎-‎09‎-‎05T06:17:52.091966900Z. 9284:20230712:142817.312 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.312 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25722 value:'Starting session 1 - ‎2022‎-‎09‎-‎05T06:17:52.091966900Z.' 9284:20230712:142817.313 buffer: new element 44 9284:20230712:142817.314 End of process_value():SUCCEED 9284:20230712:142817.314 In zbx_parse_eventlog_message6() EventRecordID:25723 9284:20230712:142817.315 In expand_message6() 9284:20230712:142817.317 End of expand_message6():Starting session 0 - ‎2022‎-‎09‎-‎05T06:17:53.014287400Z. 9284:20230712:142817.318 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.318 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25723 value:'Starting session 0 - ‎2022‎-‎09‎-‎05T06:17:53.014287400Z.' 9284:20230712:142817.319 buffer: new element 45 9284:20230712:142817.320 End of process_value():SUCCEED 9284:20230712:142817.320 In zbx_parse_eventlog_message6() EventRecordID:25724 9284:20230712:142817.321 In expand_message6() 9284:20230712:142817.323 End of expand_message6():Application 'C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE' (pid 12520) cannot be restarted - Application SID does not match Conductor SID.. 9284:20230712:142817.323 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.324 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25724 value:'Application 'C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE' (pid 12520) cannot be restarted - Application SID does not match Conductor SID..' 9284:20230712:142817.325 buffer: new element 46 9284:20230712:142817.325 End of process_value():SUCCEED 9284:20230712:142817.326 In zbx_parse_eventlog_message6() EventRecordID:25725 9284:20230712:142817.326 In expand_message6() 9284:20230712:142817.328 End of expand_message6():Machine restart is required. 9284:20230712:142817.329 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.330 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25725 value:'Machine restart is required.' 9284:20230712:142817.330 buffer: new element 47 9284:20230712:142817.331 End of process_value():SUCCEED 9284:20230712:142817.331 In zbx_parse_eventlog_message6() EventRecordID:25726 9284:20230712:142817.332 In expand_message6() 9284:20230712:142817.334 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142817.334 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.335 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25726 value:'The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142817.335 buffer: new element 48 9284:20230712:142817.336 End of process_value():SUCCEED 9284:20230712:142817.337 In zbx_parse_eventlog_message6() EventRecordID:25727 9284:20230712:142817.337 In expand_message6() 9284:20230712:142817.339 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip. 9284:20230712:142817.339 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.340 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25727 value:'Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.' 9284:20230712:142817.340 buffer: new element 49 9284:20230712:142817.341 In send_buffer() host:'192.168.56.201' port:10051 entries:50/100 9284:20230712:142817.342 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:60, connection timeout:3] 9284:20230712:142817.343 JSON before sending [{"request":"agent data","session":"4027be861358abcc6136983f1f36335c","data":[{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has started.\r\n10.0.19041.1889","lastlogsize":25678,"timestamp":1662358228,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":902,"id":701,"clock":1689161296,"ns":576129900},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=55c92734-d682-4d71-983e-d6ec3f16059f\r\nLicensing Status=\n1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]\n38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25679,"timestamp":1662358229,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":702,"clock":1689161296,"ns":581369900},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.","lastlogsize":25680,"timestamp":1662358229,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":703,"clock":1689161296,"ns":586217200},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.","lastlogsize":25681,"timestamp":1662358229,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":704,"clock":1689161296,"ns":591361600},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.","lastlogsize":25682,"timestamp":1662358229,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":705,"clock":1689161296,"ns":596427500},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.","lastlogsize":25683,"timestamp":1662358229,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":706,"clock":1689161296,"ns":601218800},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.","lastlogsize":25684,"timestamp":1662358229,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":707,"clock":1689161296,"ns":606463600},{"host":"Windows host","key":"eventlog[Application]","value":"12848","lastlogsize":25685,"timestamp":1662358237,"source":"SensorFramework-LogonTask-{100ee514-48c8-f419-6760-6fb8cb2767cd}","severity":1,"eventid":92,"id":708,"clock":1689161296,"ns":611094200},{"host":"Windows host","key":"eventlog[Application]","value":"Outlook loaded the following add-in(s):\n\n\nName: Microsoft Exchange Add-in\nDescription: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability.\nProgID: UmOutlookAddin.FormRegionAddin\nGUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\UmOutlookAddin.dll\nBoot Time (Milliseconds): 15\n\nName: Microsoft Teams Meeting Add-in for Microsoft Office\nDescription: Microsoft Teams Meeting Add-in for Microsoft Office\nProgID: TeamsAddin.FastConnect\nGUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D}\nLoad Behavior: 3\nHKLM: 0\nLocation: C:\\Users\\MihailsPrihodko\\AppData\\Local\\Microsoft\\TeamsMeetingAddin\\1.0.22209.4\\x64\\Microsoft.Teams.AddinLoader.dll\nBoot Time (Milliseconds): 16\n\nName: Outlook Social Connector 2016\nDescription: Connects to social networking sites and provides people, activity, and status information.\nProgID: OscAddin.Connect\nGUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\SOCIALCONNECTOR.DLL\nBoot Time (Milliseconds): 31\n\nName: OneNote Notes about Outlook Items\nDescription: Adds Send to OneNote and Notes about this Item buttons to the command bar\nProgID: OneNote.OutlookAddin\nGUID: {93E5752E-B889-47C5-8545-654EE2533C64}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ONBttnOL.dll\nBoot Time (Milliseconds): 31\n\nName: Microsoft VBA for Outlook Addin\nDescription: \nProgID: Microsoft.VbaAddinForOutlook.1\nGUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2}\nLoad Behavior: 9\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\OUTLVBA.DLL\nBoot Time (Milliseconds): 0\n\nName: Microsoft SharePoint Server Colleague Import Add-in\nDescription: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content\nProgID: ColleagueImport.ColleagueImportAddin\nGUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120}\nLoad Behavior: 3\nHKLM: 0\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\ColleagueImport.dll\nBoot Time (Milliseconds): 16\n\nName: HP Sure Click Outlook Add-in 4.3.4.610\nDescription: HP Sure Click Outlook Add-in 4.3.4.610\nProgID: Bromium.vSentry.OutlookAddin\nGUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\HP\\Sure Click\\4.3.4.610\\servers\\BrOutlookAddin.dll\nBoot Time (Milliseconds): 234\n","lastlogsize":25686,"timestamp":1662358249,"source":"Outlook","severity":1,"eventid":45,"id":709,"clock":1689161296,"ns":616133900},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25687,"timestamp":1662358250,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":710,"clock":1689161296,"ns":621709800},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n\n","lastlogsize":25688,"timestamp":1662358250,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":711,"clock":1689161296,"ns":626813400},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":25689,"timestamp":1662358251,"source":"Outlook","severity":1,"eventid":63,"id":712,"clock":1689161296,"ns":631477500},{"host":"Windows host","key":"eventlog[Application]","value":"Outlook detected a change notification for your apps and will attempt to update them.","lastlogsize":25690,"timestamp":1662358253,"source":"Outlook","severity":1,"eventid":63,"id":713,"clock":1689161296,"ns":636082400},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":25691,"timestamp":1662358254,"source":"Outlook","severity":1,"eventid":63,"id":714,"clock":1689161296,"ns":640405900},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25692,"timestamp":1662358282,"source":"dbupdate","severity":1,"id":715,"clock":1689161296,"ns":813035700},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped.","lastlogsize":25693,"timestamp":1662358282,"source":"edgeupdate","severity":1,"id":716,"clock":1689161296,"ns":818115700},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25694,"timestamp":1662358283,"source":"gupdate","severity":1,"id":717,"clock":1689161296,"ns":993881700},{"host":"Windows host","key":"eventlog[Application]","value":"Service started successfully.","lastlogsize":25695,"timestamp":1662358283,"source":"HP Comm Recovery","severity":1,"id":718,"clock":1689161296,"ns":999249400},{"host":"Windows host","key":"eventlog[Application]","value":"Service started successfully.","lastlogsize":25696,"timestamp":1662358283,"source":"IAStorDataMgrSvc","severity":1,"id":719,"clock":1689161297,"ns":4431600},{"host":"Windows host","key":"eventlog[Application]","value":"Started event manager\nStarted event manager","lastlogsize":25697,"timestamp":1662358283,"source":"IAStorDataMgrSvc","severity":1,"eventid":7303,"id":720,"clock":1689161297,"ns":9837200},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25698,"timestamp":1662358283,"source":"gupdate","severity":1,"id":721,"clock":1689161297,"ns":182751000},{"host":"Windows host","key":"eventlog[Application]","value":"The Windows Security Center Service has started.","lastlogsize":25699,"timestamp":1662358285,"source":"SecurityCenter","severity":1,"eventid":1,"id":722,"clock":1689161297,"ns":187748200},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25700,"timestamp":1662358287,"source":"SecurityCenter","severity":1,"eventid":15,"id":723,"clock":1689161297,"ns":192753800},{"host":"Windows host","key":"eventlog[Application]","value":"Version : 2.0.11.0","lastlogsize":25701,"timestamp":1662358313,"source":"HP Comm Recovery","severity":1,"id":724,"clock":1689161297,"ns":197508900},{"host":"Windows host","key":"eventlog[Application]","value":"Cloud logging is enabled.","lastlogsize":25702,"timestamp":1662358313,"source":"HP Comm Recovery","severity":1,"id":725,"clock":1689161297,"ns":202221600},{"host":"Windows host","key":"eventlog[Application]","value":"Load Balance is enabled.","lastlogsize":25703,"timestamp":1662358313,"source":"HP Comm Recovery","severity":1,"id":726,"clock":1689161297,"ns":207074100},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-12T06:12:38Z. Reason: RulesEngine.","lastlogsize":25704,"timestamp":1662358358,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":727,"clock":1689161297,"ns":212251400},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has stopped.\r\n","lastlogsize":25705,"timestamp":1662358358,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":903,"id":728,"clock":1689161297,"ns":216931300},{"host":"Windows host","key":"eventlog[Application]","value":"Finish Device Check","lastlogsize":25706,"timestamp":1662358493,"source":"HP Comm Recovery","severity":1,"eventid":1,"id":729,"clock":1689161297,"ns":221286700},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25707,"timestamp":1662358523,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":730,"clock":1689161297,"ns":225885100},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 0 - ‎2022‎-‎09‎-‎05T06:15:36.567197100Z.","lastlogsize":25708,"timestamp":1662358536,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":731,"clock":1689161297,"ns":231368900},{"host":"Windows host","key":"eventlog[Application]","value":"Ending session 0 started ‎2022‎-‎09‎-‎05T06:15:36.567197100Z.","lastlogsize":25709,"timestamp":1662358538,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10001,"id":732,"clock":1689161297,"ns":237358700},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-12T06:15:54Z. Reason: RulesEngine.","lastlogsize":25710,"timestamp":1662358554,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":733,"clock":1689161297,"ns":242735100},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 0 - ‎2022‎-‎09‎-‎05T06:16:36.780954100Z.","lastlogsize":25711,"timestamp":1662358596,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":734,"clock":1689161297,"ns":248923800},{"host":"Windows host","key":"eventlog[Application]","value":"Ending session 0 started ‎2022‎-‎09‎-‎05T06:16:36.780954100Z.","lastlogsize":25712,"timestamp":1662358658,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10001,"id":735,"clock":1689161297,"ns":255021700},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 0 - ‎2022‎-‎09‎-‎05T06:17:38.371735700Z.","lastlogsize":25713,"timestamp":1662358658,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":736,"clock":1689161297,"ns":260900700},{"host":"Windows host","key":"eventlog[Application]","value":"Ending session 0 started ‎2022‎-‎09‎-‎05T06:17:38.371735700Z.","lastlogsize":25714,"timestamp":1662358661,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10001,"id":737,"clock":1689161297,"ns":266930100},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 0 - ‎2022‎-‎09‎-‎05T06:17:41.038166200Z.","lastlogsize":25715,"timestamp":1662358661,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":738,"clock":1689161297,"ns":272785200},{"host":"Windows host","key":"eventlog[Application]","value":"Ending session 0 started ‎2022‎-‎09‎-‎05T06:17:41.038166200Z.","lastlogsize":25716,"timestamp":1662358662,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10001,"id":739,"clock":1689161297,"ns":278595100},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 0 - ‎2022‎-‎09‎-‎05T06:17:44.738206600Z.","lastlogsize":25717,"timestamp":1662358664,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":740,"clock":1689161297,"ns":284463100},{"host":"Windows host","key":"eventlog[Application]","value":"Ending session 0 started ‎2022‎-‎09‎-‎05T06:17:44.738206600Z.","lastlogsize":25718,"timestamp":1662358664,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10001,"id":741,"clock":1689161297,"ns":290572200},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 0 - ‎2022‎-‎09‎-‎05T06:17:44.890433200Z.","lastlogsize":25719,"timestamp":1662358664,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":742,"clock":1689161297,"ns":296615900},{"host":"Windows host","key":"eventlog[Application]","value":"Ending session 0 started ‎2022‎-‎09‎-‎05T06:17:44.890433200Z.","lastlogsize":25720,"timestamp":1662358664,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10001,"id":743,"clock":1689161297,"ns":302513300},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25721,"timestamp":1662358671,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":744,"clock":1689161297,"ns":307894600},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 1 - ‎2022‎-‎09‎-‎05T06:17:52.091966900Z.","lastlogsize":25722,"timestamp":1662358672,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":745,"clock":1689161297,"ns":313630300},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 0 - ‎2022‎-‎09‎-‎05T06:17:53.014287400Z.","lastlogsize":25723,"timestamp":1662358673,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":746,"clock":1689161297,"ns":319536500},{"host":"Windows host","key":"eventlog[Application]","value":"Application 'C:\\Program Files\\Microsoft Office\\root\\Office16\\OUTLOOK.EXE' (pid 12520) cannot be restarted - Application SID does not match Conductor SID..","lastlogsize":25724,"timestamp":1662358674,"source":"Microsoft-Windows-RestartManager","severity":2,"eventid":10010,"id":747,"clock":1689161297,"ns":325243600},{"host":"Windows host","key":"eventlog[Application]","value":"Machine restart is required.","lastlogsize":25725,"timestamp":1662358674,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10005,"id":748,"clock":1689161297,"ns":330708000},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=55c92734-d682-4d71-983e-d6ec3f16059f\r\nLicensing Status=\n1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]\n38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25726,"timestamp":1662358696,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":749,"clock":1689161297,"ns":336056500},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.","lastlogsize":25727,"timestamp":1662358696,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":750,"clock":1689161297,"ns":340945400}],"clock":1689161297,"ns":342727400}] 9284:20230712:142817.347 JSON back [{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002404"}] 9284:20230712:142817.348 In check_response() response:'{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002404"}' 9284:20230712:142817.349 info from server: 'processed: 50; failed: 0; total: 50; seconds spent: 0.002404' 9284:20230712:142817.349 End of check_response():SUCCEED 9284:20230712:142817.350 OK 9284:20230712:142817.351 End of send_buffer():SUCCEED 9284:20230712:142817.351 End of process_value():SUCCEED 9284:20230712:142817.352 In zbx_parse_eventlog_message6() EventRecordID:25728 9284:20230712:142817.353 In expand_message6() 9284:20230712:142817.355 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip. 9284:20230712:142817.355 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.356 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25728 value:'Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.' 9284:20230712:142817.356 buffer: new element 0 9284:20230712:142817.357 End of process_value():SUCCEED 9284:20230712:142817.358 In zbx_parse_eventlog_message6() EventRecordID:25729 9284:20230712:142817.358 In expand_message6() 9284:20230712:142817.360 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip. 9284:20230712:142817.360 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.361 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25729 value:'Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.' 9284:20230712:142817.361 buffer: new element 1 9284:20230712:142817.362 End of process_value():SUCCEED 9284:20230712:142817.363 In zbx_parse_eventlog_message6() EventRecordID:25730 9284:20230712:142817.363 In expand_message6() 9284:20230712:142817.365 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip. 9284:20230712:142817.365 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.366 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25730 value:'Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.' 9284:20230712:142817.366 buffer: new element 2 9284:20230712:142817.367 End of process_value():SUCCEED 9284:20230712:142817.367 In zbx_parse_eventlog_message6() EventRecordID:25731 9284:20230712:142817.368 In expand_message6() 9284:20230712:142817.369 End of expand_message6():Updated policy Kernel-RegisteredProcessors with value of 2 from Clip. 9284:20230712:142817.370 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.370 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25731 value:'Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.' 9284:20230712:142817.371 buffer: new element 3 9284:20230712:142817.371 End of process_value():SUCCEED 9284:20230712:142817.372 In zbx_parse_eventlog_message6() EventRecordID:25732 9284:20230712:142817.372 In expand_message6() 9284:20230712:142817.374 End of expand_message6():Starting session 1 - ‎2022‎-‎09‎-‎05T06:18:17.435675300Z. 9284:20230712:142817.374 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.375 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25732 value:'Starting session 1 - ‎2022‎-‎09‎-‎05T06:18:17.435675300Z.' 9284:20230712:142817.375 buffer: new element 4 9284:20230712:142817.376 End of process_value():SUCCEED 9284:20230712:142817.376 In zbx_parse_eventlog_message6() EventRecordID:25733 9284:20230712:142817.377 In expand_message6() 9284:20230712:142817.379 End of expand_message6():Starting session 0 - ‎2022‎-‎09‎-‎05T06:18:19.151481900Z. 9284:20230712:142817.379 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.380 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25733 value:'Starting session 0 - ‎2022‎-‎09‎-‎05T06:18:19.151481900Z.' 9284:20230712:142817.380 buffer: new element 5 9284:20230712:142817.381 End of process_value():SUCCEED 9284:20230712:142817.381 In zbx_parse_eventlog_message6() EventRecordID:25734 9284:20230712:142817.381 In expand_message6() 9284:20230712:142817.383 End of expand_message6():Application 'C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE' (pid 12520) cannot be restarted - Application SID does not match Conductor SID.. 9284:20230712:142817.384 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.384 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25734 value:'Application 'C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE' (pid 12520) cannot be restarted - Application SID does not match Conductor SID..' 9284:20230712:142817.385 buffer: new element 6 9284:20230712:142817.385 End of process_value():SUCCEED 9284:20230712:142817.385 In zbx_parse_eventlog_message6() EventRecordID:25735 9284:20230712:142817.386 In expand_message6() 9284:20230712:142817.387 End of expand_message6():Machine restart is required. 9284:20230712:142817.388 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.388 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25735 value:'Machine restart is required.' 9284:20230712:142817.389 buffer: new element 7 9284:20230712:142817.389 End of process_value():SUCCEED 9284:20230712:142817.390 In zbx_parse_eventlog_message6() EventRecordID:25736 9284:20230712:142817.390 In expand_message6() 9284:20230712:142817.392 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142817.392 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.393 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25736 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142817.393 buffer: new element 8 9284:20230712:142817.394 End of process_value():SUCCEED 9284:20230712:142817.394 In zbx_parse_eventlog_message6() EventRecordID:25737 9284:20230712:142817.395 In expand_message6() 9284:20230712:142817.396 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-12T06:19:54Z. Reason: RulesEngine. 9284:20230712:142817.397 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.397 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25737 value:'Successfully scheduled Software Protection service for re-start at 2122-08-12T06:19:54Z. Reason: RulesEngine.' 9284:20230712:142817.398 buffer: new element 9 9284:20230712:142817.398 End of process_value():SUCCEED 9284:20230712:142817.399 In zbx_parse_eventlog_message6() EventRecordID:25738 9284:20230712:142817.400 In expand_message6() 9284:20230712:142817.401 End of expand_message6():The Open procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available. 9284:20230712:142817.402 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.402 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25738 value:'The Open procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available.' 9284:20230712:142817.403 buffer: new element 10 9284:20230712:142817.403 End of process_value():SUCCEED 9284:20230712:142817.404 In zbx_parse_eventlog_message6() EventRecordID:25739 9284:20230712:142817.404 In expand_message6() 9284:20230712:142817.406 End of expand_message6():The Open procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available. 9284:20230712:142817.407 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.407 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25739 value:'The Open procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available.' 9284:20230712:142817.408 buffer: new element 11 9284:20230712:142817.408 End of process_value():SUCCEED 9284:20230712:142817.409 In zbx_parse_eventlog_message6() EventRecordID:25740 9284:20230712:142817.409 In expand_message6() 9284:20230712:142817.411 End of expand_message6():The Open procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available. 9284:20230712:142817.411 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.412 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25740 value:'The Open procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available.' 9284:20230712:142817.412 buffer: new element 12 9284:20230712:142817.413 End of process_value():SUCCEED 9284:20230712:142817.413 In zbx_parse_eventlog_message6() EventRecordID:25741 9284:20230712:142817.414 In expand_message6() 9284:20230712:142817.416 End of expand_message6():The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted. 9284:20230712:142817.416 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.417 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25741 value:'The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.' 9284:20230712:142817.417 buffer: new element 13 9284:20230712:142817.418 End of process_value():SUCCEED 9284:20230712:142817.418 In zbx_parse_eventlog_message6() EventRecordID:25742 9284:20230712:142817.419 In expand_message6() 9284:20230712:142817.420 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142817.421 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.421 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25742 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142817.422 buffer: new element 14 9284:20230712:142817.422 End of process_value():SUCCEED 9284:20230712:142817.423 In zbx_parse_eventlog_message6() EventRecordID:25743 9284:20230712:142817.423 In expand_message6() 9284:20230712:142817.425 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142817.426 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.426 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25743 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142817.427 buffer: new element 15 9284:20230712:142817.427 End of process_value():SUCCEED 9284:20230712:142817.428 In zbx_parse_eventlog_message6() EventRecordID:25744 9284:20230712:142817.428 In expand_message6() 9284:20230712:142817.430 End of expand_message6():Service stopped. 9284:20230712:142817.430 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.431 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25744 value:'Service stopped.' 9284:20230712:142817.431 buffer: new element 16 9284:20230712:142817.432 End of process_value():SUCCEED 9284:20230712:142817.432 In zbx_parse_eventlog_message6() EventRecordID:25745 9284:20230712:142817.433 In expand_message6() 9284:20230712:142817.434 End of expand_message6():Connection to Microsoft Exchange has been lost. Outlook will restore the connection when possible. 9284:20230712:142817.435 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.435 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25745 value:'Connection to Microsoft Exchange has been lost. Outlook will restore the connection when possible.' 9284:20230712:142817.436 buffer: new element 17 9284:20230712:142817.436 End of process_value():SUCCEED 9284:20230712:142817.437 In zbx_parse_eventlog_message6() EventRecordID:25746 9284:20230712:142817.438 In expand_message6() 9284:20230712:142817.439 End of expand_message6():Connection to Microsoft Exchange has been restored. 9284:20230712:142817.440 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.440 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25746 value:'Connection to Microsoft Exchange has been restored.' 9284:20230712:142817.441 buffer: new element 18 9284:20230712:142817.441 End of process_value():SUCCEED 9284:20230712:142817.442 In zbx_parse_eventlog_message6() EventRecordID:25747 9284:20230712:142817.442 In expand_message6() 9284:20230712:142817.444 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142817.444 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.445 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25747 value:'Offline downlevel migration succeeded.' 9284:20230712:142817.445 buffer: new element 19 9284:20230712:142817.446 End of process_value():SUCCEED 9284:20230712:142817.446 In zbx_parse_eventlog_message6() EventRecordID:25748 9284:20230712:142817.447 In expand_message6() 9284:20230712:142817.449 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-12T08:14:47Z. Reason: RulesEngine. 9284:20230712:142817.449 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.450 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25748 value:'Successfully scheduled Software Protection service for re-start at 2122-08-12T08:14:47Z. Reason: RulesEngine.' 9284:20230712:142817.450 buffer: new element 20 9284:20230712:142817.451 End of process_value():SUCCEED 9284:20230712:142817.451 In zbx_parse_eventlog_message6() EventRecordID:25749 9284:20230712:142817.452 In expand_message6() 2184:20230712:142817.453 In collect_perfstat() 9284:20230712:142817.454 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142817.455 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.455 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25749 value:'Offline downlevel migration succeeded.' 9284:20230712:142817.456 buffer: new element 21 2184:20230712:142817.456 End of collect_perfstat() 9284:20230712:142817.457 End of process_value():SUCCEED 9284:20230712:142817.457 In zbx_parse_eventlog_message6() EventRecordID:25750 9284:20230712:142817.458 In expand_message6() 9284:20230712:142817.460 End of expand_message6():svchost (8124,P,98) DS_Token_DB: The database engine (10.00.19044.0000) is starting a new instance (0). 9284:20230712:142817.460 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.461 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25750 value:'svchost (8124,P,98) DS_Token_DB: The database engine (10.00.19044.0000) is starting a new instance (0).' 9284:20230712:142817.462 buffer: new element 22 9284:20230712:142817.462 End of process_value():SUCCEED 9284:20230712:142817.463 In zbx_parse_eventlog_message6() EventRecordID:25751 9284:20230712:142817.463 In expand_message6() 9284:20230712:142817.465 End of expand_message6():svchost (8124,R,98) DS_Token_DB: The database engine is initiating recovery steps. 9284:20230712:142817.465 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.466 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25751 value:'svchost (8124,R,98) DS_Token_DB: The database engine is initiating recovery steps.' 9284:20230712:142817.467 buffer: new element 23 9284:20230712:142817.467 End of process_value():SUCCEED 9284:20230712:142817.468 In zbx_parse_eventlog_message6() EventRecordID:25752 9284:20230712:142817.468 In expand_message6() 9284:20230712:142817.470 End of expand_message6():svchost (8124,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS0001F.log. Processing Stats: [1] 0.006793 -0.001300 (4) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:52754/37) +M(C:0K, Fs:76, WS:100K # 116K, PF:8K # 8K, P:8K). Log record of type 'ShutDown ' was seen most frequently (4 times) 9284:20230712:142817.470 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.471 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25752 value:'svchost (8124,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS0001F.log. Processing Stats: [1] 0.006793 -0.001300 (4) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:52754/37) +M(C:0K, Fs:76, WS:100K # 116K, PF:8K # 8K, P:8K). Log record of type 'ShutDown ' was seen most frequently (4 times)' 9284:20230712:142817.471 buffer: new element 24 9284:20230712:142817.472 End of process_value():SUCCEED 9284:20230712:142817.472 In zbx_parse_eventlog_message6() EventRecordID:25753 9284:20230712:142817.473 In expand_message6() 9284:20230712:142817.475 End of expand_message6():svchost (8124,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Processing Stats: [1] 0.012977 -0.001249 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:8112/6) +M(C:0K, Fs:46, WS:112K # 84K, PF:144K # 80K, P:144K). Log record of type 'AttachDB ' was seen most frequently (1 times) 9284:20230712:142817.475 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.476 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25753 value:'svchost (8124,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Processing Stats: [1] 0.012977 -0.001249 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:8112/6) +M(C:0K, Fs:46, WS:112K # 84K, PF:144K # 80K, P:144K). Log record of type 'AttachDB ' was seen most frequently (1 times)' 9284:20230712:142817.476 buffer: new element 25 9284:20230712:142817.477 End of process_value():SUCCEED 9284:20230712:142817.477 In zbx_parse_eventlog_message6() EventRecordID:25754 9284:20230712:142817.478 In expand_message6() 9284:20230712:142817.479 End of expand_message6():svchost (8124,U,98) DS_Token_DB: The database engine has successfully completed recovery steps. 9284:20230712:142817.480 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.480 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25754 value:'svchost (8124,U,98) DS_Token_DB: The database engine has successfully completed recovery steps.' 9284:20230712:142817.481 buffer: new element 26 9284:20230712:142817.482 End of process_value():SUCCEED 9284:20230712:142817.482 In zbx_parse_eventlog_message6() EventRecordID:25755 9284:20230712:142817.483 In expand_message6() 9284:20230712:142817.484 End of expand_message6():svchost (8124,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 0000001F:0001:0000 - 0000001F:000E:0000 - 00000020:0003:0000 - 00000020:0003:0000 (00000000:0000:0000) cReInits = 4 Internal Timing Sequence: [1] 0.001005 +J(0) +M(C:0K, Fs:162, WS:628K # 628K, PF:3608K # 3608K, P:3608K) [2] 0.000464 +J(0) +M(C:8K, Fs:227, WS:904K # 904K, PF:368K # 368K, P:368K) [3] 0.000023 +J(0) +M(C:0K, Fs:4, WS:12K # 12K, PF:68K # 68K, P:68K) [4] 0.000151 +J(0) +M(C:0K, Fs:32, WS:128K # 128K, PF:164K # 164K, P:164K) [5] 0.002854 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K) [6] 0.005877 +J(0) +M(C:0K, Fs:27, WS:108K # 108K, PF:16K # 16K, P:16K) [7] 0.004311 -0.000491 (2) WT +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:64K # 64K, P:64K) [8] 0.021349 -0.001965 (8) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:52754/37) +M(C:0K, Fs:139, WS:268K # 336K, PF:112K # 180K, P:112K) [9] 0.022988 -0.001966 (10) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:8112/6) +M(C:0K, Fs:59, WS:160K # 92K, PF:144K # 80K, P:144K) + 1 lgens [10] 0.001330 -0.000460 (1) WT +J(0) +M(C:0K, Fs:14, WS:-8K # 0K, PF:8K # 4K, P:8K) [11] 0.000020 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [12] 0.001550 -0.000205 (1) WT +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.034939 -0.000507 (2) CM -0.004319 (23) WT +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:52, WS:88K # 152K, PF:164K # 232K, P:164K) [14] 0.000027 +J(0) [15] 0.000014 +J(0) [16] 0.000956 -0.000094 (1) WT +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K). 9284:20230712:142817.485 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.485 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25755 value:'svchost (8124,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 0000001F:0001:0000 - 0000001F:000E:0000 - 00000020:0003:0000 - 00000020:0003:0000 (00000000:0000:0000) cReInits = 4 Internal Timing Sequence: [1] 0.001005 +J(0) +M(C:0K, Fs:162, WS:628K # 628K, PF:3608K # 3608K, P:3608K) [2] 0.000464 +J(0) +M(C:8K, Fs:227, WS:904K # 904K, PF:368K # 368K, P:368K) [3] 0.000023 +J(0) +M(C:0K, Fs:4, WS:12K # 12K, PF:68K # 68K, P:68K) [4] 0.000151 +J(0) +M(C:0K, Fs:32, WS:128K # 128K, PF:164K # 164K, P:164K) [5] 0.002854 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K) [6] 0.005877 +J(0) +M(C:0K, Fs:27, WS:108K # 108K, PF:16K # 16K, P:16K) [7] 0.004311 -0.000491 (2) WT +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:64K # 64K, P:64K) [8] 0.021349 -0.001965 (8) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:52754/37) +M(C:0K, Fs:139, WS:268K # 336K, PF:112K # 180K, P:112K) [9] 0.022988 -0.001966 (10) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:8112/6) +M(C:0K, Fs:59, WS:160K # 92K, PF:144K # 80K, P:144K) + 1 lgens [10] 0.001330 -0.000460 (1) WT +J(0) +M(C:0K, Fs:14, WS:-8K # 0K, PF:8K # 4K, P:8K) [11] 0.000020 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [12] 0.001550 -0.000205 (1) WT +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.034939 -0.000507 (2) CM -0.004319 (23) WT +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:52, WS:88K # 152K, PF:164K # 232K, P:164K) [14] 0.000027 +J(0) [15] 0.000014 +J(0) [16] 0.000956 -0.000094 (1) WT +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).' 9284:20230712:142817.486 buffer: new element 27 9284:20230712:142817.486 End of process_value():SUCCEED 9284:20230712:142817.487 In zbx_parse_eventlog_message6() EventRecordID:25756 9284:20230712:142817.487 In expand_message6() 9284:20230712:142817.489 End of expand_message6():svchost (8124,D,50) DS_Token_DB: The database engine attached a database (1, C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000020:0005:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000005 +J(0) [2] 0.001429 -0.000345 (1) WT +J(0) +M(C:0K, Fs:17, WS:4K # 8K, PF:4K # 0K, P:4K) [3] 0.011108 -0.001608 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:11, WS:40K # 0K, PF:36K # 0K, P:36K) [4] 0.002358 +J(0) [5] - [6] - [7] - [8] 0.000492 -0.000344 (2) CM -0.000249 (2) WT +J(CM:2, PgRf:2, Rd:4/2, Dy:0/0, Lg:54/1) +M(C:8K, Fs:5, WS:20K # 0K, PF:28K # 0K, P:28K) [9] 0.001003 -0.000755 (3) CM -0.000632 (3) WT +J(CM:3, PgRf:23, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:28, WS:104K # 100K, PF:196K # 204K, P:196K) [10] 0.000424 -0.000311 (2) CM -0.000236 (2) WT +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:64K # 56K, P:64K) [11] 0.000018 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000065 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [13] 0.000001 +J(0) [14] 0.0 +J(0) [15] 0.000007 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0). 9284:20230712:142817.490 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.490 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25756 value:'svchost (8124,D,50) DS_Token_DB: The database engine attached a database (1, C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000020:0005:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000005 +J(0) [2] 0.001429 -0.000345 (1) WT +J(0) +M(C:0K, Fs:17, WS:4K # 8K, PF:4K # 0K, P:4K) [3] 0.011108 -0.001608 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:11, WS:40K # 0K, PF:36K # 0K, P:36K) [4] 0.002358 +J(0) [5] - [6] - [7] - [8] 0.000492 -0.000344 (2) CM -0.000249 (2) WT +J(CM:2, PgRf:2, Rd:4/2, Dy:0/0, Lg:54/1) +M(C:8K, Fs:5, WS:20K # 0K, PF:28K # 0K, P:28K) [9] 0.001003 -0.000755 (3) CM -0.000632 (3) WT +J(CM:3, PgRf:23, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:28, WS:104K # 100K, PF:196K # 204K, P:196K) [10] 0.000424 -0.000311 (2) CM -0.000236 (2) WT +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:64K # 56K, P:64K) [11] 0.000018 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000065 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [13] 0.000001 +J(0) [14] 0.0 +J(0) [15] 0.000007 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).' 9284:20230712:142817.491 buffer: new element 28 9284:20230712:142817.491 End of process_value():SUCCEED 9284:20230712:142817.492 In zbx_parse_eventlog_message6() EventRecordID:25757 9284:20230712:142817.492 In expand_message6() 9284:20230712:142817.494 End of expand_message6():Starting session 1 - ‎2022‎-‎09‎-‎05T08:32:28.001590700Z. 9284:20230712:142817.495 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.495 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25757 value:'Starting session 1 - ‎2022‎-‎09‎-‎05T08:32:28.001590700Z.' 9284:20230712:142817.496 buffer: new element 29 9284:20230712:142817.496 End of process_value():SUCCEED 9284:20230712:142817.497 In zbx_parse_eventlog_message6() EventRecordID:25758 9284:20230712:142817.497 In expand_message6() 9284:20230712:142817.499 End of expand_message6():Shutting down application or service 'Microsoft Outlook'. 9284:20230712:142817.500 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.500 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25758 value:'Shutting down application or service 'Microsoft Outlook'.' 9284:20230712:142817.501 buffer: new element 30 9284:20230712:142817.501 End of process_value():SUCCEED 9284:20230712:142817.502 In zbx_parse_eventlog_message6() EventRecordID:25759 9284:20230712:142817.502 In expand_message6() 9284:20230712:142817.504 End of expand_message6():Starting session 1 - ‎2022‎-‎09‎-‎05T08:32:44.995910700Z. 9284:20230712:142817.505 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.505 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25759 value:'Starting session 1 - ‎2022‎-‎09‎-‎05T08:32:44.995910700Z.' 9284:20230712:142817.506 buffer: new element 31 9284:20230712:142817.506 End of process_value():SUCCEED 9284:20230712:142817.507 In zbx_parse_eventlog_message6() EventRecordID:25760 9284:20230712:142817.508 In expand_message6() 9284:20230712:142817.509 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-12T08:32:56Z. Reason: RulesEngine. 9284:20230712:142817.510 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.510 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25760 value:'Successfully scheduled Software Protection service for re-start at 2122-08-12T08:32:56Z. Reason: RulesEngine.' 9284:20230712:142817.511 buffer: new element 32 9284:20230712:142817.511 End of process_value():SUCCEED 9284:20230712:142817.512 In zbx_parse_eventlog_message6() EventRecordID:25761 9284:20230712:142817.512 In expand_message6() 9284:20230712:142817.514 End of expand_message6():Machine restart is required. 9284:20230712:142817.514 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.515 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25761 value:'Machine restart is required.' 9284:20230712:142817.516 buffer: new element 33 9284:20230712:142817.516 End of process_value():SUCCEED 9284:20230712:142817.517 In zbx_parse_eventlog_message6() EventRecordID:25762 9284:20230712:142817.517 In expand_message6() 9284:20230712:142817.519 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142817.519 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.520 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25762 value:'Offline downlevel migration succeeded.' 9284:20230712:142817.520 buffer: new element 34 9284:20230712:142817.521 End of process_value():SUCCEED 9284:20230712:142817.521 In zbx_parse_eventlog_message6() EventRecordID:25763 9284:20230712:142817.522 In expand_message6() 9284:20230712:142817.523 End of expand_message6():The Software Protection service has successfully installed the license. License Title=XrML 2.1 License - Product Key Configuration License Id=6040a6e7-445d-4609-b6c4-8a66b709cb54 9284:20230712:142817.524 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.525 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25763 value:'The Software Protection service has successfully installed the license. License Title=XrML 2.1 License - Product Key Configuration License Id=6040a6e7-445d-4609-b6c4-8a66b709cb54' 9284:20230712:142817.525 buffer: new element 35 9284:20230712:142817.526 End of process_value():SUCCEED 9284:20230712:142817.526 In zbx_parse_eventlog_message6() EventRecordID:25764 9284:20230712:142817.527 In expand_message6() 9284:20230712:142817.528 End of expand_message6():The Software Protection service has successfully installed the license. License Title=XrML 2.1 License - Product Key Configuration License Id=dc6454b3-ceba-4e40-b6cc-26afb8fe8fa6 9284:20230712:142817.529 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.529 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25764 value:'The Software Protection service has successfully installed the license. License Title=XrML 2.1 License - Product Key Configuration License Id=dc6454b3-ceba-4e40-b6cc-26afb8fe8fa6' 9284:20230712:142817.530 buffer: new element 36 9284:20230712:142817.530 End of process_value():SUCCEED 9284:20230712:142817.531 In zbx_parse_eventlog_message6() EventRecordID:25765 9284:20230712:142817.532 In expand_message6() 9284:20230712:142817.533 End of expand_message6():The Software Protection service has successfully installed the license. License Title=client-issuance-root Issuance License License Id=7cbeb41c-1778-47f2-aa36-51a5a618f716 9284:20230712:142817.534 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.534 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25765 value:'The Software Protection service has successfully installed the license. License Title=client-issuance-root Issuance License License Id=7cbeb41c-1778-47f2-aa36-51a5a618f716' 9284:20230712:142817.535 buffer: new element 37 9284:20230712:142817.535 End of process_value():SUCCEED 9284:20230712:142817.536 In zbx_parse_eventlog_message6() EventRecordID:25766 9284:20230712:142817.536 In expand_message6() 9284:20230712:142817.538 End of expand_message6():The Software Protection service has successfully installed the license. License Title=client-issuance-stil Issuance License License Id=285583cd-fc43-4806-ace6-d247b7edd434 9284:20230712:142817.539 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.539 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25766 value:'The Software Protection service has successfully installed the license. License Title=client-issuance-stil Issuance License License Id=285583cd-fc43-4806-ace6-d247b7edd434' 9284:20230712:142817.540 buffer: new element 38 9284:20230712:142817.540 End of process_value():SUCCEED 9284:20230712:142817.541 In zbx_parse_eventlog_message6() EventRecordID:25767 9284:20230712:142817.541 In expand_message6() 9284:20230712:142817.543 End of expand_message6():The Software Protection service has successfully installed the license. License Title=client-issuance-ul Issuance License License Id=ce939c0e-53f7-4011-a286-78b6975fa5f0 9284:20230712:142817.543 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.544 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25767 value:'The Software Protection service has successfully installed the license. License Title=client-issuance-ul Issuance License License Id=ce939c0e-53f7-4011-a286-78b6975fa5f0' 9284:20230712:142817.544 buffer: new element 39 9284:20230712:142817.545 End of process_value():SUCCEED 9284:20230712:142817.545 In zbx_parse_eventlog_message6() EventRecordID:25768 9284:20230712:142817.546 In expand_message6() 9284:20230712:142817.547 End of expand_message6():The Software Protection service has successfully installed the license. License Title=client-issuance-ul-oob Issuance License License Id=7209e8e3-cce2-49dd-8f6e-2cc8a611f202 9284:20230712:142817.548 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.549 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25768 value:'The Software Protection service has successfully installed the license. License Title=client-issuance-ul-oob Issuance License License Id=7209e8e3-cce2-49dd-8f6e-2cc8a611f202' 9284:20230712:142817.549 buffer: new element 40 9284:20230712:142817.550 End of process_value():SUCCEED 9284:20230712:142817.550 In zbx_parse_eventlog_message6() EventRecordID:25769 9284:20230712:142817.551 In expand_message6() 9284:20230712:142817.552 End of expand_message6():The Software Protection service has successfully installed the license. License Title=client-issuance-root-bridge-test Issuance License License Id=7256a55f-e989-4e06-b2c2-c527f49e4527 9284:20230712:142817.553 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.553 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25769 value:'The Software Protection service has successfully installed the license. License Title=client-issuance-root-bridge-test Issuance License License Id=7256a55f-e989-4e06-b2c2-c527f49e4527' 9284:20230712:142817.554 buffer: new element 41 9284:20230712:142817.555 End of process_value():SUCCEED 9284:20230712:142817.555 In zbx_parse_eventlog_message6() EventRecordID:25770 9284:20230712:142817.556 In expand_message6() 9284:20230712:142817.557 End of expand_message6():The Software Protection service has successfully installed the license. License Title=client-issuance-bridge-office Issuance License License Id=4d4a5396-01a7-4ae5-9973-b53bb1af5c30 9284:20230712:142817.558 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.558 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25770 value:'The Software Protection service has successfully installed the license. License Title=client-issuance-bridge-office Issuance License License Id=4d4a5396-01a7-4ae5-9973-b53bb1af5c30' 9284:20230712:142817.559 buffer: new element 42 9284:20230712:142817.559 End of process_value():SUCCEED 9284:20230712:142817.560 In zbx_parse_eventlog_message6() EventRecordID:25771 9284:20230712:142817.561 In expand_message6() 9284:20230712:142817.562 End of expand_message6():The Software Protection service has successfully installed the license. License Title=Office 16 UL oob License (Public) License Id=0bfb7ef4-f34f-4e69-8a09-4ea0f61a6469 9284:20230712:142817.563 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.563 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25771 value:'The Software Protection service has successfully installed the license. License Title=Office 16 UL oob License (Public) License Id=0bfb7ef4-f34f-4e69-8a09-4ea0f61a6469' 9284:20230712:142817.564 buffer: new element 43 9284:20230712:142817.564 End of process_value():SUCCEED 9284:20230712:142817.565 In zbx_parse_eventlog_message6() EventRecordID:25772 9284:20230712:142817.565 In expand_message6() 9284:20230712:142817.567 End of expand_message6():The Software Protection service has successfully installed the license. License Title=Office 16 UL oob License (Private) License Id=af783f5d-958c-4fa6-97c0-cf61e468df20 9284:20230712:142817.567 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.568 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25772 value:'The Software Protection service has successfully installed the license. License Title=Office 16 UL oob License (Private) License Id=af783f5d-958c-4fa6-97c0-cf61e468df20' 9284:20230712:142817.568 buffer: new element 44 9284:20230712:142817.569 End of process_value():SUCCEED 9284:20230712:142817.569 In zbx_parse_eventlog_message6() EventRecordID:25773 9284:20230712:142817.570 In expand_message6() 9284:20230712:142817.572 End of expand_message6():The Software Protection service has successfully installed the license. License Title=Office81D507D6-E729-436D-AD4D-FED2CBE4E566 PPD License License Id=0e410b44-aa81-ad65-8de9-6485dbc3b18c 9284:20230712:142817.572 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.573 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25773 value:'The Software Protection service has successfully installed the license. License Title=Office81D507D6-E729-436D-AD4D-FED2CBE4E566 PPD License License Id=0e410b44-aa81-ad65-8de9-6485dbc3b18c' 9284:20230712:142817.573 buffer: new element 45 9284:20230712:142817.574 End of process_value():SUCCEED 9284:20230712:142817.574 In zbx_parse_eventlog_message6() EventRecordID:25774 9284:20230712:142817.575 In expand_message6() 9284:20230712:142817.576 End of expand_message6():The Software Protection service has successfully installed the license. License Title=Office 16 UL oob License (Public) License Id=794537c9-33e8-42e0-9df5-334a7edb532a 9284:20230712:142817.577 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.577 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25774 value:'The Software Protection service has successfully installed the license. License Title=Office 16 UL oob License (Public) License Id=794537c9-33e8-42e0-9df5-334a7edb532a' 9284:20230712:142817.578 buffer: new element 46 9284:20230712:142817.578 End of process_value():SUCCEED 9284:20230712:142817.579 In zbx_parse_eventlog_message6() EventRecordID:25775 9284:20230712:142817.579 In expand_message6() 9284:20230712:142817.581 End of expand_message6():The Software Protection service has successfully installed the license. License Title=Office 16 UL oob License (Private) License Id=ab26a1d0-ac45-4447-8bfc-64467f8abb6b 9284:20230712:142817.581 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.582 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25775 value:'The Software Protection service has successfully installed the license. License Title=Office 16 UL oob License (Private) License Id=ab26a1d0-ac45-4447-8bfc-64467f8abb6b' 9284:20230712:142817.582 buffer: new element 47 9284:20230712:142817.583 End of process_value():SUCCEED 9284:20230712:142817.583 In zbx_parse_eventlog_message6() EventRecordID:25776 9284:20230712:142817.584 In expand_message6() 9284:20230712:142817.585 End of expand_message6():The Software Protection service has successfully installed the license. License Title=Office3D0631E3-1091-416D-92A5-42F84A86D868 PPD License License Id=ddf281cd-76a6-6bed-2e70-70f9ce399a43 9284:20230712:142817.586 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.586 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25776 value:'The Software Protection service has successfully installed the license. License Title=Office3D0631E3-1091-416D-92A5-42F84A86D868 PPD License License Id=ddf281cd-76a6-6bed-2e70-70f9ce399a43' 9284:20230712:142817.587 buffer: new element 48 9284:20230712:142817.587 End of process_value():SUCCEED 9284:20230712:142817.588 In zbx_parse_eventlog_message6() EventRecordID:25777 9284:20230712:142817.588 In expand_message6() 9284:20230712:142817.590 End of expand_message6():The Software Protection service has successfully installed the license. License Title=Office 16 Publishing License (Public) License Id=46fe6032-3ccf-4a6f-a48a-bd0d02a36409 9284:20230712:142817.590 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142817.591 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25777 value:'The Software Protection service has successfully installed the license. License Title=Office 16 Publishing License (Public) License Id=46fe6032-3ccf-4a6f-a48a-bd0d02a36409' 9284:20230712:142817.591 buffer: new element 49 9284:20230712:142817.592 In send_buffer() host:'192.168.56.201' port:10051 entries:50/100 9284:20230712:142817.592 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:60, connection timeout:3] 9284:20230712:142817.593 JSON before sending [{"request":"agent data","session":"4027be861358abcc6136983f1f36335c","data":[{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.","lastlogsize":25728,"timestamp":1662358696,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":751,"clock":1689161297,"ns":357025800},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.","lastlogsize":25729,"timestamp":1662358696,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":752,"clock":1689161297,"ns":362052100},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.","lastlogsize":25730,"timestamp":1662358696,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":753,"clock":1689161297,"ns":366737700},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.","lastlogsize":25731,"timestamp":1662358696,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":754,"clock":1689161297,"ns":371145400},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 1 - ‎2022‎-‎09‎-‎05T06:18:17.435675300Z.","lastlogsize":25732,"timestamp":1662358697,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":755,"clock":1689161297,"ns":375871900},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 0 - ‎2022‎-‎09‎-‎05T06:18:19.151481900Z.","lastlogsize":25733,"timestamp":1662358699,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":756,"clock":1689161297,"ns":380606400},{"host":"Windows host","key":"eventlog[Application]","value":"Application 'C:\\Program Files\\Microsoft Office\\root\\Office16\\OUTLOOK.EXE' (pid 12520) cannot be restarted - Application SID does not match Conductor SID..","lastlogsize":25734,"timestamp":1662358699,"source":"Microsoft-Windows-RestartManager","severity":2,"eventid":10010,"id":757,"clock":1689161297,"ns":385104200},{"host":"Windows host","key":"eventlog[Application]","value":"Machine restart is required.","lastlogsize":25735,"timestamp":1662358699,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10005,"id":758,"clock":1689161297,"ns":389523300},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25736,"timestamp":1662358763,"source":"SecurityCenter","severity":1,"eventid":15,"id":759,"clock":1689161297,"ns":393885100},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-12T06:19:54Z. Reason: RulesEngine.","lastlogsize":25737,"timestamp":1662358794,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":760,"clock":1689161297,"ns":398513600},{"host":"Windows host","key":"eventlog[Application]","value":"The Open procedure for service \"ASP.NET\" in DLL \"C:\\Windows\\System32\\aspnet_counters.dll\" failed with error code The parameter is incorrect.. Performance data for this service will not be available.","lastlogsize":25738,"timestamp":1662358798,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":1008,"id":761,"clock":1689161297,"ns":403251500},{"host":"Windows host","key":"eventlog[Application]","value":"The Open procedure for service \"ASP.NET_4.0.30319\" in DLL \"C:\\Windows\\System32\\aspnet_counters.dll\" failed with error code The parameter is incorrect.. Performance data for this service will not be available.","lastlogsize":25739,"timestamp":1662358798,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":1008,"id":762,"clock":1689161297,"ns":408105100},{"host":"Windows host","key":"eventlog[Application]","value":"The Open procedure for service \"aspnet_state\" in DLL \"C:\\Windows\\System32\\aspnet_counters.dll\" failed with error code The parameter is incorrect.. Performance data for this service will not be available.","lastlogsize":25740,"timestamp":1662358798,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":1008,"id":763,"clock":1689161297,"ns":412891700},{"host":"Windows host","key":"eventlog[Application]","value":"The configuration information of the performance library \"C:\\Windows\\System32\\perfts.dll\" for the \"TermService\" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.","lastlogsize":25741,"timestamp":1662358799,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":2003,"id":764,"clock":1689161297,"ns":417664500},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25742,"timestamp":1662358838,"source":"SecurityCenter","severity":1,"eventid":15,"id":765,"clock":1689161297,"ns":422478000},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25743,"timestamp":1662358840,"source":"SecurityCenter","severity":1,"eventid":15,"id":766,"clock":1689161297,"ns":427187000},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped.","lastlogsize":25744,"timestamp":1662358872,"source":"edgeupdate","severity":1,"id":767,"clock":1689161297,"ns":432057500},{"host":"Windows host","key":"eventlog[Application]","value":"Connection to Microsoft Exchange has been lost. Outlook will restore the connection when possible.","lastlogsize":25745,"timestamp":1662360245,"source":"Outlook","severity":1,"eventid":26,"id":768,"clock":1689161297,"ns":436505200},{"host":"Windows host","key":"eventlog[Application]","value":"Connection to Microsoft Exchange has been restored.","lastlogsize":25746,"timestamp":1662360386,"source":"Outlook","severity":1,"eventid":26,"id":769,"clock":1689161297,"ns":441209200},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25747,"timestamp":1662365657,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":770,"clock":1689161297,"ns":445956600},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-12T08:14:47Z. Reason: RulesEngine.","lastlogsize":25748,"timestamp":1662365687,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":771,"clock":1689161297,"ns":450806000},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25749,"timestamp":1662366747,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":772,"clock":1689161297,"ns":456314400},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (8124,P,98) DS_Token_DB: The database engine (10.00.19044.0000) is starting a new instance (0).","lastlogsize":25750,"timestamp":1662366748,"source":"ESENT","severity":1,"eventid":102,"id":773,"clock":1689161297,"ns":462168500},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (8124,R,98) DS_Token_DB: The database engine is initiating recovery steps.","lastlogsize":25751,"timestamp":1662366748,"source":"ESENT","severity":1,"eventid":300,"id":774,"clock":1689161297,"ns":467231100},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (8124,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\\WINDOWS\\system32\\config\\systemprofile\\AppData\\Local\\DataSharing\\Storage\\DSS0001F.log. \r\n \r\nProcessing Stats: \n[1] 0.006793 -0.001300 (4) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:52754/37) +M(C:0K, Fs:76, WS:100K # 116K, PF:8K # 8K, P:8K). \r\nLog record of type 'ShutDown ' was seen most frequently (4 times)","lastlogsize":25752,"timestamp":1662366748,"source":"ESENT","severity":1,"eventid":301,"id":775,"clock":1689161297,"ns":471998000},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (8124,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\\WINDOWS\\system32\\config\\systemprofile\\AppData\\Local\\DataSharing\\Storage\\DSS.log. \r\n \r\nProcessing Stats: \n[1] 0.012977 -0.001249 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:8112/6) +M(C:0K, Fs:46, WS:112K # 84K, PF:144K # 80K, P:144K). \r\nLog record of type 'AttachDB ' was seen most frequently (1 times)","lastlogsize":25753,"timestamp":1662366748,"source":"ESENT","severity":1,"eventid":301,"id":776,"clock":1689161297,"ns":476857900},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (8124,U,98) DS_Token_DB: The database engine has successfully completed recovery steps.","lastlogsize":25754,"timestamp":1662366748,"source":"ESENT","severity":1,"eventid":302,"id":777,"clock":1689161297,"ns":481581600},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (8124,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) \r\n \r\nAdditional Data:\r\n lgposV2[] = 0000001F:0001:0000 - 0000001F:000E:0000 - 00000020:0003:0000 - 00000020:0003:0000 (00000000:0000:0000)\ncReInits = 4\n \r\n \r\nInternal Timing Sequence: \n[1] 0.001005 +J(0) +M(C:0K, Fs:162, WS:628K # 628K, PF:3608K # 3608K, P:3608K)\n[2] 0.000464 +J(0) +M(C:8K, Fs:227, WS:904K # 904K, PF:368K # 368K, P:368K)\n[3] 0.000023 +J(0) +M(C:0K, Fs:4, WS:12K # 12K, PF:68K # 68K, P:68K)\n[4] 0.000151 +J(0) +M(C:0K, Fs:32, WS:128K # 128K, PF:164K # 164K, P:164K)\n[5] 0.002854 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K)\n[6] 0.005877 +J(0) +M(C:0K, Fs:27, WS:108K # 108K, PF:16K # 16K, P:16K)\n[7] 0.004311 -0.000491 (2) WT +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:64K # 64K, P:64K)\n[8] 0.021349 -0.001965 (8) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:52754/37) +M(C:0K, Fs:139, WS:268K # 336K, PF:112K # 180K, P:112K)\n[9] 0.022988 -0.001966 (10) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:8112/6) +M(C:0K, Fs:59, WS:160K # 92K, PF:144K # 80K, P:144K) + 1 lgens\n[10] 0.001330 -0.000460 (1) WT +J(0) +M(C:0K, Fs:14, WS:-8K # 0K, PF:8K # 4K, P:8K)\n[11] 0.000020 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[12] 0.001550 -0.000205 (1) WT +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[13] 0.034939 -0.000507 (2) CM -0.004319 (23) WT +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:52, WS:88K # 152K, PF:164K # 232K, P:164K)\n[14] 0.000027 +J(0)\n[15] 0.000014 +J(0)\n[16] 0.000956 -0.000094 (1) WT +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).","lastlogsize":25755,"timestamp":1662366748,"source":"ESENT","severity":1,"eventid":105,"id":778,"clock":1689161297,"ns":486419900},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (8124,D,50) DS_Token_DB: The database engine attached a database (1, C:\\WINDOWS\\system32\\config\\systemprofile\\AppData\\Local\\DataSharing\\Storage\\DSTokenDB2.dat). (Time=0 seconds) \r\n \r\nSaved Cache: 1 0 \r\nAdditional Data: lgposAttach = 00000020:0005:0268,\ndbv = 1568.110.240 \r\n \r\nInternal Timing Sequence: \n[1] 0.000005 +J(0)\n[2] 0.001429 -0.000345 (1) WT +J(0) +M(C:0K, Fs:17, WS:4K # 8K, PF:4K # 0K, P:4K)\n[3] 0.011108 -0.001608 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:11, WS:40K # 0K, PF:36K # 0K, P:36K)\n[4] 0.002358 +J(0)\n[5] -\n[6] -\n[7] -\n[8] 0.000492 -0.000344 (2) CM -0.000249 (2) WT +J(CM:2, PgRf:2, Rd:4/2, Dy:0/0, Lg:54/1) +M(C:8K, Fs:5, WS:20K # 0K, PF:28K # 0K, P:28K)\n[9] 0.001003 -0.000755 (3) CM -0.000632 (3) WT +J(CM:3, PgRf:23, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:28, WS:104K # 100K, PF:196K # 204K, P:196K)\n[10] 0.000424 -0.000311 (2) CM -0.000236 (2) WT +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:64K # 56K, P:64K)\n[11] 0.000018 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K)\n[12] 0.000065 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K)\n[13] 0.000001 +J(0)\n[14] 0.0 +J(0)\n[15] 0.000007 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).","lastlogsize":25756,"timestamp":1662366748,"source":"ESENT","severity":1,"eventid":326,"id":779,"clock":1689161297,"ns":491197700},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 1 - ‎2022‎-‎09‎-‎05T08:32:28.001590700Z.","lastlogsize":25757,"timestamp":1662366748,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":780,"clock":1689161297,"ns":496355500},{"host":"Windows host","key":"eventlog[Application]","value":"Shutting down application or service 'Microsoft Outlook'.","lastlogsize":25758,"timestamp":1662366750,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10002,"id":781,"clock":1689161297,"ns":501307100},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 1 - ‎2022‎-‎09‎-‎05T08:32:44.995910700Z.","lastlogsize":25759,"timestamp":1662366764,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":782,"clock":1689161297,"ns":506488800},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-12T08:32:56Z. Reason: RulesEngine.","lastlogsize":25760,"timestamp":1662366776,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":783,"clock":1689161297,"ns":511339200},{"host":"Windows host","key":"eventlog[Application]","value":"Machine restart is required.","lastlogsize":25761,"timestamp":1662366790,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10005,"id":784,"clock":1689161297,"ns":516193000},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25762,"timestamp":1662366793,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":785,"clock":1689161297,"ns":520888100},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=XrML 2.1 License - Product Key Configuration\r\nLicense Id=6040a6e7-445d-4609-b6c4-8a66b709cb54","lastlogsize":25763,"timestamp":1662366794,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":786,"clock":1689161297,"ns":525635600},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=XrML 2.1 License - Product Key Configuration\r\nLicense Id=dc6454b3-ceba-4e40-b6cc-26afb8fe8fa6","lastlogsize":25764,"timestamp":1662366794,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":787,"clock":1689161297,"ns":530543700},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=client-issuance-root Issuance License\r\nLicense Id=7cbeb41c-1778-47f2-aa36-51a5a618f716","lastlogsize":25765,"timestamp":1662366794,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":788,"clock":1689161297,"ns":535341000},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=client-issuance-stil Issuance License\r\nLicense Id=285583cd-fc43-4806-ace6-d247b7edd434","lastlogsize":25766,"timestamp":1662366794,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":789,"clock":1689161297,"ns":540130300},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=client-issuance-ul Issuance License\r\nLicense Id=ce939c0e-53f7-4011-a286-78b6975fa5f0","lastlogsize":25767,"timestamp":1662366794,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":790,"clock":1689161297,"ns":544845200},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=client-issuance-ul-oob Issuance License\r\nLicense Id=7209e8e3-cce2-49dd-8f6e-2cc8a611f202","lastlogsize":25768,"timestamp":1662366794,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":791,"clock":1689161297,"ns":549641800},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=client-issuance-root-bridge-test Issuance License\r\nLicense Id=7256a55f-e989-4e06-b2c2-c527f49e4527","lastlogsize":25769,"timestamp":1662366794,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":792,"clock":1689161297,"ns":554571000},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=client-issuance-bridge-office Issuance License\r\nLicense Id=4d4a5396-01a7-4ae5-9973-b53bb1af5c30","lastlogsize":25770,"timestamp":1662366794,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":793,"clock":1689161297,"ns":559541000},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=Office 16 UL oob License (Public)\r\nLicense Id=0bfb7ef4-f34f-4e69-8a09-4ea0f61a6469","lastlogsize":25771,"timestamp":1662366794,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":794,"clock":1689161297,"ns":564321000},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=Office 16 UL oob License (Private)\r\nLicense Id=af783f5d-958c-4fa6-97c0-cf61e468df20","lastlogsize":25772,"timestamp":1662366794,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":795,"clock":1689161297,"ns":569007500},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=Office81D507D6-E729-436D-AD4D-FED2CBE4E566 PPD License\r\nLicense Id=0e410b44-aa81-ad65-8de9-6485dbc3b18c","lastlogsize":25773,"timestamp":1662366794,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":796,"clock":1689161297,"ns":573779100},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=Office 16 UL oob License (Public)\r\nLicense Id=794537c9-33e8-42e0-9df5-334a7edb532a","lastlogsize":25774,"timestamp":1662366795,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":797,"clock":1689161297,"ns":578275000},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=Office 16 UL oob License (Private)\r\nLicense Id=ab26a1d0-ac45-4447-8bfc-64467f8abb6b","lastlogsize":25775,"timestamp":1662366795,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":798,"clock":1689161297,"ns":582730500},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=Office3D0631E3-1091-416D-92A5-42F84A86D868 PPD License\r\nLicense Id=ddf281cd-76a6-6bed-2e70-70f9ce399a43","lastlogsize":25776,"timestamp":1662366795,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":799,"clock":1689161297,"ns":587194100},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=Office 16 Publishing License (Public)\r\nLicense Id=46fe6032-3ccf-4a6f-a48a-bd0d02a36409","lastlogsize":25777,"timestamp":1662366795,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":800,"clock":1689161297,"ns":591640600}],"clock":1689161297,"ns":593254300}] 9284:20230712:142817.597 JSON back [{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.001971"}] 9284:20230712:142817.598 In check_response() response:'{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.001971"}' 9284:20230712:142817.598 info from server: 'processed: 50; failed: 0; total: 50; seconds spent: 0.001971' 9284:20230712:142817.599 End of check_response():SUCCEED 9284:20230712:142817.599 OK 9284:20230712:142817.600 End of send_buffer():SUCCEED 9284:20230712:142817.600 End of process_value():SUCCEED 9284:20230712:142817.601 End of process_eventslog6():SUCCEED last eventid:1004 9284:20230712:142817.601 In finalize_eventlog6() 9284:20230712:142817.602 End of finalize_eventlog6():SUCCEED 9284:20230712:142817.603 In need_meta_update() key:eventlog[Application] 9284:20230712:142817.603 End of need_meta_update():FAIL 9284:20230712:142817.604 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142817.604 End of send_buffer():SUCCEED 9284:20230712:142817.605 End of process_active_checks() 9284:20230712:142817.606 In get_min_nextcheck() 9284:20230712:142817.606 End of get_min_nextcheck():1689161307 9284:20230712:142817.607 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142817.607 End of send_buffer():SUCCEED 19844:20230712:142817.621 Requested [agent.ping] 19844:20230712:142817.621 Sending back [1] 2184:20230712:142818.458 In collect_perfstat() 2184:20230712:142818.461 End of collect_perfstat() 9284:20230712:142818.609 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142818.609 End of send_buffer():SUCCEED 9284:20230712:142818.610 In refresh_active_checks() host:'192.168.56.201' port:10051 9284:20230712:142818.615 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:3, connection timeout:3] 9284:20230712:142818.616 sending [{"request":"active checks","host":"Windows host","host_metadata":"Q21 Ver. 02.09.01","config_revision":919,"session":"4027be861358abcc6136983f1f36335c"}] 9284:20230712:142818.617 before read 9284:20230712:142818.618 got [{"response":"success"}] 9284:20230712:142818.618 In parse_list_of_checks() 9284:20230712:142818.619 End of parse_list_of_checks():SUCCEED 9284:20230712:142818.620 End of refresh_active_checks():SUCCEED 9284:20230712:142818.620 In process_active_checks() server:'192.168.56.201' port:10051 9284:20230712:142818.621 End of process_active_checks() 9284:20230712:142818.622 In get_min_nextcheck() 9284:20230712:142818.622 End of get_min_nextcheck():1689161307 2184:20230712:142819.464 In collect_perfstat() 2184:20230712:142819.467 End of collect_perfstat() 9284:20230712:142819.624 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142819.625 End of send_buffer():SUCCEED 2184:20230712:142820.470 In collect_perfstat() 2184:20230712:142820.477 End of collect_perfstat() 9284:20230712:142820.627 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142820.630 End of send_buffer():SUCCEED 2184:20230712:142821.480 In collect_perfstat() 2184:20230712:142821.487 End of collect_perfstat() 9284:20230712:142821.631 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142821.632 End of send_buffer():SUCCEED 2184:20230712:142822.489 In collect_perfstat() 2184:20230712:142822.492 End of collect_perfstat() 9284:20230712:142822.635 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142822.638 End of send_buffer():SUCCEED 2184:20230712:142823.495 In collect_perfstat() 2184:20230712:142823.498 End of collect_perfstat() 9284:20230712:142823.641 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142823.644 End of send_buffer():SUCCEED 9284:20230712:142823.646 In refresh_active_checks() host:'192.168.56.201' port:10051 9284:20230712:142823.661 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:3, connection timeout:3] 9284:20230712:142823.665 sending [{"request":"active checks","host":"Windows host","host_metadata":"Q21 Ver. 02.09.01","config_revision":919,"session":"4027be861358abcc6136983f1f36335c"}] 9284:20230712:142823.667 before read 9284:20230712:142823.670 got [{"response":"success"}] 9284:20230712:142823.672 In parse_list_of_checks() 9284:20230712:142823.675 End of parse_list_of_checks():SUCCEED 9284:20230712:142823.677 End of refresh_active_checks():SUCCEED 9284:20230712:142823.678 In process_active_checks() server:'192.168.56.201' port:10051 9284:20230712:142823.680 End of process_active_checks() 9284:20230712:142823.681 In get_min_nextcheck() 9284:20230712:142823.683 End of get_min_nextcheck():1689161307 2184:20230712:142824.500 In collect_perfstat() 2184:20230712:142824.502 End of collect_perfstat() 9284:20230712:142824.686 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142824.688 End of send_buffer():SUCCEED 9284:20230712:142824.691 In send_heartbeat_msg() 9284:20230712:142824.693 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:3, connection timeout:3] 9284:20230712:142824.697 sending [{"request":"active check heartbeat","host":"Windows host","heartbeat_freq":60}] 9284:20230712:142824.702 Out send_heartbeat_msg() 2184:20230712:142825.506 In collect_perfstat() 2184:20230712:142825.510 End of collect_perfstat() 14488:20230712:142825.628 Requested [system.sw.os.get] 14488:20230712:142825.629 [MPLOG] in system_sw_os_get() 14488:20230712:142825.630 [MPLOG] end system_sw_os_get() 14488:20230712:142825.631 Sending back [{"os_type":"windows","product_name":"Windows 10 Pro","architecture":"x86_64","build_number":"19045","build_revision":"3086","build":"19045.3086","edition":"Professional","composition":"Enterprise","display_version":"22H2","version":"6.3","version_pretty":"Windows 10 Pro Build 19045.3086","version_full":"Windows 10 Pro 19041.1.amd64fre.vb_release.191206-1406 Build 19045.3086"}] 9284:20230712:142825.703 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142825.704 End of send_buffer():SUCCEED 2184:20230712:142826.512 In collect_perfstat() 2184:20230712:142826.515 End of collect_perfstat() 9284:20230712:142826.706 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142826.707 End of send_buffer():SUCCEED 2184:20230712:142827.518 In collect_perfstat() 2184:20230712:142827.520 End of collect_perfstat() 17028:20230712:142827.637 Requested [agent.ping] 17028:20230712:142827.639 Sending back [1] 9284:20230712:142827.710 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142827.712 End of send_buffer():SUCCEED 9284:20230712:142827.714 In process_active_checks() server:'192.168.56.201' port:10051 9284:20230712:142827.716 In initialize_eventlog6() source:'Application' previous lastlogsize:25777 9284:20230712:142827.718 In zbx_open_eventlog6() lastlogsize:25777 9284:20230712:142827.720 In get_eventlog6_id() 9284:20230712:142827.722 End of get_eventlog6_id():SUCCEED id:94304984 9284:20230712:142827.724 In get_eventlog6_id() 9284:20230712:142827.725 End of get_eventlog6_id():SUCCEED id:94304976 9284:20230712:142827.727 End of zbx_open_eventlog6():SUCCEED FirstID:24378 LastID:70732 9284:20230712:142827.728 In zbx_get_handle_eventlog6(), previous lastlogsize:25777 9284:20230712:142827.730 End of zbx_get_handle_eventlog6():SUCCEED 9284:20230712:142827.731 End of initialize_eventlog6():SUCCEED 9284:20230712:142827.731 In process_eventslog6() source: 'Application' previous lastlogsize: 25777, FirstID: 24378, LastID: 70732 9284:20230712:142827.741 In zbx_parse_eventlog_message6() EventRecordID:25778 9284:20230712:142827.741 In expand_message6() 9284:20230712:142827.743 End of expand_message6():The Software Protection service has successfully installed the license. License Title=Office 16 Publishing License (Private) License Id=34855688-4bf4-46e8-82fd-e224eee75f59 9284:20230712:142827.744 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.745 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25778 value:'The Software Protection service has successfully installed the license. License Title=Office 16 Publishing License (Private) License Id=34855688-4bf4-46e8-82fd-e224eee75f59' 9284:20230712:142827.746 buffer: new element 0 9284:20230712:142827.746 End of process_value():SUCCEED 9284:20230712:142827.747 In zbx_parse_eventlog_message6() EventRecordID:25779 9284:20230712:142827.748 In expand_message6() 9284:20230712:142827.750 End of expand_message6():The Software Protection service has successfully installed the license. License Title=Office 16 UL oob License (Public) License Id=5ee06e69-7a4c-4ac4-922c-86db99b35852 9284:20230712:142827.750 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.751 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25779 value:'The Software Protection service has successfully installed the license. License Title=Office 16 UL oob License (Public) License Id=5ee06e69-7a4c-4ac4-922c-86db99b35852' 9284:20230712:142827.752 buffer: new element 1 9284:20230712:142827.753 End of process_value():SUCCEED 9284:20230712:142827.753 In zbx_parse_eventlog_message6() EventRecordID:25780 9284:20230712:142827.754 In expand_message6() 9284:20230712:142827.756 End of expand_message6():The Software Protection service has successfully installed the license. License Title=Office 16 UL oob License (Private) License Id=aabfaf55-eb71-4d79-a6ba-f6d316e71a02 9284:20230712:142827.756 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.757 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25780 value:'The Software Protection service has successfully installed the license. License Title=Office 16 UL oob License (Private) License Id=aabfaf55-eb71-4d79-a6ba-f6d316e71a02' 9284:20230712:142827.758 buffer: new element 2 9284:20230712:142827.759 End of process_value():SUCCEED 9284:20230712:142827.759 In zbx_parse_eventlog_message6() EventRecordID:25781 9284:20230712:142827.760 In expand_message6() 9284:20230712:142827.762 End of expand_message6():The Software Protection service has successfully installed the license. License Title=Office6337137E-7C07-4197-8986-BECE6A76FC33 PPD License License Id=c8b83b3d-b31f-8528-2395-27f4fe5732f3 9284:20230712:142827.762 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.763 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25781 value:'The Software Protection service has successfully installed the license. License Title=Office6337137E-7C07-4197-8986-BECE6A76FC33 PPD License License Id=c8b83b3d-b31f-8528-2395-27f4fe5732f3' 9284:20230712:142827.764 buffer: new element 3 9284:20230712:142827.764 End of process_value():SUCCEED 9284:20230712:142827.765 In zbx_parse_eventlog_message6() EventRecordID:25782 9284:20230712:142827.766 In expand_message6() 9284:20230712:142827.767 End of expand_message6():The Software Protection service has successfully installed the license. License Title=Office 16 Publishing License (Public) License Id=3b44c9f6-820a-420c-9bcf-ff114dcb02c2 9284:20230712:142827.768 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.769 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25782 value:'The Software Protection service has successfully installed the license. License Title=Office 16 Publishing License (Public) License Id=3b44c9f6-820a-420c-9bcf-ff114dcb02c2' 9284:20230712:142827.769 buffer: new element 4 9284:20230712:142827.770 End of process_value():SUCCEED 9284:20230712:142827.771 In zbx_parse_eventlog_message6() EventRecordID:25783 9284:20230712:142827.771 In expand_message6() 9284:20230712:142827.773 End of expand_message6():The Software Protection service has successfully installed the license. License Title=Office 16 Publishing License (Private) License Id=7dea27f4-0588-4b2c-a910-78b43fd4ed24 9284:20230712:142827.774 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.775 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25783 value:'The Software Protection service has successfully installed the license. License Title=Office 16 Publishing License (Private) License Id=7dea27f4-0588-4b2c-a910-78b43fd4ed24' 9284:20230712:142827.775 buffer: new element 5 9284:20230712:142827.776 End of process_value():SUCCEED 9284:20230712:142827.777 In zbx_parse_eventlog_message6() EventRecordID:25784 9284:20230712:142827.777 In expand_message6() 9284:20230712:142827.779 End of expand_message6():The Software Protection service has successfully installed the license. License Title=Office 16 UL oob License (Public) License Id=32c7d862-d468-4962-971c-749d66321d65 9284:20230712:142827.780 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.780 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25784 value:'The Software Protection service has successfully installed the license. License Title=Office 16 UL oob License (Public) License Id=32c7d862-d468-4962-971c-749d66321d65' 9284:20230712:142827.781 buffer: new element 6 9284:20230712:142827.782 End of process_value():SUCCEED 9284:20230712:142827.782 In zbx_parse_eventlog_message6() EventRecordID:25785 9284:20230712:142827.783 In expand_message6() 9284:20230712:142827.785 End of expand_message6():The Software Protection service has successfully installed the license. License Title=Office 16 UL oob License (Private) License Id=fa6e641a-a9a4-4d20-8081-290a638e9598 9284:20230712:142827.786 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.786 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25785 value:'The Software Protection service has successfully installed the license. License Title=Office 16 UL oob License (Private) License Id=fa6e641a-a9a4-4d20-8081-290a638e9598' 9284:20230712:142827.787 buffer: new element 7 9284:20230712:142827.788 End of process_value():SUCCEED 9284:20230712:142827.788 In zbx_parse_eventlog_message6() EventRecordID:25786 9284:20230712:142827.789 In expand_message6() 9284:20230712:142827.791 End of expand_message6():The Software Protection service has successfully installed the license. License Title=Office742178ED-6B28-42DD-B3D7-B7C0EA78741B PPD License License Id=55a23b24-f2f5-6497-c08f-442e1c1a5688 9284:20230712:142827.792 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.793 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25786 value:'The Software Protection service has successfully installed the license. License Title=Office742178ED-6B28-42DD-B3D7-B7C0EA78741B PPD License License Id=55a23b24-f2f5-6497-c08f-442e1c1a5688' 9284:20230712:142827.793 buffer: new element 8 9284:20230712:142827.794 End of process_value():SUCCEED 9284:20230712:142827.795 In zbx_parse_eventlog_message6() EventRecordID:25787 9284:20230712:142827.795 In expand_message6() 9284:20230712:142827.797 End of expand_message6():The Software Protection service has successfully installed the license. License Title=Office 16 Publishing License (Public) License Id=c68369bf-692a-4f5b-bfda-5d1d92ebe9a8 9284:20230712:142827.798 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.798 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25787 value:'The Software Protection service has successfully installed the license. License Title=Office 16 Publishing License (Public) License Id=c68369bf-692a-4f5b-bfda-5d1d92ebe9a8' 9284:20230712:142827.799 buffer: new element 9 9284:20230712:142827.800 End of process_value():SUCCEED 9284:20230712:142827.800 In zbx_parse_eventlog_message6() EventRecordID:25788 9284:20230712:142827.801 In expand_message6() 9284:20230712:142827.803 End of expand_message6():The Software Protection service has successfully installed the license. License Title=Office 16 Publishing License (Private) License Id=ff9ea29f-32d8-4af6-8ac6-6e3bf0dd3e2e 9284:20230712:142827.804 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.804 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25788 value:'The Software Protection service has successfully installed the license. License Title=Office 16 Publishing License (Private) License Id=ff9ea29f-32d8-4af6-8ac6-6e3bf0dd3e2e' 9284:20230712:142827.805 buffer: new element 10 9284:20230712:142827.806 End of process_value():SUCCEED 9284:20230712:142827.806 In zbx_parse_eventlog_message6() EventRecordID:25789 9284:20230712:142827.807 In expand_message6() 9284:20230712:142827.809 End of expand_message6():The Software Protection service has successfully installed the license. License Title=Office 16 UL oob License (Public) License Id=9c7e482b-40b0-4b77-936d-9c19ed23a02e 9284:20230712:142827.810 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.810 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25789 value:'The Software Protection service has successfully installed the license. License Title=Office 16 UL oob License (Public) License Id=9c7e482b-40b0-4b77-936d-9c19ed23a02e' 9284:20230712:142827.811 buffer: new element 11 9284:20230712:142827.812 End of process_value():SUCCEED 9284:20230712:142827.812 In zbx_parse_eventlog_message6() EventRecordID:25790 9284:20230712:142827.813 In expand_message6() 9284:20230712:142827.815 End of expand_message6():The Software Protection service has successfully installed the license. License Title=Office 16 UL oob License (Private) License Id=83f29ccf-8b9e-49c6-b6f5-38c2fa004c85 9284:20230712:142827.815 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.816 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25790 value:'The Software Protection service has successfully installed the license. License Title=Office 16 UL oob License (Private) License Id=83f29ccf-8b9e-49c6-b6f5-38c2fa004c85' 9284:20230712:142827.817 buffer: new element 12 9284:20230712:142827.817 End of process_value():SUCCEED 9284:20230712:142827.818 In zbx_parse_eventlog_message6() EventRecordID:25791 9284:20230712:142827.819 In expand_message6() 9284:20230712:142827.820 End of expand_message6():The Software Protection service has successfully installed the license. License Title=Office812837CB-040B-4829-8E22-15C4919FEBA4 PPD License License Id=ec9cc319-0f5d-6e56-315c-7ef387dc1724 9284:20230712:142827.821 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.822 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25791 value:'The Software Protection service has successfully installed the license. License Title=Office812837CB-040B-4829-8E22-15C4919FEBA4 PPD License License Id=ec9cc319-0f5d-6e56-315c-7ef387dc1724' 9284:20230712:142827.823 buffer: new element 13 9284:20230712:142827.823 End of process_value():SUCCEED 9284:20230712:142827.824 In zbx_parse_eventlog_message6() EventRecordID:25792 9284:20230712:142827.824 In expand_message6() 9284:20230712:142827.826 End of expand_message6():Restarting application or service 'Microsoft Outlook'. 9284:20230712:142827.827 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.828 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25792 value:'Restarting application or service 'Microsoft Outlook'.' 9284:20230712:142827.828 buffer: new element 14 9284:20230712:142827.829 End of process_value():SUCCEED 9284:20230712:142827.830 In zbx_parse_eventlog_message6() EventRecordID:25793 9284:20230712:142827.830 In expand_message6() 9284:20230712:142827.832 End of expand_message6():Starting session 1 - ‎2022‎-‎09‎-‎05T08:33:20.117318900Z. 9284:20230712:142827.833 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.833 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25793 value:'Starting session 1 - ‎2022‎-‎09‎-‎05T08:33:20.117318900Z.' 9284:20230712:142827.834 buffer: new element 15 9284:20230712:142827.834 End of process_value():SUCCEED 9284:20230712:142827.835 In zbx_parse_eventlog_message6() EventRecordID:25794 9284:20230712:142827.836 In expand_message6() 9284:20230712:142827.837 End of expand_message6():Failed to get the Crawl Scope Manager with error=0x8007045b. 9284:20230712:142827.838 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.838 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25794 value:'Failed to get the Crawl Scope Manager with error=0x8007045b.' 9284:20230712:142827.839 buffer: new element 16 9284:20230712:142827.839 End of process_value():SUCCEED 9284:20230712:142827.840 In zbx_parse_eventlog_message6() EventRecordID:25795 9284:20230712:142827.840 In expand_message6() 9284:20230712:142827.842 End of expand_message6():Failed to determine if the store is in the crawl scope (error=0x8007045b). 9284:20230712:142827.842 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.843 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25795 value:'Failed to determine if the store is in the crawl scope (error=0x8007045b).' 9284:20230712:142827.843 buffer: new element 17 9284:20230712:142827.844 End of process_value():SUCCEED 9284:20230712:142827.844 In zbx_parse_eventlog_message6() EventRecordID:25796 9284:20230712:142827.845 In expand_message6() 9284:20230712:142827.846 End of expand_message6():Windows Search Service stopped normally. 9284:20230712:142827.847 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.847 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25796 value:'Windows Search Service stopped normally. ' 9284:20230712:142827.848 buffer: new element 18 9284:20230712:142827.848 End of process_value():SUCCEED 9284:20230712:142827.849 In zbx_parse_eventlog_message6() EventRecordID:25797 9284:20230712:142827.849 In expand_message6() 9284:20230712:142827.851 End of expand_message6():SearchIndexer (8540,T,97) Windows: The database engine stopped the instance (0). Dirty Shutdown: 0 Internal Timing Sequence: [1] 0.000003 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [2] 0.000022 +J(0) [3] 0.000697 +J(CM:0, PgRf:56, Rd:0/0, Dy:0/108, Lg:2636/80) +M(C:0K, Fs:11, WS:44K # 0K, PF:36K # 0K, P:36K) [4] 0.000003 +J(0) [5] 0.018453 -0.000004 (76) CM -0.013584 (11) WT +J(CM:76, PgRf:0, Rd:0/76, Dy:0/0, Lg:0/0) +M(C:0K, Fs:409, WS:88K # 0K, PF:0K # 0K, P:0K) [6] 0.002351 +J(0) +M(C:0K, Fs:1, WS:-9648K # 0K, PF:-10028K # 0K, P:-10028K) [7] 0.000018 +J(0) [8] 0.004314 -0.001850 (12) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3504/2) +M(C:0K, Fs:22, WS:-140K # 0K, PF:-84K # 0K, P:-84K) [9] 0.000485 -0.000445 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:66/1) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K) [10] 0.000002 +J(0) [11] 0.001137 -0.000243 (2) WT +J(0) [12] 0.000033 +J(0) +M(C:0K, Fs:1, WS:0K # 0K, PF:-4K # 0K, P:-4K) [13] 0.000618 +J(0) [14] 0.000080 +J(0) +M(C:0K, Fs:0, WS:-504K # 0K, PF:-508K # 0K, P:-508K) [15] 0.000004 +J(0). 9284:20230712:142827.851 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.852 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25797 value:'SearchIndexer (8540,T,97) Windows: The database engine stopped the instance (0). Dirty Shutdown: 0 Internal Timing Sequence: [1] 0.000003 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [2] 0.000022 +J(0) [3] 0.000697 +J(CM:0, PgRf:56, Rd:0/0, Dy:0/108, Lg:2636/80) +M(C:0K, Fs:11, WS:44K # 0K, PF:36K # 0K, P:36K) [4] 0.000003 +J(0) [5] 0.018453 -0.000004 (76) CM -0.013584 (11) WT +J(CM:76, PgRf:0, Rd:0/76, Dy:0/0, Lg:0/0) +M(C:0K, Fs:409, WS:88K # 0K, PF:0K # 0K, P:0K) [6] 0.002351 +J(0) +M(C:0K, Fs:1, WS:-9648K # 0K, PF:-10028K # 0K, P:-10028K) [7] 0.000018 +J(0) [8] 0.004314 -0.001850 (12) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3504/2) +M(C:0K, Fs:22, WS:-140K # 0K, PF:-84K # 0K, P:-84K) [9] 0.000485 -0.000445 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:66/1) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K) [10] 0.000002 +J(0) [11] 0.001137 -0.000243 (2) WT +J(0) [12] 0.000033 +J(0) +M(C:0K, Fs:1, WS:0K # 0K, PF:-4K # 0K, P:-4K) [13] 0.000618 +J(0) [14] 0.000080 +J(0) +M(C:0K, Fs:0, WS:-504K # 0K, PF:-508K # 0K, P:-508K) [15] 0.000004 +J(0).' 9284:20230712:142827.852 buffer: new element 19 9284:20230712:142827.853 End of process_value():SUCCEED 9284:20230712:142827.853 In zbx_parse_eventlog_message6() EventRecordID:25798 9284:20230712:142827.854 In expand_message6() 9284:20230712:142827.855 End of expand_message6():SearchIndexer (17876,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0). 9284:20230712:142827.856 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.856 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25798 value:'SearchIndexer (17876,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0).' 9284:20230712:142827.857 buffer: new element 20 9284:20230712:142827.857 End of process_value():SUCCEED 9284:20230712:142827.858 In zbx_parse_eventlog_message6() EventRecordID:25799 9284:20230712:142827.858 In expand_message6() 9284:20230712:142827.860 End of expand_message6():SearchIndexer (17876,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.000777 +J(0) +M(C:0K, Fs:189, WS:728K # 728K, PF:4856K # 4856K, P:4856K) [2] 0.000445 +J(0) +M(C:0K, Fs:224, WS:896K # 896K, PF:980K # 980K, P:980K) [3] 0.001219 +J(0) +M(C:0K, Fs:40, WS:156K # 156K, PF:68K # 68K, P:68K) [4] 0.000142 +J(0) +M(C:0K, Fs:32, WS:124K # 124K, PF:360K # 360K, P:360K) [5] 0.001892 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:24K # 24K, P:24K) [6] 0.004962 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:16K # 16K, P:16K) [7] 0.005080 -0.001856 (1) WT +J(0) +M(C:0K, Fs:270, WS:1076K # 1076K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.012562 -0.000001 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1024K # 12K, P:-1024K) [14] 0.000020 +J(0) [15] 0.000087 +J(0) +M(C:0K, Fs:66, WS:260K # 0K, PF:68K # 0K, P:68K) [16] 0.000228 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K). 9284:20230712:142827.860 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.861 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25799 value:'SearchIndexer (17876,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.000777 +J(0) +M(C:0K, Fs:189, WS:728K # 728K, PF:4856K # 4856K, P:4856K) [2] 0.000445 +J(0) +M(C:0K, Fs:224, WS:896K # 896K, PF:980K # 980K, P:980K) [3] 0.001219 +J(0) +M(C:0K, Fs:40, WS:156K # 156K, PF:68K # 68K, P:68K) [4] 0.000142 +J(0) +M(C:0K, Fs:32, WS:124K # 124K, PF:360K # 360K, P:360K) [5] 0.001892 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:24K # 24K, P:24K) [6] 0.004962 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:16K # 16K, P:16K) [7] 0.005080 -0.001856 (1) WT +J(0) +M(C:0K, Fs:270, WS:1076K # 1076K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.012562 -0.000001 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1024K # 12K, P:-1024K) [14] 0.000020 +J(0) [15] 0.000087 +J(0) +M(C:0K, Fs:66, WS:260K # 0K, PF:68K # 0K, P:68K) [16] 0.000228 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).' 9284:20230712:142827.861 buffer: new element 21 9284:20230712:142827.862 End of process_value():SUCCEED 9284:20230712:142827.862 In zbx_parse_eventlog_message6() EventRecordID:25800 9284:20230712:142827.863 In expand_message6() 9284:20230712:142827.864 End of expand_message6():SearchIndexer (17876,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000BC9:003A:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000004 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [2] 0.000594 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.005455 -0.000633 (5) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:39, WS:120K # 0K, PF:144K # 0K, P:144K) [4] 0.000282 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] - [8] 0.003812 -0.001178 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:54, WS:212K # 0K, PF:696K # 0K, P:696K) [9] 0.005675 -0.000268 (5) CM -0.005142 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:288K # 196K, P:288K) [10] 0.000319 -0.000195 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 4K, PF:96K # 96K, P:96K) [11] 0.000017 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000047 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K) [13] 0.000001 +J(0) [14] 0.0 +J(0) [15] 0.000006 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0). 9284:20230712:142827.865 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.865 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25800 value:'SearchIndexer (17876,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000BC9:003A:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000004 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [2] 0.000594 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.005455 -0.000633 (5) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:39, WS:120K # 0K, PF:144K # 0K, P:144K) [4] 0.000282 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] - [8] 0.003812 -0.001178 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:54, WS:212K # 0K, PF:696K # 0K, P:696K) [9] 0.005675 -0.000268 (5) CM -0.005142 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:288K # 196K, P:288K) [10] 0.000319 -0.000195 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 4K, PF:96K # 96K, P:96K) [11] 0.000017 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000047 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K) [13] 0.000001 +J(0) [14] 0.0 +J(0) [15] 0.000006 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).' 9284:20230712:142827.866 buffer: new element 22 9284:20230712:142827.866 End of process_value():SUCCEED 9284:20230712:142827.867 In zbx_parse_eventlog_message6() EventRecordID:25801 9284:20230712:142827.867 In expand_message6() 9284:20230712:142827.869 End of expand_message6():The Windows Search Service started. 9284:20230712:142827.869 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.870 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25801 value:'The Windows Search Service started. ' 9284:20230712:142827.870 buffer: new element 23 9284:20230712:142827.871 End of process_value():SUCCEED 9284:20230712:142827.871 In zbx_parse_eventlog_message6() EventRecordID:25802 9284:20230712:142827.872 In expand_message6() 9284:20230712:142827.873 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 0 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142827.874 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.874 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25802 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 0 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142827.875 buffer: new element 24 9284:20230712:142827.875 End of process_value():SUCCEED 9284:20230712:142827.876 In zbx_parse_eventlog_message6() EventRecordID:25803 9284:20230712:142827.876 In expand_message6() 9284:20230712:142827.878 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 9284:20230712:142827.878 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.879 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25803 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] ' 9284:20230712:142827.879 buffer: new element 25 9284:20230712:142827.880 End of process_value():SUCCEED 9284:20230712:142827.880 In zbx_parse_eventlog_message6() EventRecordID:25804 9284:20230712:142827.881 In expand_message6() 9284:20230712:142827.882 End of expand_message6():Outlook loaded the following add-in(s): Name: Microsoft Exchange Add-in Description: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability. ProgID: UmOutlookAddin.FormRegionAddin GUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\UmOutlookAddin.dll Boot Time (Milliseconds): 32 Name: Microsoft Teams Meeting Add-in for Microsoft Office Description: Microsoft Teams Meeting Add-in for Microsoft Office ProgID: TeamsAddin.FastConnect GUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D} Load Behavior: 3 HKLM: 0 Location: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22209.4\x64\Microsoft.Teams.AddinLoader.dll Boot Time (Milliseconds): 15 Name: Outlook Social Connector 2016 Description: Connects to social networking sites and provides people, activity, and status information. ProgID: OscAddin.Connect GUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\SOCIALCONNECTOR.DLL Boot Time (Milliseconds): 78 Name: OneNote Notes about Outlook Items Description: Adds Send to OneNote and Notes about this Item buttons to the command bar ProgID: OneNote.OutlookAddin GUID: {93E5752E-B889-47C5-8545-654EE2533C64} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll Boot Time (Milliseconds): 78 Name: Microsoft VBA for Outlook Addin Description: ProgID: Microsoft.VbaAddinForOutlook.1 GUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2} Load Behavior: 9 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\OUTLVBA.DLL Boot Time (Milliseconds): 0 Name: Microsoft SharePoint Server Colleague Import Add-in Description: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content ProgID: ColleagueImport.ColleagueImportAddin GUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120} Load Behavior: 3 HKLM: 0 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\ColleagueImport.dll Boot Time (Milliseconds): 47 Name: HP Sure Click Outlook Add-in 4.3.4.610 Description: HP Sure Click Outlook Add-in 4.3.4.610 ProgID: Bromium.vSentry.OutlookAddin GUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\HP\Sure Click\4.3.4.610\servers\BrOutlookAddin.dll Boot Time (Milliseconds): 187 9284:20230712:142827.883 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.883 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25804 value:'Outlook loaded the following add-in(s): Name: Microsoft Exchange Add-in Description: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability. ProgID: UmOutlookAddin.FormRegionAddin GUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\UmOutlookAddin.dll Boot Time (Milliseconds): 32 Name: Microsoft Teams Meeting Add-in for Microsoft Office Description: Microsoft Teams Meeting Add-in for Microsoft Office ProgID: TeamsAddin.FastConnect GUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D} Load Behavior: 3 HKLM: 0 Location: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22209.4\x64\Microsoft.Teams.AddinLoader.dll Boot Time (Milliseconds): 15 Name: Outlook Social Connector 2016 Description: Connects to social networking sites and provides people, activity, and status information. ProgID: OscAddin.Connect GUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\SOCIALCONNECTOR.DLL Boot Time (Milliseconds): 78 Name: OneNote Notes about Outlook Items Description: Adds Send to OneNote and Notes about this Item buttons to the command bar ProgID: OneNote.OutlookAddin GUID: {93E5752E-B889-47C5-8545-654EE2533C64} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll Boot Time (Milliseconds): 78 Name: Microsoft VBA for Outlook Addin Description: ProgID: Microsoft.VbaAddinForOutlook.1 GUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2} Load Behavior: 9 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\OUTLVBA.DLL Boot Time (Milliseconds): 0 Name: Microsoft SharePoint Server Colleague Import Add-in Description: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content ProgID: ColleagueImport.ColleagueImportAddin GUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120} Load Behavior: 3 HKLM: 0 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\ColleagueImport.dll Boot Time (Milliseconds): 47 Name: HP Sure Click Outlook Add-in 4.3.4.610 Description: HP Sure Click Outlook Add-in 4.3.4.610 ProgID: Bromium.vSentry.OutlookAddin GUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\HP\Sure Click\4.3.4.610\servers\BrOutlookAddin.dll Boot Time (Milliseconds): 187 ' 9284:20230712:142827.884 buffer: new element 26 9284:20230712:142827.884 End of process_value():SUCCEED 9284:20230712:142827.885 In zbx_parse_eventlog_message6() EventRecordID:25805 9284:20230712:142827.885 In expand_message6() 9284:20230712:142827.887 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142827.887 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.888 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25805 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142827.888 buffer: new element 27 9284:20230712:142827.888 End of process_value():SUCCEED 9284:20230712:142827.889 In zbx_parse_eventlog_message6() EventRecordID:25806 9284:20230712:142827.890 In expand_message6() 9284:20230712:142827.891 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-12T08:34:00Z. Reason: RulesEngine. 9284:20230712:142827.892 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.892 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25806 value:'Successfully scheduled Software Protection service for re-start at 2122-08-12T08:34:00Z. Reason: RulesEngine.' 9284:20230712:142827.893 buffer: new element 28 9284:20230712:142827.894 End of process_value():SUCCEED 9284:20230712:142827.894 In zbx_parse_eventlog_message6() EventRecordID:25807 9284:20230712:142827.895 In expand_message6() 9284:20230712:142827.896 End of expand_message6():Beginning a Windows Installer transaction: c:\program files\microsoft office\root\integration\c2rint.16.msi. Client Process Id: 4228. 9284:20230712:142827.897 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.897 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25807 value:'Beginning a Windows Installer transaction: c:\program files\microsoft office\root\integration\c2rint.16.msi. Client Process Id: 4228.' 9284:20230712:142827.898 buffer: new element 29 9284:20230712:142827.898 End of process_value():SUCCEED 9284:20230712:142827.899 In zbx_parse_eventlog_message6() EventRecordID:25808 9284:20230712:142827.899 In expand_message6() 9284:20230712:142827.901 End of expand_message6():Ending session 1 started ‎2022‎-‎09‎-‎05T08:32:44.995910700Z. 9284:20230712:142827.902 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.902 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25808 value:'Ending session 1 started ‎2022‎-‎09‎-‎05T08:32:44.995910700Z.' 9284:20230712:142827.903 buffer: new element 30 9284:20230712:142827.904 End of process_value():SUCCEED 9284:20230712:142827.904 In zbx_parse_eventlog_message6() EventRecordID:25809 9284:20230712:142827.905 In expand_message6() 9284:20230712:142827.914 End of expand_message6():Product: Office 16 Click-to-Run Extensibility Component -- Configuration completed successfully. 9284:20230712:142827.915 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.915 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25809 value:'Product: Office 16 Click-to-Run Extensibility Component -- Configuration completed successfully.' 9284:20230712:142827.916 buffer: new element 31 9284:20230712:142827.917 End of process_value():SUCCEED 9284:20230712:142827.917 In zbx_parse_eventlog_message6() EventRecordID:25810 9284:20230712:142827.918 In expand_message6() 9284:20230712:142827.919 End of expand_message6():Windows Installer reconfigured the product. Product Name: Office 16 Click-to-Run Extensibility Component. Product Version: 16.0.15601.20064. Product Language: 0. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 0. 9284:20230712:142827.920 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.921 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25810 value:'Windows Installer reconfigured the product. Product Name: Office 16 Click-to-Run Extensibility Component. Product Version: 16.0.15601.20064. Product Language: 0. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 0.' 9284:20230712:142827.921 buffer: new element 32 9284:20230712:142827.922 End of process_value():SUCCEED 9284:20230712:142827.922 In zbx_parse_eventlog_message6() EventRecordID:25811 9284:20230712:142827.923 In expand_message6() 9284:20230712:142827.924 End of expand_message6():Ending a Windows Installer transaction: c:\program files\microsoft office\root\integration\c2rint.16.msi. Client Process Id: 4228. 9284:20230712:142827.925 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.925 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25811 value:'Ending a Windows Installer transaction: c:\program files\microsoft office\root\integration\c2rint.16.msi. Client Process Id: 4228.' 9284:20230712:142827.926 buffer: new element 33 9284:20230712:142827.926 End of process_value():SUCCEED 9284:20230712:142827.927 In zbx_parse_eventlog_message6() EventRecordID:25812 9284:20230712:142827.928 In expand_message6() 9284:20230712:142827.929 End of expand_message6():SearchIndexer (17876,T,97) Windows: The database engine stopped the instance (0). Dirty Shutdown: 0 Internal Timing Sequence: [1] 0.000003 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [2] 0.000017 +J(0) [3] 0.000036 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [4] 0.000002 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] 0.004688 -0.003261 (5) WT +J(CM:21, PgRf:0, Rd:0/21, Dy:0/0, Lg:0/0) +M(C:0K, Fs:141, WS:-160K # 0K, PF:-312K # 0K, P:-312K) [6] 0.001253 +J(0) +M(C:0K, Fs:7, WS:-9256K # 0K, PF:-10056K # 0K, P:-10056K) [7] 0.000006 +J(0) [8] 0.003623 -0.002196 (11) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:4096/2) +M(C:0K, Fs:31, WS:24K # 0K, PF:88K # 0K, P:88K) [9] 0.003004 -0.002976 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:66/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [10] 0.000001 +J(0) [11] 0.001030 -0.000454 (2) WT +J(0) [12] 0.000029 +J(0) +M(C:0K, Fs:2, WS:4K # 0K, PF:-4K # 0K, P:-4K) [13] 0.000236 +J(0) [14] 0.000012 +J(0) +M(C:0K, Fs:0, WS:-16K # 0K, PF:-32K # 0K, P:-32K) [15] 0.000002 +J(0). 9284:20230712:142827.930 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.930 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25812 value:'SearchIndexer (17876,T,97) Windows: The database engine stopped the instance (0). Dirty Shutdown: 0 Internal Timing Sequence: [1] 0.000003 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [2] 0.000017 +J(0) [3] 0.000036 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [4] 0.000002 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] 0.004688 -0.003261 (5) WT +J(CM:21, PgRf:0, Rd:0/21, Dy:0/0, Lg:0/0) +M(C:0K, Fs:141, WS:-160K # 0K, PF:-312K # 0K, P:-312K) [6] 0.001253 +J(0) +M(C:0K, Fs:7, WS:-9256K # 0K, PF:-10056K # 0K, P:-10056K) [7] 0.000006 +J(0) [8] 0.003623 -0.002196 (11) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:4096/2) +M(C:0K, Fs:31, WS:24K # 0K, PF:88K # 0K, P:88K) [9] 0.003004 -0.002976 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:66/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K) [10] 0.000001 +J(0) [11] 0.001030 -0.000454 (2) WT +J(0) [12] 0.000029 +J(0) +M(C:0K, Fs:2, WS:4K # 0K, PF:-4K # 0K, P:-4K) [13] 0.000236 +J(0) [14] 0.000012 +J(0) +M(C:0K, Fs:0, WS:-16K # 0K, PF:-32K # 0K, P:-32K) [15] 0.000002 +J(0).' 9284:20230712:142827.931 buffer: new element 34 9284:20230712:142827.931 End of process_value():SUCCEED 9284:20230712:142827.932 In zbx_parse_eventlog_message6() EventRecordID:25813 9284:20230712:142827.932 In expand_message6() 9284:20230712:142827.934 End of expand_message6():Windows Search Service stopped normally. 9284:20230712:142827.935 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.935 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25813 value:'Windows Search Service stopped normally. ' 9284:20230712:142827.936 buffer: new element 35 9284:20230712:142827.936 End of process_value():SUCCEED 9284:20230712:142827.937 In zbx_parse_eventlog_message6() EventRecordID:25814 9284:20230712:142827.937 In expand_message6() 9284:20230712:142827.939 End of expand_message6():SearchIndexer (6788,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0). 9284:20230712:142827.939 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.940 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25814 value:'SearchIndexer (6788,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0).' 9284:20230712:142827.941 buffer: new element 36 9284:20230712:142827.941 End of process_value():SUCCEED 9284:20230712:142827.942 In zbx_parse_eventlog_message6() EventRecordID:25815 9284:20230712:142827.942 In expand_message6() 9284:20230712:142827.944 End of expand_message6():SearchIndexer (6788,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.000619 +J(0) +M(C:0K, Fs:189, WS:724K # 724K, PF:4852K # 4852K, P:4852K) [2] 0.000307 +J(0) +M(C:0K, Fs:256, WS:1020K # 1020K, PF:992K # 992K, P:992K) [3] 0.000020 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K) [4] 0.000081 +J(0) +M(C:0K, Fs:33, WS:132K # 132K, PF:368K # 368K, P:368K) [5] 0.001000 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K) [6] 0.003288 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:12K # 12K, P:12K) [7] 0.002441 +J(0) +M(C:0K, Fs:271, WS:1080K # 1080K, PF:1032K # 1032K, P:1032K) [8] - [9] - [10] - [11] - [12] - [13] 0.007855 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1024K # 12K, P:-1024K) [14] 0.000017 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:8K # 0K, P:8K) [15] 0.000060 +J(0) +M(C:0K, Fs:66, WS:260K # 0K, PF:68K # 0K, P:68K) [16] 0.000185 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K). 9284:20230712:142827.944 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.945 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25815 value:'SearchIndexer (6788,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.000619 +J(0) +M(C:0K, Fs:189, WS:724K # 724K, PF:4852K # 4852K, P:4852K) [2] 0.000307 +J(0) +M(C:0K, Fs:256, WS:1020K # 1020K, PF:992K # 992K, P:992K) [3] 0.000020 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K) [4] 0.000081 +J(0) +M(C:0K, Fs:33, WS:132K # 132K, PF:368K # 368K, P:368K) [5] 0.001000 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K) [6] 0.003288 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:12K # 12K, P:12K) [7] 0.002441 +J(0) +M(C:0K, Fs:271, WS:1080K # 1080K, PF:1032K # 1032K, P:1032K) [8] - [9] - [10] - [11] - [12] - [13] 0.007855 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1024K # 12K, P:-1024K) [14] 0.000017 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:8K # 0K, P:8K) [15] 0.000060 +J(0) +M(C:0K, Fs:66, WS:260K # 0K, PF:68K # 0K, P:68K) [16] 0.000185 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).' 9284:20230712:142827.945 buffer: new element 37 9284:20230712:142827.946 End of process_value():SUCCEED 9284:20230712:142827.946 In zbx_parse_eventlog_message6() EventRecordID:25816 9284:20230712:142827.947 In expand_message6() 9284:20230712:142827.949 End of expand_message6():SearchIndexer (6788,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000BC9:005A:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000002 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [2] 0.000306 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.004567 -0.001002 (5) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:128K # 0K, PF:140K # 0K, P:140K) [4] 0.000231 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] - [8] 0.005615 -0.004085 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:52, WS:204K # 0K, PF:712K # 0K, P:712K) [9] 0.006284 -0.000224 (5) CM -0.005885 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:288K # 224K, P:288K) [10] 0.000200 -0.000125 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 4K, PF:96K # 96K, P:96K) [11] 0.000010 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000030 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K) [13] 0.0 +J(0) [14] 0.0 +J(0) [15] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0). 9284:20230712:142827.949 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.950 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25816 value:'SearchIndexer (6788,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000BC9:005A:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000002 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [2] 0.000306 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.004567 -0.001002 (5) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:128K # 0K, PF:140K # 0K, P:140K) [4] 0.000231 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] - [8] 0.005615 -0.004085 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:52, WS:204K # 0K, PF:712K # 0K, P:712K) [9] 0.006284 -0.000224 (5) CM -0.005885 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:288K # 224K, P:288K) [10] 0.000200 -0.000125 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 4K, PF:96K # 96K, P:96K) [11] 0.000010 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000030 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K) [13] 0.0 +J(0) [14] 0.0 +J(0) [15] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).' 9284:20230712:142827.950 buffer: new element 38 9284:20230712:142827.951 End of process_value():SUCCEED 9284:20230712:142827.951 In zbx_parse_eventlog_message6() EventRecordID:25817 9284:20230712:142827.952 In expand_message6() 9284:20230712:142827.954 End of expand_message6():The Windows Search Service started. 9284:20230712:142827.954 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.955 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25817 value:'The Windows Search Service started. ' 9284:20230712:142827.955 buffer: new element 39 9284:20230712:142827.956 End of process_value():SUCCEED 9284:20230712:142827.956 In zbx_parse_eventlog_message6() EventRecordID:25818 9284:20230712:142827.957 In expand_message6() 9284:20230712:142827.958 End of expand_message6():Beginning a Windows Installer transaction: c:\program files\microsoft office\root\integration\c2rint.16.msi. Client Process Id: 4228. 9284:20230712:142827.959 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.959 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25818 value:'Beginning a Windows Installer transaction: c:\program files\microsoft office\root\integration\c2rint.16.msi. Client Process Id: 4228.' 9284:20230712:142827.960 buffer: new element 40 9284:20230712:142827.961 End of process_value():SUCCEED 9284:20230712:142827.961 In zbx_parse_eventlog_message6() EventRecordID:25819 9284:20230712:142827.962 In expand_message6() 9284:20230712:142827.963 End of expand_message6():Product: Office 16 Click-to-Run Extensibility Component -- Configuration completed successfully. 9284:20230712:142827.964 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.964 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25819 value:'Product: Office 16 Click-to-Run Extensibility Component -- Configuration completed successfully.' 9284:20230712:142827.965 buffer: new element 41 9284:20230712:142827.965 End of process_value():SUCCEED 9284:20230712:142827.966 In zbx_parse_eventlog_message6() EventRecordID:25820 9284:20230712:142827.967 In expand_message6() 9284:20230712:142827.969 End of expand_message6():Windows Installer reconfigured the product. Product Name: Office 16 Click-to-Run Extensibility Component. Product Version: 16.0.15601.20064. Product Language: 0. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 0. 9284:20230712:142827.969 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.970 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25820 value:'Windows Installer reconfigured the product. Product Name: Office 16 Click-to-Run Extensibility Component. Product Version: 16.0.15601.20064. Product Language: 0. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 0.' 9284:20230712:142827.970 buffer: new element 42 9284:20230712:142827.971 End of process_value():SUCCEED 9284:20230712:142827.971 In zbx_parse_eventlog_message6() EventRecordID:25821 9284:20230712:142827.972 In expand_message6() 9284:20230712:142827.974 End of expand_message6():Ending a Windows Installer transaction: c:\program files\microsoft office\root\integration\c2rint.16.msi. Client Process Id: 4228. 9284:20230712:142827.974 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.975 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25821 value:'Ending a Windows Installer transaction: c:\program files\microsoft office\root\integration\c2rint.16.msi. Client Process Id: 4228.' 9284:20230712:142827.976 buffer: new element 43 9284:20230712:142827.976 End of process_value():SUCCEED 9284:20230712:142827.977 In zbx_parse_eventlog_message6() EventRecordID:25822 9284:20230712:142827.977 In expand_message6() 9284:20230712:142827.979 End of expand_message6():Beginning a Windows Installer transaction: c:\program files\microsoft office\root\integration\c2rintloc.ru-ru.16.msi. Client Process Id: 4228. 9284:20230712:142827.980 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.980 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25822 value:'Beginning a Windows Installer transaction: c:\program files\microsoft office\root\integration\c2rintloc.ru-ru.16.msi. Client Process Id: 4228.' 9284:20230712:142827.981 buffer: new element 44 9284:20230712:142827.982 End of process_value():SUCCEED 9284:20230712:142827.982 In zbx_parse_eventlog_message6() EventRecordID:25823 9284:20230712:142827.983 In expand_message6() 9284:20230712:142827.985 End of expand_message6():Продукт: Office 16 Click-to-Run Localization Component -- Настройка завершена успешно. 9284:20230712:142827.985 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.986 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25823 value:'Продукт: Office 16 Click-to-Run Localization Component -- Настройка завершена успешно.' 9284:20230712:142827.987 buffer: new element 45 9284:20230712:142827.987 End of process_value():SUCCEED 9284:20230712:142827.988 In zbx_parse_eventlog_message6() EventRecordID:25824 9284:20230712:142827.989 In expand_message6() 9284:20230712:142827.990 End of expand_message6():Windows Installer reconfigured the product. Product Name: Office 16 Click-to-Run Localization Component. Product Version: 16.0.15601.20064. Product Language: 1049. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 0. 9284:20230712:142827.991 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.992 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25824 value:'Windows Installer reconfigured the product. Product Name: Office 16 Click-to-Run Localization Component. Product Version: 16.0.15601.20064. Product Language: 1049. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 0.' 9284:20230712:142827.992 buffer: new element 46 9284:20230712:142827.993 End of process_value():SUCCEED 9284:20230712:142827.994 In zbx_parse_eventlog_message6() EventRecordID:25825 9284:20230712:142827.994 In expand_message6() 9284:20230712:142827.996 End of expand_message6():Ending a Windows Installer transaction: c:\program files\microsoft office\root\integration\c2rintloc.ru-ru.16.msi. Client Process Id: 4228. 9284:20230712:142827.997 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142827.998 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25825 value:'Ending a Windows Installer transaction: c:\program files\microsoft office\root\integration\c2rintloc.ru-ru.16.msi. Client Process Id: 4228.' 9284:20230712:142827.999 buffer: new element 47 9284:20230712:142827.999 End of process_value():SUCCEED 9284:20230712:142828.000 In zbx_parse_eventlog_message6() EventRecordID:25826 9284:20230712:142828.001 In expand_message6() 9284:20230712:142828.002 End of expand_message6():Beginning a Windows Installer transaction: c:\program files\microsoft office\root\integration\sppredist.msi. Client Process Id: 4228. 9284:20230712:142828.003 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.004 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25826 value:'Beginning a Windows Installer transaction: c:\program files\microsoft office\root\integration\sppredist.msi. Client Process Id: 4228.' 9284:20230712:142828.004 buffer: new element 48 9284:20230712:142828.005 End of process_value():SUCCEED 9284:20230712:142828.006 In zbx_parse_eventlog_message6() EventRecordID:25827 9284:20230712:142828.006 In expand_message6() 9284:20230712:142828.009 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142828.009 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.010 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25827 value:'Offline downlevel migration succeeded.' 9284:20230712:142828.011 buffer: new element 49 9284:20230712:142828.012 In send_buffer() host:'192.168.56.201' port:10051 entries:50/100 9284:20230712:142828.016 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:60, connection timeout:3] 9284:20230712:142828.017 JSON before sending [{"request":"agent data","session":"4027be861358abcc6136983f1f36335c","data":[{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=Office 16 Publishing License (Private)\r\nLicense Id=34855688-4bf4-46e8-82fd-e224eee75f59","lastlogsize":25778,"timestamp":1662366795,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":801,"clock":1689161307,"ns":746260900},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=Office 16 UL oob License (Public)\r\nLicense Id=5ee06e69-7a4c-4ac4-922c-86db99b35852","lastlogsize":25779,"timestamp":1662366795,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":802,"clock":1689161307,"ns":752499400},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=Office 16 UL oob License (Private)\r\nLicense Id=aabfaf55-eb71-4d79-a6ba-f6d316e71a02","lastlogsize":25780,"timestamp":1662366795,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":803,"clock":1689161307,"ns":758510300},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=Office6337137E-7C07-4197-8986-BECE6A76FC33 PPD License\r\nLicense Id=c8b83b3d-b31f-8528-2395-27f4fe5732f3","lastlogsize":25781,"timestamp":1662366795,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":804,"clock":1689161307,"ns":764285400},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=Office 16 Publishing License (Public)\r\nLicense Id=3b44c9f6-820a-420c-9bcf-ff114dcb02c2","lastlogsize":25782,"timestamp":1662366795,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":805,"clock":1689161307,"ns":770017800},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=Office 16 Publishing License (Private)\r\nLicense Id=7dea27f4-0588-4b2c-a910-78b43fd4ed24","lastlogsize":25783,"timestamp":1662366795,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":806,"clock":1689161307,"ns":775867300},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=Office 16 UL oob License (Public)\r\nLicense Id=32c7d862-d468-4962-971c-749d66321d65","lastlogsize":25784,"timestamp":1662366795,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":807,"clock":1689161307,"ns":781742100},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=Office 16 UL oob License (Private)\r\nLicense Id=fa6e641a-a9a4-4d20-8081-290a638e9598","lastlogsize":25785,"timestamp":1662366795,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":808,"clock":1689161307,"ns":787572700},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=Office742178ED-6B28-42DD-B3D7-B7C0EA78741B PPD License\r\nLicense Id=55a23b24-f2f5-6497-c08f-442e1c1a5688","lastlogsize":25786,"timestamp":1662366795,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":809,"clock":1689161307,"ns":793847600},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=Office 16 Publishing License (Public)\r\nLicense Id=c68369bf-692a-4f5b-bfda-5d1d92ebe9a8","lastlogsize":25787,"timestamp":1662366796,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":810,"clock":1689161307,"ns":799859100},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=Office 16 Publishing License (Private)\r\nLicense Id=ff9ea29f-32d8-4af6-8ac6-6e3bf0dd3e2e","lastlogsize":25788,"timestamp":1662366796,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":811,"clock":1689161307,"ns":805699100},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=Office 16 UL oob License (Public)\r\nLicense Id=9c7e482b-40b0-4b77-936d-9c19ed23a02e","lastlogsize":25789,"timestamp":1662366796,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":812,"clock":1689161307,"ns":811531500},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=Office 16 UL oob License (Private)\r\nLicense Id=83f29ccf-8b9e-49c6-b6f5-38c2fa004c85","lastlogsize":25790,"timestamp":1662366796,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":813,"clock":1689161307,"ns":817309800},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has successfully installed the license.\r\nLicense Title=Office812837CB-040B-4829-8E22-15C4919FEBA4 PPD License\r\nLicense Id=ec9cc319-0f5d-6e56-315c-7ef387dc1724","lastlogsize":25791,"timestamp":1662366796,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1004,"id":814,"clock":1689161307,"ns":823158300},{"host":"Windows host","key":"eventlog[Application]","value":"Restarting application or service 'Microsoft Outlook'.","lastlogsize":25792,"timestamp":1662366799,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10003,"id":815,"clock":1689161307,"ns":828912600},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 1 - ‎2022‎-‎09‎-‎05T08:33:20.117318900Z.","lastlogsize":25793,"timestamp":1662366800,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":816,"clock":1689161307,"ns":834474500},{"host":"Windows host","key":"eventlog[Application]","value":"Failed to get the Crawl Scope Manager with error=0x8007045b.","lastlogsize":25794,"timestamp":1662366807,"source":"Outlook","severity":4,"eventid":34,"id":817,"clock":1689161307,"ns":839350500},{"host":"Windows host","key":"eventlog[Application]","value":"Failed to determine if the store is in the crawl scope (error=0x8007045b).","lastlogsize":25795,"timestamp":1662366807,"source":"Outlook","severity":4,"eventid":35,"id":818,"clock":1689161307,"ns":843882600},{"host":"Windows host","key":"eventlog[Application]","value":"Windows Search Service stopped normally.\n","lastlogsize":25796,"timestamp":1662366807,"source":"Microsoft-Windows-Search","severity":1,"eventid":1013,"id":819,"clock":1689161307,"ns":848482100},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (8540,T,97) Windows: The database engine stopped the instance (0). \r\n \r\nDirty Shutdown: 0 \r\n \r\nInternal Timing Sequence: \n[1] 0.000003 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[2] 0.000022 +J(0)\n[3] 0.000697 +J(CM:0, PgRf:56, Rd:0/0, Dy:0/108, Lg:2636/80) +M(C:0K, Fs:11, WS:44K # 0K, PF:36K # 0K, P:36K)\n[4] 0.000003 +J(0)\n[5] 0.018453 -0.000004 (76) CM -0.013584 (11) WT +J(CM:76, PgRf:0, Rd:0/76, Dy:0/0, Lg:0/0) +M(C:0K, Fs:409, WS:88K # 0K, PF:0K # 0K, P:0K)\n[6] 0.002351 +J(0) +M(C:0K, Fs:1, WS:-9648K # 0K, PF:-10028K # 0K, P:-10028K)\n[7] 0.000018 +J(0)\n[8] 0.004314 -0.001850 (12) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3504/2) +M(C:0K, Fs:22, WS:-140K # 0K, PF:-84K # 0K, P:-84K)\n[9] 0.000485 -0.000445 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:66/1) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)\n[10] 0.000002 +J(0)\n[11] 0.001137 -0.000243 (2) WT +J(0)\n[12] 0.000033 +J(0) +M(C:0K, Fs:1, WS:0K # 0K, PF:-4K # 0K, P:-4K)\n[13] 0.000618 +J(0)\n[14] 0.000080 +J(0) +M(C:0K, Fs:0, WS:-504K # 0K, PF:-508K # 0K, P:-508K)\n[15] 0.000004 +J(0).","lastlogsize":25797,"timestamp":1662366807,"source":"ESENT","severity":1,"eventid":103,"id":820,"clock":1689161307,"ns":852899400},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (17876,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0).","lastlogsize":25798,"timestamp":1662366807,"source":"ESENT","severity":1,"eventid":102,"id":821,"clock":1689161307,"ns":857355200},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (17876,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) \r\n \r\nAdditional Data:\r\n \r\n \r\nInternal Timing Sequence: \n[1] 0.000777 +J(0) +M(C:0K, Fs:189, WS:728K # 728K, PF:4856K # 4856K, P:4856K)\n[2] 0.000445 +J(0) +M(C:0K, Fs:224, WS:896K # 896K, PF:980K # 980K, P:980K)\n[3] 0.001219 +J(0) +M(C:0K, Fs:40, WS:156K # 156K, PF:68K # 68K, P:68K)\n[4] 0.000142 +J(0) +M(C:0K, Fs:32, WS:124K # 124K, PF:360K # 360K, P:360K)\n[5] 0.001892 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:24K # 24K, P:24K)\n[6] 0.004962 +J(0) +M(C:0K, Fs:24, WS:96K # 96K, PF:16K # 16K, P:16K)\n[7] 0.005080 -0.001856 (1) WT +J(0) +M(C:0K, Fs:270, WS:1076K # 1076K, PF:1028K # 1028K, P:1028K)\n[8] -\n[9] -\n[10] -\n[11] -\n[12] -\n[13] 0.012562 -0.000001 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1024K # 12K, P:-1024K)\n[14] 0.000020 +J(0)\n[15] 0.000087 +J(0) +M(C:0K, Fs:66, WS:260K # 0K, PF:68K # 0K, P:68K)\n[16] 0.000228 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).","lastlogsize":25799,"timestamp":1662366807,"source":"ESENT","severity":1,"eventid":105,"id":822,"clock":1689161307,"ns":861834700},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (17876,D,50) Windows: The database engine attached a database (1, C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb). (Time=0 seconds) \r\n \r\nSaved Cache: 0 0 \r\nAdditional Data: lgposAttach = 00000BC9:003A:0268,\ndbv = 1568.110.240 \r\n \r\nInternal Timing Sequence: \n[1] 0.000004 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[2] 0.000594 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K)\n[3] 0.005455 -0.000633 (5) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:39, WS:120K # 0K, PF:144K # 0K, P:144K)\n[4] 0.000282 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[5] -\n[6] -\n[7] -\n[8] 0.003812 -0.001178 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:54, WS:212K # 0K, PF:696K # 0K, P:696K)\n[9] 0.005675 -0.000268 (5) CM -0.005142 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:288K # 196K, P:288K)\n[10] 0.000319 -0.000195 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 4K, PF:96K # 96K, P:96K)\n[11] 0.000017 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K)\n[12] 0.000047 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K)\n[13] 0.000001 +J(0)\n[14] 0.0 +J(0)\n[15] 0.000006 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).","lastlogsize":25800,"timestamp":1662366807,"source":"ESENT","severity":1,"eventid":326,"id":823,"clock":1689161307,"ns":866293100},{"host":"Windows host","key":"eventlog[Application]","value":"The Windows Search Service started.\n","lastlogsize":25801,"timestamp":1662366807,"source":"Microsoft-Windows-Search","severity":1,"eventid":1003,"id":824,"clock":1689161307,"ns":870792600},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 0 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25802,"timestamp":1662366809,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":825,"clock":1689161307,"ns":875450900},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n\n","lastlogsize":25803,"timestamp":1662366809,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":826,"clock":1689161307,"ns":879976000},{"host":"Windows host","key":"eventlog[Application]","value":"Outlook loaded the following add-in(s):\n\n\nName: Microsoft Exchange Add-in\nDescription: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability.\nProgID: UmOutlookAddin.FormRegionAddin\nGUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\UmOutlookAddin.dll\nBoot Time (Milliseconds): 32\n\nName: Microsoft Teams Meeting Add-in for Microsoft Office\nDescription: Microsoft Teams Meeting Add-in for Microsoft Office\nProgID: TeamsAddin.FastConnect\nGUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D}\nLoad Behavior: 3\nHKLM: 0\nLocation: C:\\Users\\MihailsPrihodko\\AppData\\Local\\Microsoft\\TeamsMeetingAddin\\1.0.22209.4\\x64\\Microsoft.Teams.AddinLoader.dll\nBoot Time (Milliseconds): 15\n\nName: Outlook Social Connector 2016\nDescription: Connects to social networking sites and provides people, activity, and status information.\nProgID: OscAddin.Connect\nGUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\SOCIALCONNECTOR.DLL\nBoot Time (Milliseconds): 78\n\nName: OneNote Notes about Outlook Items\nDescription: Adds Send to OneNote and Notes about this Item buttons to the command bar\nProgID: OneNote.OutlookAddin\nGUID: {93E5752E-B889-47C5-8545-654EE2533C64}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ONBttnOL.dll\nBoot Time (Milliseconds): 78\n\nName: Microsoft VBA for Outlook Addin\nDescription: \nProgID: Microsoft.VbaAddinForOutlook.1\nGUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2}\nLoad Behavior: 9\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\OUTLVBA.DLL\nBoot Time (Milliseconds): 0\n\nName: Microsoft SharePoint Server Colleague Import Add-in\nDescription: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content\nProgID: ColleagueImport.ColleagueImportAddin\nGUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120}\nLoad Behavior: 3\nHKLM: 0\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\ColleagueImport.dll\nBoot Time (Milliseconds): 47\n\nName: HP Sure Click Outlook Add-in 4.3.4.610\nDescription: HP Sure Click Outlook Add-in 4.3.4.610\nProgID: Bromium.vSentry.OutlookAddin\nGUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\HP\\Sure Click\\4.3.4.610\\servers\\BrOutlookAddin.dll\nBoot Time (Milliseconds): 187\n","lastlogsize":25804,"timestamp":1662366810,"source":"Outlook","severity":1,"eventid":45,"id":827,"clock":1689161307,"ns":884407500},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":25805,"timestamp":1662366811,"source":"Outlook","severity":1,"eventid":63,"id":828,"clock":1689161307,"ns":888545800},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-12T08:34:00Z. Reason: RulesEngine.","lastlogsize":25806,"timestamp":1662366841,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":829,"clock":1689161307,"ns":893533800},{"host":"Windows host","key":"eventlog[Application]","value":"Beginning a Windows Installer transaction: c:\\program files\\microsoft office\\root\\integration\\c2rint.16.msi. Client Process Id: 4228.","lastlogsize":25807,"timestamp":1662366841,"source":"MsiInstaller","severity":1,"eventid":1040,"id":830,"clock":1689161307,"ns":898357900},{"host":"Windows host","key":"eventlog[Application]","value":"Ending session 1 started ‎2022‎-‎09‎-‎05T08:32:44.995910700Z.","lastlogsize":25808,"timestamp":1662366844,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10001,"id":831,"clock":1689161307,"ns":903556800},{"host":"Windows host","key":"eventlog[Application]","value":"Product: Office 16 Click-to-Run Extensibility Component -- Configuration completed successfully.","lastlogsize":25809,"timestamp":1662366850,"source":"MsiInstaller","severity":1,"eventid":11728,"id":832,"clock":1689161307,"ns":916640700},{"host":"Windows host","key":"eventlog[Application]","value":"Windows Installer reconfigured the product. Product Name: Office 16 Click-to-Run Extensibility Component. Product Version: 16.0.15601.20064. Product Language: 0. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 0.","lastlogsize":25810,"timestamp":1662366850,"source":"MsiInstaller","severity":1,"eventid":1035,"id":833,"clock":1689161307,"ns":921616200},{"host":"Windows host","key":"eventlog[Application]","value":"Ending a Windows Installer transaction: c:\\program files\\microsoft office\\root\\integration\\c2rint.16.msi. Client Process Id: 4228.","lastlogsize":25811,"timestamp":1662366850,"source":"MsiInstaller","severity":1,"eventid":1042,"id":834,"clock":1689161307,"ns":926443700},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (17876,T,97) Windows: The database engine stopped the instance (0). \r\n \r\nDirty Shutdown: 0 \r\n \r\nInternal Timing Sequence: \n[1] 0.000003 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[2] 0.000017 +J(0)\n[3] 0.000036 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[4] 0.000002 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[5] 0.004688 -0.003261 (5) WT +J(CM:21, PgRf:0, Rd:0/21, Dy:0/0, Lg:0/0) +M(C:0K, Fs:141, WS:-160K # 0K, PF:-312K # 0K, P:-312K)\n[6] 0.001253 +J(0) +M(C:0K, Fs:7, WS:-9256K # 0K, PF:-10056K # 0K, P:-10056K)\n[7] 0.000006 +J(0)\n[8] 0.003623 -0.002196 (11) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:4096/2) +M(C:0K, Fs:31, WS:24K # 0K, PF:88K # 0K, P:88K)\n[9] 0.003004 -0.002976 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:66/1) +M(C:0K, Fs:3, WS:12K # 0K, PF:0K # 0K, P:0K)\n[10] 0.000001 +J(0)\n[11] 0.001030 -0.000454 (2) WT +J(0)\n[12] 0.000029 +J(0) +M(C:0K, Fs:2, WS:4K # 0K, PF:-4K # 0K, P:-4K)\n[13] 0.000236 +J(0)\n[14] 0.000012 +J(0) +M(C:0K, Fs:0, WS:-16K # 0K, PF:-32K # 0K, P:-32K)\n[15] 0.000002 +J(0).","lastlogsize":25812,"timestamp":1662366851,"source":"ESENT","severity":1,"eventid":103,"id":835,"clock":1689161307,"ns":931286300},{"host":"Windows host","key":"eventlog[Application]","value":"Windows Search Service stopped normally.\n","lastlogsize":25813,"timestamp":1662366851,"source":"Microsoft-Windows-Search","severity":1,"eventid":1013,"id":836,"clock":1689161307,"ns":936283400},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (6788,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0).","lastlogsize":25814,"timestamp":1662366852,"source":"ESENT","severity":1,"eventid":102,"id":837,"clock":1689161307,"ns":941081900},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (6788,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) \r\n \r\nAdditional Data:\r\n \r\n \r\nInternal Timing Sequence: \n[1] 0.000619 +J(0) +M(C:0K, Fs:189, WS:724K # 724K, PF:4852K # 4852K, P:4852K)\n[2] 0.000307 +J(0) +M(C:0K, Fs:256, WS:1020K # 1020K, PF:992K # 992K, P:992K)\n[3] 0.000020 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K)\n[4] 0.000081 +J(0) +M(C:0K, Fs:33, WS:132K # 132K, PF:368K # 368K, P:368K)\n[5] 0.001000 +J(0) +M(C:0K, Fs:10, WS:40K # 40K, PF:20K # 20K, P:20K)\n[6] 0.003288 +J(0) +M(C:0K, Fs:25, WS:100K # 100K, PF:12K # 12K, P:12K)\n[7] 0.002441 +J(0) +M(C:0K, Fs:271, WS:1080K # 1080K, PF:1032K # 1032K, P:1032K)\n[8] -\n[9] -\n[10] -\n[11] -\n[12] -\n[13] 0.007855 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1024K # 12K, P:-1024K)\n[14] 0.000017 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:8K # 0K, P:8K)\n[15] 0.000060 +J(0) +M(C:0K, Fs:66, WS:260K # 0K, PF:68K # 0K, P:68K)\n[16] 0.000185 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).","lastlogsize":25815,"timestamp":1662366852,"source":"ESENT","severity":1,"eventid":105,"id":838,"clock":1689161307,"ns":945902700},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (6788,D,50) Windows: The database engine attached a database (1, C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb). (Time=0 seconds) \r\n \r\nSaved Cache: 0 0 \r\nAdditional Data: lgposAttach = 00000BC9:005A:0268,\ndbv = 1568.110.240 \r\n \r\nInternal Timing Sequence: \n[1] 0.000002 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[2] 0.000306 +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K)\n[3] 0.004567 -0.001002 (5) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:128K # 0K, PF:140K # 0K, P:140K)\n[4] 0.000231 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[5] -\n[6] -\n[7] -\n[8] 0.005615 -0.004085 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:52, WS:204K # 0K, PF:712K # 0K, P:712K)\n[9] 0.006284 -0.000224 (5) CM -0.005885 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:288K # 224K, P:288K)\n[10] 0.000200 -0.000125 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 4K, PF:96K # 96K, P:96K)\n[11] 0.000010 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K)\n[12] 0.000030 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K)\n[13] 0.0 +J(0)\n[14] 0.0 +J(0)\n[15] 0.000003 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).","lastlogsize":25816,"timestamp":1662366852,"source":"ESENT","severity":1,"eventid":326,"id":839,"clock":1689161307,"ns":950871800},{"host":"Windows host","key":"eventlog[Application]","value":"The Windows Search Service started.\n","lastlogsize":25817,"timestamp":1662366852,"source":"Microsoft-Windows-Search","severity":1,"eventid":1003,"id":840,"clock":1689161307,"ns":955752900},{"host":"Windows host","key":"eventlog[Application]","value":"Beginning a Windows Installer transaction: c:\\program files\\microsoft office\\root\\integration\\c2rint.16.msi. Client Process Id: 4228.","lastlogsize":25818,"timestamp":1662366911,"source":"MsiInstaller","severity":1,"eventid":1040,"id":841,"clock":1689161307,"ns":960614700},{"host":"Windows host","key":"eventlog[Application]","value":"Product: Office 16 Click-to-Run Extensibility Component -- Configuration completed successfully.","lastlogsize":25819,"timestamp":1662366913,"source":"MsiInstaller","severity":1,"eventid":11728,"id":842,"clock":1689161307,"ns":965524200},{"host":"Windows host","key":"eventlog[Application]","value":"Windows Installer reconfigured the product. Product Name: Office 16 Click-to-Run Extensibility Component. Product Version: 16.0.15601.20064. Product Language: 0. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 0.","lastlogsize":25820,"timestamp":1662366913,"source":"MsiInstaller","severity":1,"eventid":1035,"id":843,"clock":1689161307,"ns":970825100},{"host":"Windows host","key":"eventlog[Application]","value":"Ending a Windows Installer transaction: c:\\program files\\microsoft office\\root\\integration\\c2rint.16.msi. Client Process Id: 4228.","lastlogsize":25821,"timestamp":1662366913,"source":"MsiInstaller","severity":1,"eventid":1042,"id":844,"clock":1689161307,"ns":976194400},{"host":"Windows host","key":"eventlog[Application]","value":"Beginning a Windows Installer transaction: c:\\program files\\microsoft office\\root\\integration\\c2rintloc.ru-ru.16.msi. Client Process Id: 4228.","lastlogsize":25822,"timestamp":1662366913,"source":"MsiInstaller","severity":1,"eventid":1040,"id":845,"clock":1689161307,"ns":981727900},{"host":"Windows host","key":"eventlog[Application]","value":"Продукт: Office 16 Click-to-Run Localization Component -- Настройка завершена успешно.","lastlogsize":25823,"timestamp":1662366914,"source":"MsiInstaller","severity":1,"eventid":11728,"id":846,"clock":1689161307,"ns":987233200},{"host":"Windows host","key":"eventlog[Application]","value":"Windows Installer reconfigured the product. Product Name: Office 16 Click-to-Run Localization Component. Product Version: 16.0.15601.20064. Product Language: 1049. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 0.","lastlogsize":25824,"timestamp":1662366914,"source":"MsiInstaller","severity":1,"eventid":1035,"id":847,"clock":1689161307,"ns":993039300},{"host":"Windows host","key":"eventlog[Application]","value":"Ending a Windows Installer transaction: c:\\program files\\microsoft office\\root\\integration\\c2rintloc.ru-ru.16.msi. Client Process Id: 4228.","lastlogsize":25825,"timestamp":1662366914,"source":"MsiInstaller","severity":1,"eventid":1042,"id":848,"clock":1689161307,"ns":999299800},{"host":"Windows host","key":"eventlog[Application]","value":"Beginning a Windows Installer transaction: c:\\program files\\microsoft office\\root\\integration\\sppredist.msi. Client Process Id: 4228.","lastlogsize":25826,"timestamp":1662366914,"source":"MsiInstaller","severity":1,"eventid":1040,"id":849,"clock":1689161308,"ns":4977700},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25827,"timestamp":1662366915,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":850,"clock":1689161308,"ns":11489900}],"clock":1689161308,"ns":17333300}] 9284:20230712:142828.023 JSON back [{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002248"}] 9284:20230712:142828.023 In check_response() response:'{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002248"}' 9284:20230712:142828.024 info from server: 'processed: 50; failed: 0; total: 50; seconds spent: 0.002248' 9284:20230712:142828.025 End of check_response():SUCCEED 9284:20230712:142828.025 OK 9284:20230712:142828.026 End of send_buffer():SUCCEED 9284:20230712:142828.027 End of process_value():SUCCEED 9284:20230712:142828.027 In zbx_parse_eventlog_message6() EventRecordID:25828 9284:20230712:142828.028 In expand_message6() 9284:20230712:142828.030 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142828.030 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.031 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25828 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142828.031 buffer: new element 0 9284:20230712:142828.032 End of process_value():SUCCEED 9284:20230712:142828.032 In zbx_parse_eventlog_message6() EventRecordID:25829 9284:20230712:142828.033 In expand_message6() 9284:20230712:142828.034 End of expand_message6():Product: Office 16 Click-to-Run Licensing Component -- Configuration completed successfully. 9284:20230712:142828.035 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.035 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25829 value:'Product: Office 16 Click-to-Run Licensing Component -- Configuration completed successfully.' 9284:20230712:142828.036 buffer: new element 1 9284:20230712:142828.036 End of process_value():SUCCEED 9284:20230712:142828.037 In zbx_parse_eventlog_message6() EventRecordID:25830 9284:20230712:142828.037 In expand_message6() 9284:20230712:142828.039 End of expand_message6():Windows Installer reconfigured the product. Product Name: Office 16 Click-to-Run Licensing Component. Product Version: 16.0.15601.20064. Product Language: 0. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 0. 9284:20230712:142828.039 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.040 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25830 value:'Windows Installer reconfigured the product. Product Name: Office 16 Click-to-Run Licensing Component. Product Version: 16.0.15601.20064. Product Language: 0. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 0.' 9284:20230712:142828.041 buffer: new element 2 9284:20230712:142828.041 End of process_value():SUCCEED 9284:20230712:142828.042 In zbx_parse_eventlog_message6() EventRecordID:25831 9284:20230712:142828.043 In expand_message6() 9284:20230712:142828.044 End of expand_message6():Ending a Windows Installer transaction: c:\program files\microsoft office\root\integration\sppredist.msi. Client Process Id: 4228. 9284:20230712:142828.045 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.046 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25831 value:'Ending a Windows Installer transaction: c:\program files\microsoft office\root\integration\sppredist.msi. Client Process Id: 4228.' 9284:20230712:142828.046 buffer: new element 3 9284:20230712:142828.047 End of process_value():SUCCEED 9284:20230712:142828.047 In zbx_parse_eventlog_message6() EventRecordID:25832 9284:20230712:142828.048 In expand_message6() 9284:20230712:142828.049 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-12T08:35:46Z. Reason: RulesEngine. 9284:20230712:142828.050 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.050 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25832 value:'Successfully scheduled Software Protection service for re-start at 2122-08-12T08:35:46Z. Reason: RulesEngine.' 9284:20230712:142828.051 buffer: new element 4 9284:20230712:142828.051 End of process_value():SUCCEED 9284:20230712:142828.052 In zbx_parse_eventlog_message6() EventRecordID:25833 9284:20230712:142828.052 In expand_message6() 9284:20230712:142828.054 End of expand_message6():Starting reconciliation for the store C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.nst for the following reason: Automatic Reconciliation. 9284:20230712:142828.054 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.055 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25833 value:'Starting reconciliation for the store C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.nst for the following reason: Automatic Reconciliation.' 9284:20230712:142828.055 buffer: new element 5 9284:20230712:142828.056 End of process_value():SUCCEED 9284:20230712:142828.056 In zbx_parse_eventlog_message6() EventRecordID:25834 9284:20230712:142828.057 In expand_message6() 9284:20230712:142828.058 End of expand_message6():Reconciliation completed for the following store: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.nst. Stats: Added: 0, Deleted: 0, Modified: 0, Compared: 574, Queries: 0, Results: 0, Version: 16.0.15601.20072. 9284:20230712:142828.058 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.059 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25834 value:'Reconciliation completed for the following store: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.nst. Stats: Added: 0, Deleted: 0, Modified: 0, Compared: 574, Queries: 0, Results: 0, Version: 16.0.15601.20072.' 9284:20230712:142828.059 buffer: new element 6 9284:20230712:142828.060 End of process_value():SUCCEED 9284:20230712:142828.060 In zbx_parse_eventlog_message6() EventRecordID:25835 9284:20230712:142828.061 In expand_message6() 9284:20230712:142828.063 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142828.063 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.064 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25835 value:'Offline downlevel migration succeeded.' 9284:20230712:142828.064 buffer: new element 7 9284:20230712:142828.065 End of process_value():SUCCEED 9284:20230712:142828.066 In zbx_parse_eventlog_message6() EventRecordID:25836 9284:20230712:142828.066 In expand_message6() 9284:20230712:142828.068 End of expand_message6():Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100 9284:20230712:142828.069 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.069 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25836 value:'Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100' 9284:20230712:142828.070 buffer: new element 8 9284:20230712:142828.070 End of process_value():SUCCEED 9284:20230712:142828.071 In zbx_parse_eventlog_message6() EventRecordID:25837 9284:20230712:142828.071 In expand_message6() 9284:20230712:142828.073 End of expand_message6():Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100 9284:20230712:142828.073 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.074 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25837 value:'Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100' 9284:20230712:142828.075 buffer: new element 9 9284:20230712:142828.075 End of process_value():SUCCEED 9284:20230712:142828.076 In zbx_parse_eventlog_message6() EventRecordID:25838 9284:20230712:142828.076 In expand_message6() 9284:20230712:142828.078 End of expand_message6():Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100 9284:20230712:142828.078 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.079 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25838 value:'Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100' 9284:20230712:142828.080 buffer: new element 10 9284:20230712:142828.080 End of process_value():SUCCEED 9284:20230712:142828.081 In zbx_parse_eventlog_message6() EventRecordID:25839 9284:20230712:142828.082 In expand_message6() 9284:20230712:142828.083 End of expand_message6():Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100 9284:20230712:142828.084 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.085 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25839 value:'Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100' 9284:20230712:142828.085 buffer: new element 11 9284:20230712:142828.086 End of process_value():SUCCEED 9284:20230712:142828.086 In zbx_parse_eventlog_message6() EventRecordID:25840 9284:20230712:142828.087 In expand_message6() 9284:20230712:142828.089 End of expand_message6():Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100 9284:20230712:142828.089 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.090 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25840 value:'Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100' 9284:20230712:142828.090 buffer: new element 12 9284:20230712:142828.091 End of process_value():SUCCEED 9284:20230712:142828.092 In zbx_parse_eventlog_message6() EventRecordID:25841 9284:20230712:142828.092 In expand_message6() 9284:20230712:142828.094 End of expand_message6():Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100 9284:20230712:142828.094 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.095 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25841 value:'Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100' 9284:20230712:142828.095 buffer: new element 13 9284:20230712:142828.096 End of process_value():SUCCEED 9284:20230712:142828.096 In zbx_parse_eventlog_message6() EventRecordID:25842 9284:20230712:142828.097 In expand_message6() 9284:20230712:142828.099 End of expand_message6():Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100 9284:20230712:142828.099 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.100 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25842 value:'Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100' 9284:20230712:142828.100 buffer: new element 14 9284:20230712:142828.101 End of process_value():SUCCEED 9284:20230712:142828.101 In zbx_parse_eventlog_message6() EventRecordID:25843 9284:20230712:142828.102 In expand_message6() 9284:20230712:142828.104 End of expand_message6():Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100 9284:20230712:142828.105 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.106 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25843 value:'Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100' 9284:20230712:142828.106 buffer: new element 15 9284:20230712:142828.107 End of process_value():SUCCEED 9284:20230712:142828.107 In zbx_parse_eventlog_message6() EventRecordID:25844 9284:20230712:142828.108 In expand_message6() 9284:20230712:142828.110 End of expand_message6():Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100 9284:20230712:142828.111 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.111 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25844 value:'Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100' 9284:20230712:142828.112 buffer: new element 16 9284:20230712:142828.112 End of process_value():SUCCEED 9284:20230712:142828.113 In zbx_parse_eventlog_message6() EventRecordID:25845 9284:20230712:142828.113 In expand_message6() 9284:20230712:142828.115 End of expand_message6():Duplicate definition of policy found. Policy name=Security-SPP-WriteWauMarker Priority=500 9284:20230712:142828.116 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.116 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25845 value:'Duplicate definition of policy found. Policy name=Security-SPP-WriteWauMarker Priority=500' 9284:20230712:142828.117 buffer: new element 17 9284:20230712:142828.117 End of process_value():SUCCEED 9284:20230712:142828.118 In zbx_parse_eventlog_message6() EventRecordID:25846 9284:20230712:142828.118 In expand_message6() 9284:20230712:142828.120 End of expand_message6():These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=bd3762d7-270d-4760-8fb3-d829ca45278a 9284:20230712:142828.121 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.121 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25846 value:'These policies are being excluded since they are only defined with override-only attribute. Policy Names=(Security-SPP-Reserved-EnableNotificationMode) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=bd3762d7-270d-4760-8fb3-d829ca45278a' 9284:20230712:142828.122 buffer: new element 18 9284:20230712:142828.122 End of process_value():SUCCEED 9284:20230712:142828.123 In zbx_parse_eventlog_message6() EventRecordID:25847 9284:20230712:142828.124 In expand_message6() 9284:20230712:142828.125 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-12T09:20:21Z. Reason: RulesEngine. 9284:20230712:142828.126 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.127 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25847 value:'Successfully scheduled Software Protection service for re-start at 2122-08-12T09:20:21Z. Reason: RulesEngine.' 9284:20230712:142828.127 buffer: new element 19 9284:20230712:142828.128 End of process_value():SUCCEED 9284:20230712:142828.128 In zbx_parse_eventlog_message6() EventRecordID:25848 9284:20230712:142828.129 In expand_message6() 9284:20230712:142828.130 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142828.131 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.132 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25848 value:'Offline downlevel migration succeeded.' 9284:20230712:142828.132 buffer: new element 20 9284:20230712:142828.133 End of process_value():SUCCEED 9284:20230712:142828.133 In zbx_parse_eventlog_message6() EventRecordID:25849 9284:20230712:142828.134 In expand_message6() 9284:20230712:142828.135 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142828.136 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.136 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25849 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142828.137 buffer: new element 21 9284:20230712:142828.138 End of process_value():SUCCEED 9284:20230712:142828.138 In zbx_parse_eventlog_message6() EventRecordID:25850 9284:20230712:142828.139 In expand_message6() 9284:20230712:142828.141 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-12T09:21:22Z. Reason: RulesEngine. 9284:20230712:142828.141 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.142 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25850 value:'Successfully scheduled Software Protection service for re-start at 2122-08-12T09:21:22Z. Reason: RulesEngine.' 9284:20230712:142828.143 buffer: new element 22 9284:20230712:142828.143 End of process_value():SUCCEED 9284:20230712:142828.144 In zbx_parse_eventlog_message6() EventRecordID:25851 9284:20230712:142828.145 In expand_message6() 9284:20230712:142828.146 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142828.147 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.148 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25851 value:'Offline downlevel migration succeeded.' 9284:20230712:142828.148 buffer: new element 23 9284:20230712:142828.149 End of process_value():SUCCEED 9284:20230712:142828.150 In zbx_parse_eventlog_message6() EventRecordID:25852 9284:20230712:142828.150 In expand_message6() 9284:20230712:142828.152 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-12T10:48:15Z. Reason: RulesEngine. 9284:20230712:142828.153 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.153 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25852 value:'Successfully scheduled Software Protection service for re-start at 2122-08-12T10:48:15Z. Reason: RulesEngine.' 9284:20230712:142828.154 buffer: new element 24 9284:20230712:142828.155 End of process_value():SUCCEED 9284:20230712:142828.155 In zbx_parse_eventlog_message6() EventRecordID:25853 9284:20230712:142828.156 In expand_message6() 9284:20230712:142828.157 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142828.157 ====== Fatal information: ====== 9284:20230712:142828.158 Program counter: 0x67e2cf19 9284:20230712:142828.158 === Registers: === 9284:20230712:142828.159 r8 = 18 = 24 = 24 9284:20230712:142828.159 r9 = 0 = 0 = 0 9284:20230712:142828.160 r10 = 0 = 0 = 0 9284:20230712:142828.160 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142828.161 r12 = 38623f0 = 59122672 = 59122672 9284:20230712:142828.162 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142828.162 r14 = 0 = 0 = 0 9284:20230712:142828.163 r15 = 0 = 0 = 0 9284:20230712:142828.163 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142828.164 rsi = 385e050 = 59105360 = 59105360 9284:20230712:142828.164 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142828.165 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142828.165 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142828.166 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142828.166 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142828.167 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142828.168 efl = 202 = 514 = 514 9284:20230712:142828.168 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142828.169 === Backtrace: === 9284:20230712:142828.335 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142828.336 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142828.337 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142828.337 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142828.338 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142828.341 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142828.341 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142828.342 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142828.343 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142828.344 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142828.345 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142828.346 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142828.347 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142828.348 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142828.350 ================================ 9284:20230712:142828.350 provider 'gupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142828.351 End of expand_message6():(null) 9284:20230712:142828.352 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.353 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25853 value:'The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142828.353 buffer: new element 25 9284:20230712:142828.354 End of process_value():SUCCEED 9284:20230712:142828.355 In zbx_parse_eventlog_message6() EventRecordID:25854 9284:20230712:142828.355 In expand_message6() 9284:20230712:142828.356 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142828.357 ====== Fatal information: ====== 9284:20230712:142828.357 Program counter: 0x67e2cf19 9284:20230712:142828.358 === Registers: === 9284:20230712:142828.359 r8 = 18 = 24 = 24 9284:20230712:142828.359 r9 = 0 = 0 = 0 9284:20230712:142828.360 r10 = 0 = 0 = 0 9284:20230712:142828.361 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142828.361 r12 = 6af720 = 7010080 = 7010080 9284:20230712:142828.362 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142828.363 r14 = 0 = 0 = 0 9284:20230712:142828.363 r15 = 0 = 0 = 0 9284:20230712:142828.364 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142828.365 rsi = 385f9f0 = 59111920 = 59111920 9284:20230712:142828.365 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142828.366 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142828.367 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142828.368 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142828.368 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142828.369 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142828.369 efl = 202 = 514 = 514 9284:20230712:142828.370 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142828.371 === Backtrace: === 9284:20230712:142828.515 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142828.515 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142828.516 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142828.517 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142828.518 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142828.520 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142828.521 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 2184:20230712:142828.522 In collect_perfstat() 9284:20230712:142828.523 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142828.524 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142828.526 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142828.527 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142828.528 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142828.529 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 2184:20230712:142828.530 End of collect_perfstat() 9284:20230712:142828.531 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142828.533 ================================ 9284:20230712:142828.534 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142828.534 End of expand_message6():(null) 9284:20230712:142828.535 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.537 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25854 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started' 9284:20230712:142828.537 buffer: new element 26 9284:20230712:142828.538 End of process_value():SUCCEED 9284:20230712:142828.539 In zbx_parse_eventlog_message6() EventRecordID:25855 9284:20230712:142828.540 In expand_message6() 9284:20230712:142828.541 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142828.541 ====== Fatal information: ====== 9284:20230712:142828.542 Program counter: 0x67e2cf19 9284:20230712:142828.543 === Registers: === 9284:20230712:142828.544 r8 = 18 = 24 = 24 9284:20230712:142828.545 r9 = 0 = 0 = 0 9284:20230712:142828.546 r10 = 0 = 0 = 0 9284:20230712:142828.546 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142828.547 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142828.548 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142828.549 r14 = 0 = 0 = 0 9284:20230712:142828.550 r15 = 0 = 0 = 0 9284:20230712:142828.550 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142828.551 rsi = 385f6d0 = 59111120 = 59111120 9284:20230712:142828.552 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142828.553 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142828.553 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142828.554 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142828.555 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142828.555 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142828.556 efl = 202 = 514 = 514 9284:20230712:142828.556 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142828.557 === Backtrace: === 9284:20230712:142828.704 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142828.705 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142828.705 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142828.706 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142828.707 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142828.710 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142828.711 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142828.712 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142828.713 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142828.714 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142828.715 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142828.716 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142828.716 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142828.717 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142828.723 ================================ 9284:20230712:142828.724 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142828.724 End of expand_message6():(null) 9284:20230712:142828.725 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.725 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25855 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142828.726 buffer: new element 27 9284:20230712:142828.726 End of process_value():SUCCEED 9284:20230712:142828.727 In zbx_parse_eventlog_message6() EventRecordID:25856 9284:20230712:142828.728 In expand_message6() 9284:20230712:142828.729 End of expand_message6():Starting session 1 - ‎2022‎-‎09‎-‎05T12:05:34.048712600Z. 9284:20230712:142828.730 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.730 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25856 value:'Starting session 1 - ‎2022‎-‎09‎-‎05T12:05:34.048712600Z.' 9284:20230712:142828.731 buffer: new element 28 9284:20230712:142828.731 End of process_value():SUCCEED 9284:20230712:142828.732 In zbx_parse_eventlog_message6() EventRecordID:25857 9284:20230712:142828.732 In expand_message6() 9284:20230712:142828.734 End of expand_message6():Ending session 1 started ‎2022‎-‎09‎-‎05T12:05:34.048712600Z. 9284:20230712:142828.735 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.735 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25857 value:'Ending session 1 started ‎2022‎-‎09‎-‎05T12:05:34.048712600Z.' 9284:20230712:142828.736 buffer: new element 29 9284:20230712:142828.736 End of process_value():SUCCEED 9284:20230712:142828.737 In zbx_parse_eventlog_message6() EventRecordID:25858 9284:20230712:142828.737 In expand_message6() 9284:20230712:142828.739 End of expand_message6():Starting session 1 - ‎2022‎-‎09‎-‎05T12:05:35.705751300Z. 9284:20230712:142828.740 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.740 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25858 value:'Starting session 1 - ‎2022‎-‎09‎-‎05T12:05:35.705751300Z.' 9284:20230712:142828.741 buffer: new element 30 9284:20230712:142828.742 End of process_value():SUCCEED 9284:20230712:142828.742 In zbx_parse_eventlog_message6() EventRecordID:25859 9284:20230712:142828.743 In expand_message6() 9284:20230712:142828.745 End of expand_message6():Ending session 1 started ‎2022‎-‎09‎-‎05T12:05:35.705751300Z. 9284:20230712:142828.745 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.746 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25859 value:'Ending session 1 started ‎2022‎-‎09‎-‎05T12:05:35.705751300Z.' 9284:20230712:142828.746 buffer: new element 31 9284:20230712:142828.747 End of process_value():SUCCEED 9284:20230712:142828.747 In zbx_parse_eventlog_message6() EventRecordID:25860 9284:20230712:142828.748 In expand_message6() 9284:20230712:142828.750 End of expand_message6():Starting session 1 - ‎2022‎-‎09‎-‎05T12:05:39.010276200Z. 9284:20230712:142828.750 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.751 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25860 value:'Starting session 1 - ‎2022‎-‎09‎-‎05T12:05:39.010276200Z.' 9284:20230712:142828.751 buffer: new element 32 9284:20230712:142828.752 End of process_value():SUCCEED 9284:20230712:142828.752 In zbx_parse_eventlog_message6() EventRecordID:25861 9284:20230712:142828.753 In expand_message6() 9284:20230712:142828.754 End of expand_message6():Ending session 1 started ‎2022‎-‎09‎-‎05T12:05:39.010276200Z. 9284:20230712:142828.755 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.755 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25861 value:'Ending session 1 started ‎2022‎-‎09‎-‎05T12:05:39.010276200Z.' 9284:20230712:142828.756 buffer: new element 33 9284:20230712:142828.756 End of process_value():SUCCEED 9284:20230712:142828.757 In zbx_parse_eventlog_message6() EventRecordID:25862 9284:20230712:142828.757 In expand_message6() 9284:20230712:142828.759 End of expand_message6():Starting session 1 - ‎2022‎-‎09‎-‎05T12:05:40.465149900Z. 9284:20230712:142828.760 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.761 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25862 value:'Starting session 1 - ‎2022‎-‎09‎-‎05T12:05:40.465149900Z.' 9284:20230712:142828.761 buffer: new element 34 9284:20230712:142828.762 End of process_value():SUCCEED 9284:20230712:142828.762 In zbx_parse_eventlog_message6() EventRecordID:25863 9284:20230712:142828.763 In expand_message6() 9284:20230712:142828.765 End of expand_message6():Ending session 1 started ‎2022‎-‎09‎-‎05T12:05:40.465149900Z. 9284:20230712:142828.766 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.766 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25863 value:'Ending session 1 started ‎2022‎-‎09‎-‎05T12:05:40.465149900Z.' 9284:20230712:142828.767 buffer: new element 35 9284:20230712:142828.768 End of process_value():SUCCEED 9284:20230712:142828.768 In zbx_parse_eventlog_message6() EventRecordID:25864 9284:20230712:142828.769 In expand_message6() 9284:20230712:142828.771 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142828.771 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.772 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25864 value:'Offline downlevel migration succeeded.' 9284:20230712:142828.772 buffer: new element 36 9284:20230712:142828.773 End of process_value():SUCCEED 9284:20230712:142828.774 In zbx_parse_eventlog_message6() EventRecordID:25865 9284:20230712:142828.774 In expand_message6() 9284:20230712:142828.776 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-12T12:19:54Z. Reason: RulesEngine. 9284:20230712:142828.777 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.777 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25865 value:'Successfully scheduled Software Protection service for re-start at 2122-08-12T12:19:54Z. Reason: RulesEngine.' 9284:20230712:142828.778 buffer: new element 37 9284:20230712:142828.778 End of process_value():SUCCEED 9284:20230712:142828.779 In zbx_parse_eventlog_message6() EventRecordID:25866 9284:20230712:142828.779 In expand_message6() 9284:20230712:142828.781 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142828.782 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.782 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25866 value:'Offline downlevel migration succeeded.' 9284:20230712:142828.783 buffer: new element 38 9284:20230712:142828.784 End of process_value():SUCCEED 9284:20230712:142828.784 In zbx_parse_eventlog_message6() EventRecordID:25867 9284:20230712:142828.785 In expand_message6() 9284:20230712:142828.786 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142828.787 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.788 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25867 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142828.788 buffer: new element 39 9284:20230712:142828.789 End of process_value():SUCCEED 9284:20230712:142828.790 In zbx_parse_eventlog_message6() EventRecordID:25868 9284:20230712:142828.790 In expand_message6() 9284:20230712:142828.792 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-12T12:21:09Z. Reason: RulesEngine. 9284:20230712:142828.793 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.794 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25868 value:'Successfully scheduled Software Protection service for re-start at 2122-08-12T12:21:09Z. Reason: RulesEngine.' 9284:20230712:142828.794 buffer: new element 40 9284:20230712:142828.795 End of process_value():SUCCEED 9284:20230712:142828.796 In zbx_parse_eventlog_message6() EventRecordID:25869 9284:20230712:142828.796 In expand_message6() 9284:20230712:142828.798 End of expand_message6():The VSS service is shutting down due to idle timeout. 9284:20230712:142828.799 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.799 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25869 value:'The VSS service is shutting down due to idle timeout. ' 9284:20230712:142828.800 buffer: new element 41 9284:20230712:142828.801 End of process_value():SUCCEED 9284:20230712:142828.801 In zbx_parse_eventlog_message6() EventRecordID:25870 9284:20230712:142828.802 In expand_message6() 9284:20230712:142828.803 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142828.804 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.805 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25870 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142828.805 buffer: new element 42 9284:20230712:142828.806 End of process_value():SUCCEED 9284:20230712:142828.807 In zbx_parse_eventlog_message6() EventRecordID:25871 9284:20230712:142828.807 In expand_message6() 9284:20230712:142828.809 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142828.809 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.810 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25871 value:'Offline downlevel migration succeeded.' 9284:20230712:142828.811 buffer: new element 43 9284:20230712:142828.811 End of process_value():SUCCEED 9284:20230712:142828.812 In zbx_parse_eventlog_message6() EventRecordID:25872 9284:20230712:142828.812 In expand_message6() 9284:20230712:142828.814 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-12T13:15:09Z. Reason: RulesEngine. 9284:20230712:142828.815 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.815 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25872 value:'Successfully scheduled Software Protection service for re-start at 2122-08-12T13:15:09Z. Reason: RulesEngine.' 9284:20230712:142828.816 buffer: new element 44 9284:20230712:142828.816 End of process_value():SUCCEED 9284:20230712:142828.817 In zbx_parse_eventlog_message6() EventRecordID:25873 9284:20230712:142828.818 In expand_message6() 9284:20230712:142828.819 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142828.820 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.821 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25873 value:'Offline downlevel migration succeeded.' 9284:20230712:142828.821 buffer: new element 45 9284:20230712:142828.822 End of process_value():SUCCEED 9284:20230712:142828.822 In zbx_parse_eventlog_message6() EventRecordID:25874 9284:20230712:142828.823 In expand_message6() 9284:20230712:142828.825 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-12T14:17:46Z. Reason: RulesEngine. 9284:20230712:142828.825 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.826 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25874 value:'Successfully scheduled Software Protection service for re-start at 2122-08-12T14:17:46Z. Reason: RulesEngine.' 9284:20230712:142828.826 buffer: new element 46 9284:20230712:142828.827 End of process_value():SUCCEED 9284:20230712:142828.828 In zbx_parse_eventlog_message6() EventRecordID:25875 9284:20230712:142828.828 In expand_message6() 9284:20230712:142828.830 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142828.830 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.831 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25875 value:'Offline downlevel migration succeeded.' 9284:20230712:142828.831 buffer: new element 47 9284:20230712:142828.832 End of process_value():SUCCEED 9284:20230712:142828.833 In zbx_parse_eventlog_message6() EventRecordID:25876 9284:20230712:142828.833 In expand_message6() 9284:20230712:142828.835 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142828.836 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.836 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25876 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142828.837 buffer: new element 48 9284:20230712:142828.837 End of process_value():SUCCEED 9284:20230712:142828.838 In zbx_parse_eventlog_message6() EventRecordID:25877 9284:20230712:142828.838 In expand_message6() 9284:20230712:142828.840 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 9284:20230712:142828.840 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.841 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25877 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] ' 9284:20230712:142828.841 buffer: new element 49 9284:20230712:142828.842 In send_buffer() host:'192.168.56.201' port:10051 entries:50/100 9284:20230712:142828.843 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:60, connection timeout:3] 9284:20230712:142828.844 JSON before sending [{"request":"agent data","session":"4027be861358abcc6136983f1f36335c","data":[{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25828,"timestamp":1662366916,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":851,"clock":1689161308,"ns":31665300},{"host":"Windows host","key":"eventlog[Application]","value":"Product: Office 16 Click-to-Run Licensing Component -- Configuration completed successfully.","lastlogsize":25829,"timestamp":1662366916,"source":"MsiInstaller","severity":1,"eventid":11728,"id":852,"clock":1689161308,"ns":36198000},{"host":"Windows host","key":"eventlog[Application]","value":"Windows Installer reconfigured the product. Product Name: Office 16 Click-to-Run Licensing Component. Product Version: 16.0.15601.20064. Product Language: 0. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 0.","lastlogsize":25830,"timestamp":1662366916,"source":"MsiInstaller","severity":1,"eventid":1035,"id":853,"clock":1689161308,"ns":41308200},{"host":"Windows host","key":"eventlog[Application]","value":"Ending a Windows Installer transaction: c:\\program files\\microsoft office\\root\\integration\\sppredist.msi. Client Process Id: 4228.","lastlogsize":25831,"timestamp":1662366916,"source":"MsiInstaller","severity":1,"eventid":1042,"id":854,"clock":1689161308,"ns":46697300},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-12T08:35:46Z. Reason: RulesEngine.","lastlogsize":25832,"timestamp":1662366946,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":855,"clock":1689161308,"ns":51245800},{"host":"Windows host","key":"eventlog[Application]","value":"Starting reconciliation for the store C:\\Users\\MihailsPrihodko\\AppData\\Local\\Microsoft\\Outlook\\mihails.prihodko@zabbix.com.nst for the following reason: Automatic Reconciliation.","lastlogsize":25833,"timestamp":1662368986,"source":"Outlook","severity":1,"eventid":30,"id":856,"clock":1689161308,"ns":55768700},{"host":"Windows host","key":"eventlog[Application]","value":"Reconciliation completed for the following store: C:\\Users\\MihailsPrihodko\\AppData\\Local\\Microsoft\\Outlook\\mihails.prihodko@zabbix.com.nst. Stats: Added: 0, Deleted: 0, Modified: 0, Compared: 574, Queries: 0, Results: 0, Version: 16.0.15601.20072.","lastlogsize":25834,"timestamp":1662368989,"source":"Outlook","severity":1,"eventid":38,"id":857,"clock":1689161308,"ns":60023900},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25835,"timestamp":1662369558,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":858,"clock":1689161308,"ns":64912600},{"host":"Windows host","key":"eventlog[Application]","value":"Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100","lastlogsize":25836,"timestamp":1662369559,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1034,"id":859,"clock":1689161308,"ns":70276200},{"host":"Windows host","key":"eventlog[Application]","value":"Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100","lastlogsize":25837,"timestamp":1662369559,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1034,"id":860,"clock":1689161308,"ns":75179800},{"host":"Windows host","key":"eventlog[Application]","value":"Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100","lastlogsize":25838,"timestamp":1662369559,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1034,"id":861,"clock":1689161308,"ns":80386000},{"host":"Windows host","key":"eventlog[Application]","value":"Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100","lastlogsize":25839,"timestamp":1662369559,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1034,"id":862,"clock":1689161308,"ns":85869400},{"host":"Windows host","key":"eventlog[Application]","value":"Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100","lastlogsize":25840,"timestamp":1662369559,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1034,"id":863,"clock":1689161308,"ns":91044700},{"host":"Windows host","key":"eventlog[Application]","value":"Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100","lastlogsize":25841,"timestamp":1662369559,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1034,"id":864,"clock":1689161308,"ns":96026600},{"host":"Windows host","key":"eventlog[Application]","value":"Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100","lastlogsize":25842,"timestamp":1662369559,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1034,"id":865,"clock":1689161308,"ns":100900500},{"host":"Windows host","key":"eventlog[Application]","value":"Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100","lastlogsize":25843,"timestamp":1662369559,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1034,"id":866,"clock":1689161308,"ns":106830300},{"host":"Windows host","key":"eventlog[Application]","value":"Duplicate definition of policy found. Policy name=AAD-BlockAADWorkplaceJoin-Default Priority=100","lastlogsize":25844,"timestamp":1662369559,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1034,"id":867,"clock":1689161308,"ns":112259800},{"host":"Windows host","key":"eventlog[Application]","value":"Duplicate definition of policy found. Policy name=Security-SPP-WriteWauMarker Priority=500","lastlogsize":25845,"timestamp":1662369559,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1034,"id":868,"clock":1689161308,"ns":117306700},{"host":"Windows host","key":"eventlog[Application]","value":"These policies are being excluded since they are only defined with override-only attribute.\r\nPolicy Names=(Security-SPP-Reserved-EnableNotificationMode) \r\nApp Id=55c92734-d682-4d71-983e-d6ec3f16059f\r\nSku Id=bd3762d7-270d-4760-8fb3-d829ca45278a","lastlogsize":25846,"timestamp":1662369559,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1033,"id":869,"clock":1689161308,"ns":122499000},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-12T09:20:21Z. Reason: RulesEngine.","lastlogsize":25847,"timestamp":1662369621,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":870,"clock":1689161308,"ns":127849200},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25848,"timestamp":1662369652,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":871,"clock":1689161308,"ns":132685600},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25849,"timestamp":1662369663,"source":"SecurityCenter","severity":1,"eventid":15,"id":872,"clock":1689161308,"ns":137693200},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-12T09:21:22Z. Reason: RulesEngine.","lastlogsize":25850,"timestamp":1662369682,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":873,"clock":1689161308,"ns":143179900},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25851,"timestamp":1662374865,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":874,"clock":1689161308,"ns":149011100},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-12T10:48:15Z. Reason: RulesEngine.","lastlogsize":25852,"timestamp":1662374895,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":875,"clock":1689161308,"ns":154697100},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25853,"timestamp":1662376297,"source":"gupdate","severity":1,"id":876,"clock":1689161308,"ns":353868700},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started","lastlogsize":25854,"timestamp":1662376943,"source":"dbupdate","severity":1,"id":877,"clock":1689161308,"ns":538126600},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25855,"timestamp":1662376944,"source":"dbupdate","severity":1,"id":878,"clock":1689161308,"ns":726367500},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 1 - ‎2022‎-‎09‎-‎05T12:05:34.048712600Z.","lastlogsize":25856,"timestamp":1662379534,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":879,"clock":1689161308,"ns":731544400},{"host":"Windows host","key":"eventlog[Application]","value":"Ending session 1 started ‎2022‎-‎09‎-‎05T12:05:34.048712600Z.","lastlogsize":25857,"timestamp":1662379534,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10001,"id":880,"clock":1689161308,"ns":736488300},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 1 - ‎2022‎-‎09‎-‎05T12:05:35.705751300Z.","lastlogsize":25858,"timestamp":1662379535,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":881,"clock":1689161308,"ns":741474500},{"host":"Windows host","key":"eventlog[Application]","value":"Ending session 1 started ‎2022‎-‎09‎-‎05T12:05:35.705751300Z.","lastlogsize":25859,"timestamp":1662379535,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10001,"id":882,"clock":1689161308,"ns":746794900},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 1 - ‎2022‎-‎09‎-‎05T12:05:39.010276200Z.","lastlogsize":25860,"timestamp":1662379539,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":883,"clock":1689161308,"ns":751657800},{"host":"Windows host","key":"eventlog[Application]","value":"Ending session 1 started ‎2022‎-‎09‎-‎05T12:05:39.010276200Z.","lastlogsize":25861,"timestamp":1662379539,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10001,"id":884,"clock":1689161308,"ns":756398100},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 1 - ‎2022‎-‎09‎-‎05T12:05:40.465149900Z.","lastlogsize":25862,"timestamp":1662379540,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":885,"clock":1689161308,"ns":761811100},{"host":"Windows host","key":"eventlog[Application]","value":"Ending session 1 started ‎2022‎-‎09‎-‎05T12:05:40.465149900Z.","lastlogsize":25863,"timestamp":1662379540,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10001,"id":886,"clock":1689161308,"ns":767540400},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25864,"timestamp":1662380358,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":887,"clock":1689161308,"ns":772941100},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-12T12:19:54Z. Reason: RulesEngine.","lastlogsize":25865,"timestamp":1662380394,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":888,"clock":1689161308,"ns":778330500},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25866,"timestamp":1662380439,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":889,"clock":1689161308,"ns":783621800},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25867,"timestamp":1662380448,"source":"SecurityCenter","severity":1,"eventid":15,"id":890,"clock":1689161308,"ns":788799600},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-12T12:21:09Z. Reason: RulesEngine.","lastlogsize":25868,"timestamp":1662380469,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":891,"clock":1689161308,"ns":794912600},{"host":"Windows host","key":"eventlog[Application]","value":"The VSS service is shutting down due to idle timeout. ","lastlogsize":25869,"timestamp":1662380739,"source":"VSS","severity":1,"eventid":8224,"id":892,"clock":1689161308,"ns":800500900},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":25870,"timestamp":1662381216,"source":"Outlook","severity":1,"eventid":63,"id":893,"clock":1689161308,"ns":805909700},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25871,"timestamp":1662383678,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":894,"clock":1689161308,"ns":811226400},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-12T13:15:09Z. Reason: RulesEngine.","lastlogsize":25872,"timestamp":1662383709,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":895,"clock":1689161308,"ns":816408100},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25873,"timestamp":1662387435,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":896,"clock":1689161308,"ns":821829100},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-12T14:17:46Z. Reason: RulesEngine.","lastlogsize":25874,"timestamp":1662387466,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":897,"clock":1689161308,"ns":826974300},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25875,"timestamp":1662390777,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":898,"clock":1689161308,"ns":832082500},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25876,"timestamp":1662390777,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":899,"clock":1689161308,"ns":837279000},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n\n","lastlogsize":25877,"timestamp":1662390777,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":900,"clock":1689161308,"ns":841954200}],"clock":1689161308,"ns":843629700}] 9284:20230712:142828.848 JSON back [{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.001838"}] 9284:20230712:142828.848 In check_response() response:'{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.001838"}' 9284:20230712:142828.849 info from server: 'processed: 50; failed: 0; total: 50; seconds spent: 0.001838' 9284:20230712:142828.849 End of check_response():SUCCEED 9284:20230712:142828.850 OK 9284:20230712:142828.850 End of send_buffer():SUCCEED 9284:20230712:142828.851 End of process_value():SUCCEED 9284:20230712:142828.853 In zbx_parse_eventlog_message6() EventRecordID:25878 9284:20230712:142828.854 In expand_message6() 9284:20230712:142828.856 End of expand_message6():Outlook loaded the following add-in(s): Name: Microsoft Exchange Add-in Description: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability. ProgID: UmOutlookAddin.FormRegionAddin GUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\UmOutlookAddin.dll Boot Time (Milliseconds): 15 Name: Microsoft Teams Meeting Add-in for Microsoft Office Description: Microsoft Teams Meeting Add-in for Microsoft Office ProgID: TeamsAddin.FastConnect GUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D} Load Behavior: 3 HKLM: 0 Location: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22209.4\x64\Microsoft.Teams.AddinLoader.dll Boot Time (Milliseconds): 16 Name: Outlook Social Connector 2016 Description: Connects to social networking sites and provides people, activity, and status information. ProgID: OscAddin.Connect GUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\SOCIALCONNECTOR.DLL Boot Time (Milliseconds): 15 Name: OneNote Notes about Outlook Items Description: Adds Send to OneNote and Notes about this Item buttons to the command bar ProgID: OneNote.OutlookAddin GUID: {93E5752E-B889-47C5-8545-654EE2533C64} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll Boot Time (Milliseconds): 16 Name: Microsoft VBA for Outlook Addin Description: ProgID: Microsoft.VbaAddinForOutlook.1 GUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2} Load Behavior: 9 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\OUTLVBA.DLL Boot Time (Milliseconds): 0 Name: Microsoft SharePoint Server Colleague Import Add-in Description: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content ProgID: ColleagueImport.ColleagueImportAddin GUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120} Load Behavior: 3 HKLM: 0 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\ColleagueImport.dll Boot Time (Milliseconds): 16 Name: HP Sure Click Outlook Add-in 4.3.4.610 Description: HP Sure Click Outlook Add-in 4.3.4.610 ProgID: Bromium.vSentry.OutlookAddin GUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\HP\Sure Click\4.3.4.610\servers\BrOutlookAddin.dll Boot Time (Milliseconds): 31 9284:20230712:142828.856 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.857 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25878 value:'Outlook loaded the following add-in(s): Name: Microsoft Exchange Add-in Description: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability. ProgID: UmOutlookAddin.FormRegionAddin GUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\UmOutlookAddin.dll Boot Time (Milliseconds): 15 Name: Microsoft Teams Meeting Add-in for Microsoft Office Description: Microsoft Teams Meeting Add-in for Microsoft Office ProgID: TeamsAddin.FastConnect GUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D} Load Behavior: 3 HKLM: 0 Location: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22209.4\x64\Microsoft.Teams.AddinLoader.dll Boot Time (Milliseconds): 16 Name: Outlook Social Connector 2016 Description: Connects to social networking sites and provides people, activity, and status information. ProgID: OscAddin.Connect GUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\SOCIALCONNECTOR.DLL Boot Time (Milliseconds): 15 Name: OneNote Notes about Outlook Items Description: Adds Send to OneNote and Notes about this Item buttons to the command bar ProgID: OneNote.OutlookAddin GUID: {93E5752E-B889-47C5-8545-654EE2533C64} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll Boot Time (Milliseconds): 16 Name: Microsoft VBA for Outlook Addin Description: ProgID: Microsoft.VbaAddinForOutlook.1 GUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2} Load Behavior: 9 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\OUTLVBA.DLL Boot Time (Milliseconds): 0 Name: Microsoft SharePoint Server Colleague Import Add-in Description: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content ProgID: ColleagueImport.ColleagueImportAddin GUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120} Load Behavior: 3 HKLM: 0 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\ColleagueImport.dll Boot Time (Milliseconds): 16 Name: HP Sure Click Outlook Add-in 4.3.4.610 Description: HP Sure Click Outlook Add-in 4.3.4.610 ProgID: Bromium.vSentry.OutlookAddin GUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\HP\Sure Click\4.3.4.610\servers\BrOutlookAddin.dll Boot Time (Milliseconds): 31 ' 9284:20230712:142828.858 buffer: new element 0 9284:20230712:142828.858 End of process_value():SUCCEED 9284:20230712:142828.859 In zbx_parse_eventlog_message6() EventRecordID:25879 9284:20230712:142828.859 In expand_message6() 9284:20230712:142828.861 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142828.861 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.862 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25879 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142828.863 buffer: new element 1 9284:20230712:142828.863 End of process_value():SUCCEED 9284:20230712:142828.864 In zbx_parse_eventlog_message6() EventRecordID:25880 9284:20230712:142828.864 In expand_message6() 9284:20230712:142828.866 End of expand_message6():Starting reconciliation for the store C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.ost for the following reason: Indexing was disabled and then re-enabled. 9284:20230712:142828.866 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.867 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25880 value:'Starting reconciliation for the store C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.ost for the following reason: Indexing was disabled and then re-enabled.' 9284:20230712:142828.867 buffer: new element 2 9284:20230712:142828.868 End of process_value():SUCCEED 9284:20230712:142828.868 In zbx_parse_eventlog_message6() EventRecordID:25881 9284:20230712:142828.869 In expand_message6() 9284:20230712:142828.870 End of expand_message6():Reconciliation completed for the following store: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.ost. Stats: Added: 11, Deleted: 0, Modified: 1, Compared: 2072, Queries: 0, Results: 0, Version: 16.0.15601.20072. 9284:20230712:142828.871 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.871 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25881 value:'Reconciliation completed for the following store: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\Outlook\mihails.prihodko@zabbix.com.ost. Stats: Added: 11, Deleted: 0, Modified: 1, Compared: 2072, Queries: 0, Results: 0, Version: 16.0.15601.20072.' 9284:20230712:142828.872 buffer: new element 3 9284:20230712:142828.872 End of process_value():SUCCEED 9284:20230712:142828.873 In zbx_parse_eventlog_message6() EventRecordID:25882 9284:20230712:142828.873 In expand_message6() 9284:20230712:142828.875 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-12T15:13:29Z. Reason: RulesEngine. 9284:20230712:142828.876 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142828.876 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25882 value:'Successfully scheduled Software Protection service for re-start at 2122-08-12T15:13:29Z. Reason: RulesEngine.' 9284:20230712:142828.877 buffer: new element 4 9284:20230712:142828.877 End of process_value():SUCCEED 9284:20230712:142828.878 In zbx_parse_eventlog_message6() EventRecordID:25883 9284:20230712:142828.878 In expand_message6() 9284:20230712:142828.879 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142828.880 ====== Fatal information: ====== 9284:20230712:142828.880 Program counter: 0x67e2cf19 9284:20230712:142828.881 === Registers: === 9284:20230712:142828.881 r8 = 18 = 24 = 24 9284:20230712:142828.882 r9 = 0 = 0 = 0 9284:20230712:142828.882 r10 = 0 = 0 = 0 9284:20230712:142828.883 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142828.884 r12 = 384e250 = 59040336 = 59040336 9284:20230712:142828.884 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142828.885 r14 = 0 = 0 = 0 9284:20230712:142828.885 r15 = 0 = 0 = 0 9284:20230712:142828.886 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142828.886 rsi = 385eff0 = 59109360 = 59109360 9284:20230712:142828.887 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142828.887 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142828.888 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142828.888 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142828.889 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142828.889 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142828.890 efl = 202 = 514 = 514 9284:20230712:142828.890 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142828.891 === Backtrace: === 9284:20230712:142829.050 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142829.050 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142829.051 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142829.052 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142829.052 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142829.054 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142829.055 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142829.056 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142829.057 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142829.057 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142829.058 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142829.059 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142829.059 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142829.060 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142829.061 ================================ 9284:20230712:142829.062 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142829.062 End of expand_message6():(null) 9284:20230712:142829.063 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.063 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25883 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test ' 9284:20230712:142829.064 buffer: new element 5 9284:20230712:142829.064 End of process_value():SUCCEED 9284:20230712:142829.065 In zbx_parse_eventlog_message6() EventRecordID:25884 9284:20230712:142829.065 In expand_message6() 9284:20230712:142829.066 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142829.066 ====== Fatal information: ====== 9284:20230712:142829.067 Program counter: 0x67e2cf19 9284:20230712:142829.067 === Registers: === 9284:20230712:142829.068 r8 = 18 = 24 = 24 9284:20230712:142829.068 r9 = 0 = 0 = 0 9284:20230712:142829.069 r10 = 0 = 0 = 0 9284:20230712:142829.069 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142829.070 r12 = 384e5d0 = 59041232 = 59041232 9284:20230712:142829.070 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142829.071 r14 = 0 = 0 = 0 9284:20230712:142829.071 r15 = 0 = 0 = 0 9284:20230712:142829.072 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142829.072 rsi = 385e5f0 = 59106800 = 59106800 9284:20230712:142829.073 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142829.073 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142829.074 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142829.074 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142829.074 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142829.075 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142829.075 efl = 202 = 514 = 514 9284:20230712:142829.076 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142829.076 === Backtrace: === 9284:20230712:142829.219 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142829.220 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142829.220 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142829.221 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142829.222 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142829.224 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142829.225 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142829.225 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142829.226 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142829.227 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142829.228 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142829.228 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142829.229 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142829.230 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142829.231 ================================ 9284:20230712:142829.232 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142829.233 End of expand_message6():(null) 9284:20230712:142829.233 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.234 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25884 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 ' 9284:20230712:142829.234 buffer: new element 6 9284:20230712:142829.235 End of process_value():SUCCEED 9284:20230712:142829.235 In zbx_parse_eventlog_message6() EventRecordID:25885 9284:20230712:142829.236 In expand_message6() 9284:20230712:142829.238 End of expand_message6():The winlogon notification subscriber was unavailable to handle a notification event. 9284:20230712:142829.238 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.239 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25885 value:'The winlogon notification subscriber was unavailable to handle a notification event.' 9284:20230712:142829.239 buffer: new element 7 9284:20230712:142829.240 End of process_value():SUCCEED 9284:20230712:142829.240 In zbx_parse_eventlog_message6() EventRecordID:25886 9284:20230712:142829.241 In expand_message6() 9284:20230712:142829.243 End of expand_message6():The winlogon notification subscriber was unavailable to handle a notification event. 9284:20230712:142829.243 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.244 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25886 value:'The winlogon notification subscriber was unavailable to handle a notification event.' 9284:20230712:142829.244 buffer: new element 8 9284:20230712:142829.245 End of process_value():SUCCEED 9284:20230712:142829.245 In zbx_parse_eventlog_message6() EventRecordID:25887 9284:20230712:142829.246 In expand_message6() 9284:20230712:142829.246 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142829.247 ====== Fatal information: ====== 9284:20230712:142829.247 Program counter: 0x67e2cf19 9284:20230712:142829.248 === Registers: === 9284:20230712:142829.248 r8 = 18 = 24 = 24 9284:20230712:142829.249 r9 = 0 = 0 = 0 9284:20230712:142829.249 r10 = 0 = 0 = 0 9284:20230712:142829.249 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142829.250 r12 = 384f830 = 59045936 = 59045936 9284:20230712:142829.250 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142829.251 r14 = 0 = 0 = 0 9284:20230712:142829.251 r15 = 0 = 0 = 0 9284:20230712:142829.252 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142829.252 rsi = 385e5f0 = 59106800 = 59106800 9284:20230712:142829.253 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142829.253 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142829.254 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142829.254 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142829.255 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142829.255 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142829.256 efl = 202 = 514 = 514 9284:20230712:142829.256 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142829.257 === Backtrace: === 9284:20230712:142829.400 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142829.401 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142829.401 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142829.402 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142829.403 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142829.405 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142829.406 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142829.407 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142829.408 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142829.408 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142829.409 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142829.410 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142829.411 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142829.412 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142829.413 ================================ 9284:20230712:142829.414 provider 'BrService_4_3_4_610' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142829.414 End of expand_message6():(null) 9284:20230712:142829.415 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.416 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25887 value:'The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142829.416 buffer: new element 9 9284:20230712:142829.417 End of process_value():SUCCEED 9284:20230712:142829.418 In zbx_parse_eventlog_message6() EventRecordID:25888 9284:20230712:142829.418 In expand_message6() 9284:20230712:142829.428 End of expand_message6():Service has been successfully shut down. 9284:20230712:142829.428 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.429 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25888 value:'Service has been successfully shut down.' 9284:20230712:142829.430 buffer: new element 10 9284:20230712:142829.430 End of process_value():SUCCEED 9284:20230712:142829.431 In zbx_parse_eventlog_message6() EventRecordID:25889 9284:20230712:142829.432 In expand_message6() 9284:20230712:142829.433 End of expand_message6():Service has been successfully shut down. 9284:20230712:142829.434 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.435 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25889 value:'Service has been successfully shut down.' 9284:20230712:142829.435 buffer: new element 11 9284:20230712:142829.436 End of process_value():SUCCEED 9284:20230712:142829.437 In zbx_parse_eventlog_message6() EventRecordID:25890 9284:20230712:142829.438 In expand_message6() 9284:20230712:142829.439 End of expand_message6():The Windows Security Center Service has stopped. 9284:20230712:142829.440 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.441 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25890 value:'The Windows Security Center Service has stopped.' 9284:20230712:142829.442 buffer: new element 12 9284:20230712:142829.442 End of process_value():SUCCEED 9284:20230712:142829.443 In zbx_parse_eventlog_message6() EventRecordID:25891 9284:20230712:142829.444 In expand_message6() 9284:20230712:142829.445 End of expand_message6():Service has been successfully shut down. 9284:20230712:142829.446 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.447 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25891 value:'Service has been successfully shut down.' 9284:20230712:142829.448 buffer: new element 13 9284:20230712:142829.448 End of process_value():SUCCEED 9284:20230712:142829.449 In zbx_parse_eventlog_message6() EventRecordID:25892 9284:20230712:142829.450 In expand_message6() 9284:20230712:142829.451 End of expand_message6():Service stopped (0) 9284:20230712:142829.452 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.453 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25892 value:'Service stopped (0) ' 9284:20230712:142829.454 buffer: new element 14 9284:20230712:142829.454 End of process_value():SUCCEED 9284:20230712:142829.455 In zbx_parse_eventlog_message6() EventRecordID:25893 9284:20230712:142829.456 In expand_message6() 9284:20230712:142829.458 End of expand_message6():The User Profile Service has stopped. 9284:20230712:142829.458 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.459 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25893 value:'The User Profile Service has stopped. ' 9284:20230712:142829.460 buffer: new element 15 9284:20230712:142829.460 End of process_value():SUCCEED 9284:20230712:142829.461 In zbx_parse_eventlog_message6() EventRecordID:25894 9284:20230712:142829.462 In expand_message6() 9284:20230712:142829.463 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142829.464 ====== Fatal information: ====== 9284:20230712:142829.464 Program counter: 0x67e2cf19 9284:20230712:142829.465 === Registers: === 9284:20230712:142829.466 r8 = 18 = 24 = 24 9284:20230712:142829.466 r9 = 0 = 0 = 0 9284:20230712:142829.467 r10 = 0 = 0 = 0 9284:20230712:142829.468 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142829.468 r12 = 33f3bd0 = 54475728 = 54475728 9284:20230712:142829.469 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142829.470 r14 = 0 = 0 = 0 9284:20230712:142829.471 r15 = 0 = 0 = 0 9284:20230712:142829.471 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142829.472 rsi = 385e190 = 59105680 = 59105680 9284:20230712:142829.473 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142829.473 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142829.474 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142829.475 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142829.475 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142829.476 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142829.477 efl = 202 = 514 = 514 9284:20230712:142829.477 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142829.478 === Backtrace: === 2184:20230712:142829.532 In collect_perfstat() 2184:20230712:142829.535 End of collect_perfstat() 9284:20230712:142829.627 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142829.628 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142829.628 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142829.629 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142829.630 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142829.632 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142829.633 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142829.634 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142829.635 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142829.636 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142829.636 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142829.637 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142829.638 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142829.639 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142829.640 ================================ 9284:20230712:142829.640 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142829.641 End of expand_message6():(null) 9284:20230712:142829.641 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.642 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25894 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed' 9284:20230712:142829.642 buffer: new element 16 9284:20230712:142829.643 End of process_value():SUCCEED 9284:20230712:142829.643 In zbx_parse_eventlog_message6() EventRecordID:25895 9284:20230712:142829.644 In expand_message6() 9284:20230712:142829.645 End of expand_message6():Intel(R) Dynamic Application Loader Host Interface Service started. 9284:20230712:142829.646 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.646 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25895 value:'Intel(R) Dynamic Application Loader Host Interface Service started.' 9284:20230712:142829.646 buffer: new element 17 9284:20230712:142829.647 End of process_value():SUCCEED 9284:20230712:142829.647 In zbx_parse_eventlog_message6() EventRecordID:25896 9284:20230712:142829.648 In expand_message6() 9284:20230712:142829.649 End of expand_message6():The User Profile Service has started successfully. 9284:20230712:142829.650 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.650 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25896 value:'The User Profile Service has started successfully. ' 9284:20230712:142829.651 buffer: new element 18 9284:20230712:142829.651 End of process_value():SUCCEED 9284:20230712:142829.652 In zbx_parse_eventlog_message6() EventRecordID:25897 9284:20230712:142829.652 In expand_message6() 9284:20230712:142829.654 End of expand_message6():Windows Management Instrumentation Service started sucessfully 9284:20230712:142829.654 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.655 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25897 value:'Windows Management Instrumentation Service started sucessfully' 9284:20230712:142829.655 buffer: new element 19 9284:20230712:142829.656 End of process_value():SUCCEED 9284:20230712:142829.656 In zbx_parse_eventlog_message6() EventRecordID:25898 9284:20230712:142829.657 In expand_message6() 9284:20230712:142829.658 End of expand_message6():Local Management Service started. 9284:20230712:142829.658 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.659 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25898 value:'Local Management Service started.' 9284:20230712:142829.659 buffer: new element 20 9284:20230712:142829.660 End of process_value():SUCCEED 9284:20230712:142829.660 In zbx_parse_eventlog_message6() EventRecordID:25899 9284:20230712:142829.661 In expand_message6() 9284:20230712:142829.662 End of expand_message6():Service started/resumed 9284:20230712:142829.662 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.663 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25899 value:'Service started/resumed' 9284:20230712:142829.663 buffer: new element 21 9284:20230712:142829.664 End of process_value():SUCCEED 9284:20230712:142829.664 In zbx_parse_eventlog_message6() EventRecordID:25900 9284:20230712:142829.665 In expand_message6() 9284:20230712:142829.666 End of expand_message6():Windows Management Instrumentation Service subsystems initialized successfully 9284:20230712:142829.667 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.667 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25900 value:'Windows Management Instrumentation Service subsystems initialized successfully' 9284:20230712:142829.668 buffer: new element 22 9284:20230712:142829.668 End of process_value():SUCCEED 9284:20230712:142829.669 In zbx_parse_eventlog_message6() EventRecordID:25901 9284:20230712:142829.669 In expand_message6() 9284:20230712:142829.671 End of expand_message6():Service started successfully. 9284:20230712:142829.671 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.672 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25901 value:'Service started successfully.' 9284:20230712:142829.672 buffer: new element 23 9284:20230712:142829.673 End of process_value():SUCCEED 9284:20230712:142829.673 In zbx_parse_eventlog_message6() EventRecordID:25902 9284:20230712:142829.674 In expand_message6() 9284:20230712:142829.675 End of expand_message6():Service initializing 9284:20230712:142829.675 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.676 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25902 value:'Service initializing' 9284:20230712:142829.676 buffer: new element 24 9284:20230712:142829.677 End of process_value():SUCCEED 9284:20230712:142829.678 In zbx_parse_eventlog_message6() EventRecordID:25903 9284:20230712:142829.678 In expand_message6() 9284:20230712:142829.680 End of expand_message6():Service started (1.0.24.0). 9284:20230712:142829.680 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.681 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25903 value:'Service started (1.0.24.0).' 9284:20230712:142829.681 buffer: new element 25 9284:20230712:142829.681 End of process_value():SUCCEED 9284:20230712:142829.682 In zbx_parse_eventlog_message6() EventRecordID:25904 9284:20230712:142829.682 In expand_message6() 9284:20230712:142829.684 End of expand_message6():Pipe server thread started. 9284:20230712:142829.684 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.685 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25904 value:'Pipe server thread started.' 9284:20230712:142829.685 buffer: new element 26 9284:20230712:142829.686 End of process_value():SUCCEED 9284:20230712:142829.686 In zbx_parse_eventlog_message6() EventRecordID:25905 9284:20230712:142829.687 In expand_message6() 9284:20230712:142829.687 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142829.688 ====== Fatal information: ====== 9284:20230712:142829.688 Program counter: 0x67e2cf19 9284:20230712:142829.689 === Registers: === 9284:20230712:142829.689 r8 = 18 = 24 = 24 9284:20230712:142829.690 r9 = 0 = 0 = 0 9284:20230712:142829.690 r10 = 0 = 0 = 0 9284:20230712:142829.691 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142829.691 r12 = 6af650 = 7009872 = 7009872 9284:20230712:142829.692 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142829.692 r14 = 0 = 0 = 0 9284:20230712:142829.693 r15 = 0 = 0 = 0 9284:20230712:142829.693 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142829.694 rsi = 385fa90 = 59112080 = 59112080 9284:20230712:142829.694 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142829.695 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142829.696 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142829.696 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142829.696 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142829.697 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142829.697 efl = 202 = 514 = 514 9284:20230712:142829.698 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142829.698 === Backtrace: === 9284:20230712:142829.851 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142829.851 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142829.852 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142829.853 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142829.853 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142829.856 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142829.856 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142829.857 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142829.858 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142829.859 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142829.859 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142829.860 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142829.861 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142829.862 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142829.863 ================================ 9284:20230712:142829.864 provider 'AdobeARMservice' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142829.864 End of expand_message6():(null) 9284:20230712:142829.865 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.865 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25905 value:'The description for Event ID:0 in Source:'AdobeARMservice' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started' 9284:20230712:142829.866 buffer: new element 27 9284:20230712:142829.866 End of process_value():SUCCEED 9284:20230712:142829.867 In zbx_parse_eventlog_message6() EventRecordID:25906 9284:20230712:142829.867 In expand_message6() 9284:20230712:142829.868 End of expand_message6():Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying... 9284:20230712:142829.869 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142829.869 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25906 value:'Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...' 9284:20230712:142829.870 buffer: new element 28 9284:20230712:142829.870 End of process_value():SUCCEED 9284:20230712:142829.871 In zbx_parse_eventlog_message6() EventRecordID:25907 9284:20230712:142829.871 In expand_message6() 9284:20230712:142829.872 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142829.873 ====== Fatal information: ====== 9284:20230712:142829.873 Program counter: 0x67e2cf19 9284:20230712:142829.873 === Registers: === 9284:20230712:142829.874 r8 = 18 = 24 = 24 9284:20230712:142829.874 r9 = 0 = 0 = 0 9284:20230712:142829.875 r10 = 0 = 0 = 0 9284:20230712:142829.876 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142829.876 r12 = 678110 = 6783248 = 6783248 9284:20230712:142829.877 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142829.877 r14 = 0 = 0 = 0 9284:20230712:142829.878 r15 = 0 = 0 = 0 9284:20230712:142829.878 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142829.879 rsi = 385fbd0 = 59112400 = 59112400 9284:20230712:142829.879 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142829.880 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142829.880 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142829.881 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142829.882 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142829.882 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142829.883 efl = 202 = 514 = 514 9284:20230712:142829.883 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142829.884 === Backtrace: === 9284:20230712:142830.028 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142830.029 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142830.030 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142830.030 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142830.031 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142830.033 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142830.034 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142830.035 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142830.036 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142830.037 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142830.038 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142830.039 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142830.039 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142830.040 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142830.042 ================================ 9284:20230712:142830.043 provider 'LanWlanSwitchingService' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142830.043 End of expand_message6():(null) 9284:20230712:142830.044 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142830.045 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25907 value:'The description for Event ID:0 in Source:'LanWlanSwitchingService' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: LanWlanSwitchingService; LAN/WLAN | LAN/WWAN Switching Service in OnStart' 9284:20230712:142830.046 buffer: new element 29 9284:20230712:142830.046 End of process_value():SUCCEED 9284:20230712:142830.047 In zbx_parse_eventlog_message6() EventRecordID:25908 9284:20230712:142830.048 In expand_message6() 9284:20230712:142830.049 End of expand_message6():Service initialized 9284:20230712:142830.050 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142830.050 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25908 value:'Service initialized' 9284:20230712:142830.051 buffer: new element 30 9284:20230712:142830.052 End of process_value():SUCCEED 9284:20230712:142830.052 In zbx_parse_eventlog_message6() EventRecordID:25909 9284:20230712:142830.053 In expand_message6() 9284:20230712:142830.054 End of expand_message6():Service started 9284:20230712:142830.055 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142830.056 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25909 value:'Service started ' 9284:20230712:142830.056 buffer: new element 31 9284:20230712:142830.057 End of process_value():SUCCEED 9284:20230712:142830.058 In zbx_parse_eventlog_message6() EventRecordID:25910 9284:20230712:142830.058 In expand_message6() 9284:20230712:142830.060 End of expand_message6():The winlogon notification subscriber was unavailable to handle a critical notification event. 9284:20230712:142830.061 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142830.062 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25910 value:'The winlogon notification subscriber was unavailable to handle a critical notification event.' 9284:20230712:142830.062 buffer: new element 32 9284:20230712:142830.063 End of process_value():SUCCEED 9284:20230712:142830.064 In zbx_parse_eventlog_message6() EventRecordID:25911 9284:20230712:142830.064 In expand_message6() 9284:20230712:142830.065 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142830.066 ====== Fatal information: ====== 9284:20230712:142830.066 Program counter: 0x67e2cf19 9284:20230712:142830.067 === Registers: === 9284:20230712:142830.068 r8 = 18 = 24 = 24 9284:20230712:142830.068 r9 = 0 = 0 = 0 9284:20230712:142830.069 r10 = 0 = 0 = 0 9284:20230712:142830.069 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142830.070 r12 = 63cde0 = 6540768 = 6540768 9284:20230712:142830.071 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142830.071 r14 = 0 = 0 = 0 9284:20230712:142830.072 r15 = 0 = 0 = 0 9284:20230712:142830.073 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142830.073 rsi = 385f270 = 59110000 = 59110000 9284:20230712:142830.074 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142830.075 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142830.075 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142830.076 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142830.077 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142830.077 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142830.078 efl = 202 = 514 = 514 9284:20230712:142830.079 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142830.079 === Backtrace: === 9284:20230712:142830.228 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142830.229 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142830.230 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142830.230 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142830.231 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142830.234 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142830.234 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142830.235 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142830.236 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142830.237 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142830.238 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142830.239 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142830.239 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142830.240 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142830.242 ================================ 9284:20230712:142830.243 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142830.243 End of expand_message6():(null) 9284:20230712:142830.244 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142830.244 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25911 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 ' 9284:20230712:142830.245 buffer: new element 33 9284:20230712:142830.246 End of process_value():SUCCEED 9284:20230712:142830.246 In zbx_parse_eventlog_message6() EventRecordID:25912 9284:20230712:142830.247 In expand_message6() 9284:20230712:142830.248 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142830.248 ====== Fatal information: ====== 9284:20230712:142830.249 Program counter: 0x67e2cf19 9284:20230712:142830.249 === Registers: === 9284:20230712:142830.250 r8 = 18 = 24 = 24 9284:20230712:142830.250 r9 = 0 = 0 = 0 9284:20230712:142830.251 r10 = 0 = 0 = 0 9284:20230712:142830.251 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142830.252 r12 = 384f910 = 59046160 = 59046160 9284:20230712:142830.252 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142830.253 r14 = 0 = 0 = 0 9284:20230712:142830.253 r15 = 0 = 0 = 0 9284:20230712:142830.254 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142830.254 rsi = 385eff0 = 59109360 = 59109360 9284:20230712:142830.255 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142830.255 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142830.256 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142830.256 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142830.256 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142830.257 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142830.257 efl = 202 = 514 = 514 9284:20230712:142830.258 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142830.258 === Backtrace: === 9284:20230712:142830.410 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142830.411 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142830.412 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142830.413 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142830.414 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142830.416 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142830.417 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142830.418 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142830.419 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142830.420 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142830.421 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142830.422 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142830.423 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142830.424 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142830.425 ================================ 9284:20230712:142830.426 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142830.427 End of expand_message6():(null) 9284:20230712:142830.428 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142830.429 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25912 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 ' 9284:20230712:142830.429 buffer: new element 34 9284:20230712:142830.430 End of process_value():SUCCEED 9284:20230712:142830.431 In zbx_parse_eventlog_message6() EventRecordID:25913 9284:20230712:142830.432 In expand_message6() 9284:20230712:142830.434 End of expand_message6():The winlogon notification subscriber was unavailable to handle a notification event. 9284:20230712:142830.435 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142830.436 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25913 value:'The winlogon notification subscriber was unavailable to handle a notification event.' 9284:20230712:142830.437 buffer: new element 35 9284:20230712:142830.438 End of process_value():SUCCEED 9284:20230712:142830.438 In zbx_parse_eventlog_message6() EventRecordID:25914 9284:20230712:142830.439 In expand_message6() 9284:20230712:142830.440 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142830.441 ====== Fatal information: ====== 9284:20230712:142830.442 Program counter: 0x67e2cf19 9284:20230712:142830.442 === Registers: === 9284:20230712:142830.443 r8 = 18 = 24 = 24 9284:20230712:142830.444 r9 = 0 = 0 = 0 9284:20230712:142830.445 r10 = 0 = 0 = 0 9284:20230712:142830.445 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142830.446 r12 = 63c9e0 = 6539744 = 6539744 9284:20230712:142830.447 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142830.447 r14 = 0 = 0 = 0 9284:20230712:142830.448 r15 = 0 = 0 = 0 9284:20230712:142830.449 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142830.450 rsi = 385f6d0 = 59111120 = 59111120 9284:20230712:142830.450 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142830.451 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142830.452 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142830.453 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142830.453 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142830.454 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142830.455 efl = 202 = 514 = 514 9284:20230712:142830.456 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142830.456 === Backtrace: === 2184:20230712:142830.536 In collect_perfstat() 2184:20230712:142830.541 End of collect_perfstat() 9284:20230712:142830.612 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142830.613 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142830.614 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142830.615 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142830.616 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142830.618 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142830.619 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142830.621 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142830.622 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142830.623 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142830.624 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142830.626 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142830.626 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142830.628 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142830.630 ================================ 9284:20230712:142830.631 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142830.631 End of expand_message6():(null) 9284:20230712:142830.632 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142830.633 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25914 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 ' 9284:20230712:142830.634 buffer: new element 36 9284:20230712:142830.635 End of process_value():SUCCEED 9284:20230712:142830.635 In zbx_parse_eventlog_message6() EventRecordID:25915 9284:20230712:142830.636 In expand_message6() 9284:20230712:142830.638 End of expand_message6():SearchIndexer (8836,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0). 9284:20230712:142830.639 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142830.640 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25915 value:'SearchIndexer (8836,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0).' 9284:20230712:142830.641 buffer: new element 37 9284:20230712:142830.641 End of process_value():SUCCEED 9284:20230712:142830.642 In zbx_parse_eventlog_message6() EventRecordID:25916 9284:20230712:142830.643 In expand_message6() 9284:20230712:142830.645 End of expand_message6():SearchIndexer (8836,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.001599 +J(0) +M(C:0K, Fs:325, WS:1264K # 1264K, PF:5424K # 5424K, P:5424K) [2] 0.000340 +J(0) +M(C:0K, Fs:125, WS:500K # 500K, PF:444K # 444K, P:444K) [3] 0.000792 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K) [4] 0.000115 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:348K # 348K, P:348K) [5] 0.001484 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:24K # 24K, P:24K) [6] 0.007452 +J(0) +M(C:0K, Fs:24, WS:92K # 92K, PF:16K # 16K, P:16K) [7] 0.005558 -0.002185 (2) WT +J(0) +M(C:0K, Fs:268, WS:1072K # 1072K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.009773 -0.000164 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:10, WS:-996K # 32K, PF:-1020K # 16K, P:-1020K) [14] 0.000016 +J(0) [15] 0.000075 +J(0) +M(C:0K, Fs:65, WS:260K # 0K, PF:64K # 0K, P:64K) [16] 0.000184 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:4K # 0K, P:4K). 9284:20230712:142830.646 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142830.647 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25916 value:'SearchIndexer (8836,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.001599 +J(0) +M(C:0K, Fs:325, WS:1264K # 1264K, PF:5424K # 5424K, P:5424K) [2] 0.000340 +J(0) +M(C:0K, Fs:125, WS:500K # 500K, PF:444K # 444K, P:444K) [3] 0.000792 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K) [4] 0.000115 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:348K # 348K, P:348K) [5] 0.001484 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:24K # 24K, P:24K) [6] 0.007452 +J(0) +M(C:0K, Fs:24, WS:92K # 92K, PF:16K # 16K, P:16K) [7] 0.005558 -0.002185 (2) WT +J(0) +M(C:0K, Fs:268, WS:1072K # 1072K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.009773 -0.000164 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:10, WS:-996K # 32K, PF:-1020K # 16K, P:-1020K) [14] 0.000016 +J(0) [15] 0.000075 +J(0) +M(C:0K, Fs:65, WS:260K # 0K, PF:64K # 0K, P:64K) [16] 0.000184 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:4K # 0K, P:4K).' 9284:20230712:142830.648 buffer: new element 38 9284:20230712:142830.649 End of process_value():SUCCEED 9284:20230712:142830.650 In zbx_parse_eventlog_message6() EventRecordID:25917 9284:20230712:142830.650 In expand_message6() 9284:20230712:142830.653 End of expand_message6():SearchIndexer (8836,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000BE7:0079:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000004 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [2] 0.001682 -0.000338 (1) WT +J(0) +M(C:0K, Fs:25, WS:36K # 0K, PF:36K # 0K, P:36K) [3] 0.003225 -0.000726 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:124K # 0K, PF:140K # 0K, P:140K) [4] 0.000191 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] - [8] 0.001106 -0.000843 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:50, WS:200K # 0K, PF:692K # 0K, P:692K) [9] 0.013021 -0.000260 (5) CM -0.012569 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:71, WS:280K # 0K, PF:260K # 164K, P:260K) [10] 0.000326 -0.000232 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:96K # 96K, P:96K) [11] 0.000010 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000030 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K) [13] 0.0 +J(0) [14] 0.0 +J(0) [15] 0.000004 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0). 9284:20230712:142830.654 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142830.654 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25917 value:'SearchIndexer (8836,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000BE7:0079:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000004 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [2] 0.001682 -0.000338 (1) WT +J(0) +M(C:0K, Fs:25, WS:36K # 0K, PF:36K # 0K, P:36K) [3] 0.003225 -0.000726 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:124K # 0K, PF:140K # 0K, P:140K) [4] 0.000191 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] - [8] 0.001106 -0.000843 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:50, WS:200K # 0K, PF:692K # 0K, P:692K) [9] 0.013021 -0.000260 (5) CM -0.012569 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:71, WS:280K # 0K, PF:260K # 164K, P:260K) [10] 0.000326 -0.000232 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:96K # 96K, P:96K) [11] 0.000010 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000030 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K) [13] 0.0 +J(0) [14] 0.0 +J(0) [15] 0.000004 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).' 9284:20230712:142830.655 buffer: new element 39 9284:20230712:142830.656 End of process_value():SUCCEED 9284:20230712:142830.657 In zbx_parse_eventlog_message6() EventRecordID:25918 9284:20230712:142830.658 In expand_message6() 9284:20230712:142830.660 End of expand_message6():The Windows Search Service started. 9284:20230712:142830.660 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142830.661 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25918 value:'The Windows Search Service started. ' 9284:20230712:142830.661 buffer: new element 40 9284:20230712:142830.662 End of process_value():SUCCEED 9284:20230712:142830.662 In zbx_parse_eventlog_message6() EventRecordID:25919 9284:20230712:142830.663 In expand_message6() 9284:20230712:142830.664 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142830.664 ====== Fatal information: ====== 9284:20230712:142830.665 Program counter: 0x67e2cf19 9284:20230712:142830.666 === Registers: === 9284:20230712:142830.666 r8 = 18 = 24 = 24 9284:20230712:142830.667 r9 = 0 = 0 = 0 9284:20230712:142830.668 r10 = 0 = 0 = 0 9284:20230712:142830.669 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142830.669 r12 = 33f4260 = 54477408 = 54477408 9284:20230712:142830.670 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142830.671 r14 = 0 = 0 = 0 9284:20230712:142830.672 r15 = 0 = 0 = 0 9284:20230712:142830.672 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142830.673 rsi = 385e690 = 59106960 = 59106960 9284:20230712:142830.674 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142830.674 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142830.675 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142830.676 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142830.676 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142830.677 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142830.678 efl = 202 = 514 = 514 9284:20230712:142830.678 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142830.679 === Backtrace: === 9284:20230712:142830.835 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142830.836 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142830.838 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142830.839 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142830.840 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142830.842 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142830.843 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142830.844 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142830.845 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142830.846 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142830.847 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142830.848 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142830.848 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142830.849 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142830.851 ================================ 9284:20230712:142830.852 provider 'BrService_4_3_4_610' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142830.853 End of expand_message6():(null) 9284:20230712:142830.854 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142830.855 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25919 value:'The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed' 9284:20230712:142830.856 buffer: new element 41 9284:20230712:142830.857 End of process_value():SUCCEED 9284:20230712:142830.857 In zbx_parse_eventlog_message6() EventRecordID:25920 9284:20230712:142830.858 In expand_message6() 9284:20230712:142830.859 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142830.860 ====== Fatal information: ====== 9284:20230712:142830.860 Program counter: 0x67e2cf19 9284:20230712:142830.861 === Registers: === 9284:20230712:142830.862 r8 = 18 = 24 = 24 9284:20230712:142830.862 r9 = 0 = 0 = 0 9284:20230712:142830.863 r10 = 0 = 0 = 0 9284:20230712:142830.863 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142830.864 r12 = 6af650 = 7009872 = 7009872 9284:20230712:142830.864 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142830.865 r14 = 0 = 0 = 0 9284:20230712:142830.866 r15 = 0 = 0 = 0 9284:20230712:142830.866 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142830.867 rsi = 385f6d0 = 59111120 = 59111120 9284:20230712:142830.868 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142830.868 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142830.869 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142830.871 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142830.872 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142830.873 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142830.873 efl = 202 = 514 = 514 9284:20230712:142830.874 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142830.875 === Backtrace: === 9284:20230712:142831.037 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142831.038 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142831.039 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142831.040 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142831.041 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142831.043 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142831.044 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142831.045 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142831.046 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142831.047 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142831.048 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142831.049 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142831.050 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142831.050 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142831.053 ================================ 9284:20230712:142831.054 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142831.055 End of expand_message6():(null) 9284:20230712:142831.056 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.056 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25920 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started' 9284:20230712:142831.057 buffer: new element 42 9284:20230712:142831.058 End of process_value():SUCCEED 9284:20230712:142831.058 In zbx_parse_eventlog_message6() EventRecordID:25921 9284:20230712:142831.059 In expand_message6() 9284:20230712:142831.060 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142831.061 ====== Fatal information: ====== 9284:20230712:142831.062 Program counter: 0x67e2cf19 9284:20230712:142831.062 === Registers: === 9284:20230712:142831.063 r8 = 18 = 24 = 24 9284:20230712:142831.064 r9 = 0 = 0 = 0 9284:20230712:142831.064 r10 = 0 = 0 = 0 9284:20230712:142831.065 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142831.066 r12 = 6af650 = 7009872 = 7009872 9284:20230712:142831.066 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142831.067 r14 = 0 = 0 = 0 9284:20230712:142831.068 r15 = 0 = 0 = 0 9284:20230712:142831.068 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142831.069 rsi = 385e5f0 = 59106800 = 59106800 9284:20230712:142831.070 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142831.071 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142831.072 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142831.072 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142831.073 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142831.074 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142831.074 efl = 202 = 514 = 514 9284:20230712:142831.075 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142831.076 === Backtrace: === 9284:20230712:142831.220 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142831.220 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142831.221 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142831.222 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142831.223 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142831.225 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142831.226 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142831.226 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142831.227 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142831.228 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142831.229 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142831.230 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142831.231 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142831.232 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142831.238 ================================ 9284:20230712:142831.239 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142831.239 End of expand_message6():(null) 9284:20230712:142831.240 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.241 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25921 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142831.242 buffer: new element 43 9284:20230712:142831.243 End of process_value():SUCCEED 9284:20230712:142831.243 In zbx_parse_eventlog_message6() EventRecordID:25922 9284:20230712:142831.244 In expand_message6() 9284:20230712:142831.246 End of expand_message6():The Software Protection service is starting. Parameters:TriggerStarted:6 9284:20230712:142831.247 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.247 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25922 value:'The Software Protection service is starting. Parameters:TriggerStarted:6' 9284:20230712:142831.248 buffer: new element 44 9284:20230712:142831.249 End of process_value():SUCCEED 9284:20230712:142831.249 In zbx_parse_eventlog_message6() EventRecordID:25923 9284:20230712:142831.250 In expand_message6() 9284:20230712:142831.251 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142831.252 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.253 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25923 value:'Offline downlevel migration succeeded.' 9284:20230712:142831.253 buffer: new element 45 9284:20230712:142831.254 End of process_value():SUCCEED 9284:20230712:142831.255 In zbx_parse_eventlog_message6() EventRecordID:25924 9284:20230712:142831.255 In expand_message6() 9284:20230712:142831.257 End of expand_message6():Initialization status for service objects. C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 9284:20230712:142831.258 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.258 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25924 value:'Initialization status for service objects. C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 ' 9284:20230712:142831.259 buffer: new element 46 9284:20230712:142831.259 End of process_value():SUCCEED 9284:20230712:142831.260 In zbx_parse_eventlog_message6() EventRecordID:25925 9284:20230712:142831.261 In expand_message6() 9284:20230712:142831.263 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142831.263 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.264 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25925 value:'The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142831.265 buffer: new element 47 9284:20230712:142831.265 End of process_value():SUCCEED 9284:20230712:142831.266 In zbx_parse_eventlog_message6() EventRecordID:25926 9284:20230712:142831.267 In expand_message6() 9284:20230712:142831.269 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip. 9284:20230712:142831.269 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.270 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25926 value:'Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.' 9284:20230712:142831.271 buffer: new element 48 9284:20230712:142831.271 End of process_value():SUCCEED 9284:20230712:142831.272 In zbx_parse_eventlog_message6() EventRecordID:25927 9284:20230712:142831.273 In expand_message6() 9284:20230712:142831.275 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip. 9284:20230712:142831.276 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.276 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25927 value:'Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.' 9284:20230712:142831.277 buffer: new element 49 9284:20230712:142831.278 In send_buffer() host:'192.168.56.201' port:10051 entries:50/100 9284:20230712:142831.279 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:60, connection timeout:3] 9284:20230712:142831.280 JSON before sending [{"request":"agent data","session":"4027be861358abcc6136983f1f36335c","data":[{"host":"Windows host","key":"eventlog[Application]","value":"Outlook loaded the following add-in(s):\n\n\nName: Microsoft Exchange Add-in\nDescription: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability.\nProgID: UmOutlookAddin.FormRegionAddin\nGUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\UmOutlookAddin.dll\nBoot Time (Milliseconds): 15\n\nName: Microsoft Teams Meeting Add-in for Microsoft Office\nDescription: Microsoft Teams Meeting Add-in for Microsoft Office\nProgID: TeamsAddin.FastConnect\nGUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D}\nLoad Behavior: 3\nHKLM: 0\nLocation: C:\\Users\\MihailsPrihodko\\AppData\\Local\\Microsoft\\TeamsMeetingAddin\\1.0.22209.4\\x64\\Microsoft.Teams.AddinLoader.dll\nBoot Time (Milliseconds): 16\n\nName: Outlook Social Connector 2016\nDescription: Connects to social networking sites and provides people, activity, and status information.\nProgID: OscAddin.Connect\nGUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\SOCIALCONNECTOR.DLL\nBoot Time (Milliseconds): 15\n\nName: OneNote Notes about Outlook Items\nDescription: Adds Send to OneNote and Notes about this Item buttons to the command bar\nProgID: OneNote.OutlookAddin\nGUID: {93E5752E-B889-47C5-8545-654EE2533C64}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ONBttnOL.dll\nBoot Time (Milliseconds): 16\n\nName: Microsoft VBA for Outlook Addin\nDescription: \nProgID: Microsoft.VbaAddinForOutlook.1\nGUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2}\nLoad Behavior: 9\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\OUTLVBA.DLL\nBoot Time (Milliseconds): 0\n\nName: Microsoft SharePoint Server Colleague Import Add-in\nDescription: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content\nProgID: ColleagueImport.ColleagueImportAddin\nGUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120}\nLoad Behavior: 3\nHKLM: 0\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\ColleagueImport.dll\nBoot Time (Milliseconds): 16\n\nName: HP Sure Click Outlook Add-in 4.3.4.610\nDescription: HP Sure Click Outlook Add-in 4.3.4.610\nProgID: Bromium.vSentry.OutlookAddin\nGUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\HP\\Sure Click\\4.3.4.610\\servers\\BrOutlookAddin.dll\nBoot Time (Milliseconds): 31\n","lastlogsize":25878,"timestamp":1662390777,"source":"Outlook","severity":1,"eventid":45,"id":901,"clock":1689161308,"ns":858165500},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":25879,"timestamp":1662390778,"source":"Outlook","severity":1,"eventid":63,"id":902,"clock":1689161308,"ns":863235200},{"host":"Windows host","key":"eventlog[Application]","value":"Starting reconciliation for the store C:\\Users\\MihailsPrihodko\\AppData\\Local\\Microsoft\\Outlook\\mihails.prihodko@zabbix.com.ost for the following reason: Indexing was disabled and then re-enabled.","lastlogsize":25880,"timestamp":1662390779,"source":"Outlook","severity":1,"eventid":30,"id":903,"clock":1689161308,"ns":867922700},{"host":"Windows host","key":"eventlog[Application]","value":"Reconciliation completed for the following store: C:\\Users\\MihailsPrihodko\\AppData\\Local\\Microsoft\\Outlook\\mihails.prihodko@zabbix.com.ost. Stats: Added: 11, Deleted: 0, Modified: 1, Compared: 2072, Queries: 0, Results: 0, Version: 16.0.15601.20072.","lastlogsize":25881,"timestamp":1662390792,"source":"Outlook","severity":1,"eventid":38,"id":904,"clock":1689161308,"ns":872380100},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-12T15:13:29Z. Reason: RulesEngine.","lastlogsize":25882,"timestamp":1662390809,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":905,"clock":1689161308,"ns":877222700},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test\n","lastlogsize":25883,"timestamp":1662390854,"source":"igfxCUIService2.0.0.0","severity":1,"id":906,"clock":1689161309,"ns":64420700},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1\n","lastlogsize":25884,"timestamp":1662390854,"source":"igfxCUIService2.0.0.0","severity":1,"id":907,"clock":1689161309,"ns":234673500},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a notification event.","lastlogsize":25885,"timestamp":1662390854,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6000,"id":908,"clock":1689161309,"ns":239781400},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a notification event.","lastlogsize":25886,"timestamp":1662390854,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6000,"id":909,"clock":1689161309,"ns":244663900},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25887,"timestamp":1662390854,"source":"BrService_4_3_4_610","severity":1,"id":910,"clock":1689161309,"ns":416947900},{"host":"Windows host","key":"eventlog[Application]","value":"Service has been successfully shut down.","lastlogsize":25888,"timestamp":1662390858,"source":"IAStorDataMgrSvc","severity":1,"id":911,"clock":1689161309,"ns":430374100},{"host":"Windows host","key":"eventlog[Application]","value":"Service has been successfully shut down.","lastlogsize":25889,"timestamp":1662390858,"source":"HP Comm Recovery","severity":1,"id":912,"clock":1689161309,"ns":436050100},{"host":"Windows host","key":"eventlog[Application]","value":"The Windows Security Center Service has stopped.","lastlogsize":25890,"timestamp":1662390858,"source":"SecurityCenter","severity":1,"eventid":2,"id":913,"clock":1689161309,"ns":442152000},{"host":"Windows host","key":"eventlog[Application]","value":"Service has been successfully shut down.","lastlogsize":25891,"timestamp":1662390858,"source":"XTUService","severity":1,"id":914,"clock":1689161309,"ns":448159500},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped (0)\n","lastlogsize":25892,"timestamp":1662390858,"source":"Bonjour Service","severity":1,"eventid":100,"id":915,"clock":1689161309,"ns":454208500},{"host":"Windows host","key":"eventlog[Application]","value":"The User Profile Service has stopped. \r\n\r\n","lastlogsize":25893,"timestamp":1662390858,"source":"Microsoft-Windows-User Profiles Service","severity":1,"eventid":1532,"id":916,"clock":1689161309,"ns":460311000},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed","lastlogsize":25894,"timestamp":1662444542,"source":"igfxCUIService2.0.0.0","severity":1,"id":917,"clock":1689161309,"ns":643003500},{"host":"Windows host","key":"eventlog[Application]","value":"Intel(R) Dynamic Application Loader Host Interface Service started.","lastlogsize":25895,"timestamp":1662444542,"source":"IntelDalJhi","severity":1,"id":918,"clock":1689161309,"ns":647051800},{"host":"Windows host","key":"eventlog[Application]","value":"The User Profile Service has started successfully. \r\n\r\n","lastlogsize":25896,"timestamp":1662444541,"source":"Microsoft-Windows-User Profiles Service","severity":1,"eventid":1531,"id":919,"clock":1689161309,"ns":651502800},{"host":"Windows host","key":"eventlog[Application]","value":"Windows Management Instrumentation Service started sucessfully","lastlogsize":25897,"timestamp":1662444542,"source":"Microsoft-Windows-WMI","severity":1,"eventid":5615,"id":920,"clock":1689161309,"ns":655885700},{"host":"Windows host","key":"eventlog[Application]","value":"Local Management Service started.","lastlogsize":25898,"timestamp":1662444542,"source":"LMS","severity":1,"eventid":2000,"id":921,"clock":1689161309,"ns":659903300},{"host":"Windows host","key":"eventlog[Application]","value":"Service started/resumed","lastlogsize":25899,"timestamp":1662444542,"source":"LMS","severity":1,"id":922,"clock":1689161309,"ns":663814900},{"host":"Windows host","key":"eventlog[Application]","value":"Windows Management Instrumentation Service subsystems initialized successfully","lastlogsize":25900,"timestamp":1662444542,"source":"Microsoft-Windows-WMI","severity":1,"eventid":5617,"id":923,"clock":1689161309,"ns":668238100},{"host":"Windows host","key":"eventlog[Application]","value":"Service started successfully.","lastlogsize":25901,"timestamp":1662444547,"source":"XTUService","severity":1,"id":924,"clock":1689161309,"ns":672733700},{"host":"Windows host","key":"eventlog[Application]","value":"Service initializing","lastlogsize":25902,"timestamp":1662444548,"source":"Bonjour Service","severity":1,"eventid":100,"id":925,"clock":1689161309,"ns":677003500},{"host":"Windows host","key":"eventlog[Application]","value":"Service started (1.0.24.0).","lastlogsize":25903,"timestamp":1662444548,"source":"DbxSvc","severity":1,"eventid":336,"id":926,"clock":1689161309,"ns":681564700},{"host":"Windows host","key":"eventlog[Application]","value":"Pipe server thread started.","lastlogsize":25904,"timestamp":1662444548,"source":"DbxSvc","severity":1,"eventid":258,"id":927,"clock":1689161309,"ns":685735700},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'AdobeARMservice' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started","lastlogsize":25905,"timestamp":1662444548,"source":"AdobeARMservice","severity":1,"id":928,"clock":1689161309,"ns":866265000},{"host":"Windows host","key":"eventlog[Application]","value":"Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...","lastlogsize":25906,"timestamp":1662444548,"source":"DbxSvc","severity":1,"eventid":320,"id":929,"clock":1689161309,"ns":870503000},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'LanWlanSwitchingService' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: LanWlanSwitchingService; LAN/WLAN | LAN/WWAN Switching Service in OnStart","lastlogsize":25907,"timestamp":1662444548,"source":"LanWlanSwitchingService","severity":1,"id":930,"clock":1689161310,"ns":46300300},{"host":"Windows host","key":"eventlog[Application]","value":"Service initialized","lastlogsize":25908,"timestamp":1662444548,"source":"Bonjour Service","severity":1,"eventid":100,"id":931,"clock":1689161310,"ns":51725700},{"host":"Windows host","key":"eventlog[Application]","value":"Service started\n","lastlogsize":25909,"timestamp":1662444549,"source":"Bonjour Service","severity":1,"eventid":100,"id":932,"clock":1689161310,"ns":56872900},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a critical notification event.","lastlogsize":25910,"timestamp":1662444551,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6003,"id":933,"clock":1689161310,"ns":62990200},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1\n","lastlogsize":25911,"timestamp":1662444553,"source":"igfxCUIService2.0.0.0","severity":1,"id":934,"clock":1689161310,"ns":245674300},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1\n","lastlogsize":25912,"timestamp":1662444553,"source":"igfxCUIService2.0.0.0","severity":1,"id":935,"clock":1689161310,"ns":429960500},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a notification event.","lastlogsize":25913,"timestamp":1662444553,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6000,"id":936,"clock":1689161310,"ns":437567700},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1\n","lastlogsize":25914,"timestamp":1662444553,"source":"igfxCUIService2.0.0.0","severity":1,"id":937,"clock":1689161310,"ns":634471700},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (8836,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0).","lastlogsize":25915,"timestamp":1662444554,"source":"ESENT","severity":1,"eventid":102,"id":938,"clock":1689161310,"ns":641166100},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (8836,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) \r\n \r\nAdditional Data:\r\n \r\n \r\nInternal Timing Sequence: \n[1] 0.001599 +J(0) +M(C:0K, Fs:325, WS:1264K # 1264K, PF:5424K # 5424K, P:5424K)\n[2] 0.000340 +J(0) +M(C:0K, Fs:125, WS:500K # 500K, PF:444K # 444K, P:444K)\n[3] 0.000792 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K)\n[4] 0.000115 +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:348K # 348K, P:348K)\n[5] 0.001484 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:24K # 24K, P:24K)\n[6] 0.007452 +J(0) +M(C:0K, Fs:24, WS:92K # 92K, PF:16K # 16K, P:16K)\n[7] 0.005558 -0.002185 (2) WT +J(0) +M(C:0K, Fs:268, WS:1072K # 1072K, PF:1028K # 1028K, P:1028K)\n[8] -\n[9] -\n[10] -\n[11] -\n[12] -\n[13] 0.009773 -0.000164 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:10, WS:-996K # 32K, PF:-1020K # 16K, P:-1020K)\n[14] 0.000016 +J(0)\n[15] 0.000075 +J(0) +M(C:0K, Fs:65, WS:260K # 0K, PF:64K # 0K, P:64K)\n[16] 0.000184 +J(0) +M(C:0K, Fs:3, WS:4K # 0K, PF:4K # 0K, P:4K).","lastlogsize":25916,"timestamp":1662444554,"source":"ESENT","severity":1,"eventid":105,"id":939,"clock":1689161310,"ns":648457900},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (8836,D,50) Windows: The database engine attached a database (1, C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb). (Time=0 seconds) \r\n \r\nSaved Cache: 0 0 \r\nAdditional Data: lgposAttach = 00000BE7:0079:0268,\ndbv = 1568.110.240 \r\n \r\nInternal Timing Sequence: \n[1] 0.000004 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[2] 0.001682 -0.000338 (1) WT +J(0) +M(C:0K, Fs:25, WS:36K # 0K, PF:36K # 0K, P:36K)\n[3] 0.003225 -0.000726 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:40, WS:124K # 0K, PF:140K # 0K, P:140K)\n[4] 0.000191 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[5] -\n[6] -\n[7] -\n[8] 0.001106 -0.000843 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:50, WS:200K # 0K, PF:692K # 0K, P:692K)\n[9] 0.013021 -0.000260 (5) CM -0.012569 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:71, WS:280K # 0K, PF:260K # 164K, P:260K)\n[10] 0.000326 -0.000232 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 0K, PF:96K # 96K, P:96K)\n[11] 0.000010 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K)\n[12] 0.000030 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K)\n[13] 0.0 +J(0)\n[14] 0.0 +J(0)\n[15] 0.000004 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).","lastlogsize":25917,"timestamp":1662444554,"source":"ESENT","severity":1,"eventid":326,"id":940,"clock":1689161310,"ns":655817300},{"host":"Windows host","key":"eventlog[Application]","value":"The Windows Search Service started.\n","lastlogsize":25918,"timestamp":1662444554,"source":"Microsoft-Windows-Search","severity":1,"eventid":1003,"id":941,"clock":1689161310,"ns":661934400},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed","lastlogsize":25919,"timestamp":1662444555,"source":"BrService_4_3_4_610","severity":1,"id":942,"clock":1689161310,"ns":856601800},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started","lastlogsize":25920,"timestamp":1662444556,"source":"dbupdate","severity":1,"id":943,"clock":1689161311,"ns":57615200},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25921,"timestamp":1662444557,"source":"dbupdate","severity":1,"id":944,"clock":1689161311,"ns":242350800},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service is starting.\r\nParameters:TriggerStarted:6","lastlogsize":25922,"timestamp":1662444559,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":900,"id":945,"clock":1689161311,"ns":248507600},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25923,"timestamp":1662444559,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":946,"clock":1689161311,"ns":254013900},{"host":"Windows host","key":"eventlog[Application]","value":"Initialization status for service objects.\r\nC:\\WINDOWS\\system32\\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000\n","lastlogsize":25924,"timestamp":1662444560,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1066,"id":947,"clock":1689161311,"ns":259394700},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=55c92734-d682-4d71-983e-d6ec3f16059f\r\nLicensing Status=\n1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]\n38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25925,"timestamp":1662444560,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":948,"clock":1689161311,"ns":265484700},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.","lastlogsize":25926,"timestamp":1662444560,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":949,"clock":1689161311,"ns":271128000},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.","lastlogsize":25927,"timestamp":1662444560,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":950,"clock":1689161311,"ns":277690500}],"clock":1689161311,"ns":279964300}] 9284:20230712:142831.286 JSON back [{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002736"}] 9284:20230712:142831.287 In check_response() response:'{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002736"}' 9284:20230712:142831.287 info from server: 'processed: 50; failed: 0; total: 50; seconds spent: 0.002736' 9284:20230712:142831.288 End of check_response():SUCCEED 9284:20230712:142831.289 OK 9284:20230712:142831.289 End of send_buffer():SUCCEED 9284:20230712:142831.290 End of process_value():SUCCEED 9284:20230712:142831.291 In zbx_parse_eventlog_message6() EventRecordID:25928 9284:20230712:142831.292 In expand_message6() 9284:20230712:142831.293 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip. 9284:20230712:142831.294 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.295 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25928 value:'Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.' 9284:20230712:142831.296 buffer: new element 0 9284:20230712:142831.296 End of process_value():SUCCEED 9284:20230712:142831.297 In zbx_parse_eventlog_message6() EventRecordID:25929 9284:20230712:142831.297 In expand_message6() 9284:20230712:142831.299 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip. 9284:20230712:142831.300 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.300 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25929 value:'Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.' 9284:20230712:142831.301 buffer: new element 1 9284:20230712:142831.301 End of process_value():SUCCEED 9284:20230712:142831.302 In zbx_parse_eventlog_message6() EventRecordID:25930 9284:20230712:142831.303 In expand_message6() 9284:20230712:142831.304 End of expand_message6():Updated policy Kernel-RegisteredProcessors with value of 2 from Clip. 9284:20230712:142831.305 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.306 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25930 value:'Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.' 9284:20230712:142831.306 buffer: new element 2 9284:20230712:142831.307 End of process_value():SUCCEED 9284:20230712:142831.308 In zbx_parse_eventlog_message6() EventRecordID:25931 9284:20230712:142831.308 In expand_message6() 9284:20230712:142831.310 End of expand_message6():The Software Protection service has started. 10.0.19041.1889 9284:20230712:142831.311 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.311 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25931 value:'The Software Protection service has started. 10.0.19041.1889' 9284:20230712:142831.312 buffer: new element 3 9284:20230712:142831.312 End of process_value():SUCCEED 9284:20230712:142831.313 In zbx_parse_eventlog_message6() EventRecordID:25932 9284:20230712:142831.314 In expand_message6() 9284:20230712:142831.315 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142831.316 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.317 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25932 value:'The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142831.317 buffer: new element 4 9284:20230712:142831.318 End of process_value():SUCCEED 9284:20230712:142831.319 In zbx_parse_eventlog_message6() EventRecordID:25933 9284:20230712:142831.319 In expand_message6() 9284:20230712:142831.321 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip. 9284:20230712:142831.321 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.322 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25933 value:'Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.' 9284:20230712:142831.323 buffer: new element 5 9284:20230712:142831.323 End of process_value():SUCCEED 9284:20230712:142831.324 In zbx_parse_eventlog_message6() EventRecordID:25934 9284:20230712:142831.324 In expand_message6() 9284:20230712:142831.326 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip. 9284:20230712:142831.326 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.327 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25934 value:'Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.' 9284:20230712:142831.328 buffer: new element 6 9284:20230712:142831.328 End of process_value():SUCCEED 9284:20230712:142831.329 In zbx_parse_eventlog_message6() EventRecordID:25935 9284:20230712:142831.329 In expand_message6() 9284:20230712:142831.331 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip. 9284:20230712:142831.331 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.332 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25935 value:'Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.' 9284:20230712:142831.333 buffer: new element 7 9284:20230712:142831.333 End of process_value():SUCCEED 9284:20230712:142831.334 In zbx_parse_eventlog_message6() EventRecordID:25936 9284:20230712:142831.334 In expand_message6() 9284:20230712:142831.336 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip. 9284:20230712:142831.337 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.337 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25936 value:'Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.' 9284:20230712:142831.338 buffer: new element 8 9284:20230712:142831.339 End of process_value():SUCCEED 9284:20230712:142831.339 In zbx_parse_eventlog_message6() EventRecordID:25937 9284:20230712:142831.340 In expand_message6() 9284:20230712:142831.341 End of expand_message6():Updated policy Kernel-RegisteredProcessors with value of 2 from Clip. 9284:20230712:142831.342 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.342 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25937 value:'Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.' 9284:20230712:142831.343 buffer: new element 9 9284:20230712:142831.344 End of process_value():SUCCEED 9284:20230712:142831.344 In zbx_parse_eventlog_message6() EventRecordID:25938 9284:20230712:142831.345 In expand_message6() 9284:20230712:142831.345 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142831.346 ====== Fatal information: ====== 9284:20230712:142831.346 Program counter: 0x67e2cf19 9284:20230712:142831.347 === Registers: === 9284:20230712:142831.347 r8 = 18 = 24 = 24 9284:20230712:142831.348 r9 = 0 = 0 = 0 9284:20230712:142831.349 r10 = 0 = 0 = 0 9284:20230712:142831.349 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142831.350 r12 = 384e790 = 59041680 = 59041680 9284:20230712:142831.350 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142831.351 r14 = 0 = 0 = 0 9284:20230712:142831.352 r15 = 0 = 0 = 0 9284:20230712:142831.352 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142831.353 rsi = 385ed70 = 59108720 = 59108720 9284:20230712:142831.353 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142831.354 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142831.354 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142831.355 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142831.355 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142831.356 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142831.356 efl = 202 = 514 = 514 9284:20230712:142831.357 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142831.358 === Backtrace: === 9284:20230712:142831.524 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142831.524 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142831.525 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142831.526 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142831.527 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142831.530 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142831.531 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142831.532 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142831.533 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142831.534 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142831.535 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142831.537 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142831.538 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142831.539 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142831.541 ================================ 9284:20230712:142831.542 provider 'hpqcaslwmiex' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142831.543 End of expand_message6():(null) 2184:20230712:142831.544 In collect_perfstat() 9284:20230712:142831.545 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.546 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25938 value:'The description for Event ID:0 in Source:'hpqcaslwmiex' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed' 9284:20230712:142831.547 buffer: new element 10 9284:20230712:142831.548 End of process_value():SUCCEED 9284:20230712:142831.549 In zbx_parse_eventlog_message6() EventRecordID:25939 2184:20230712:142831.549 End of collect_perfstat() 9284:20230712:142831.550 In expand_message6() 9284:20230712:142831.553 End of expand_message6():12926 9284:20230712:142831.554 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.554 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25939 value:'12926' 9284:20230712:142831.555 buffer: new element 11 9284:20230712:142831.556 End of process_value():SUCCEED 9284:20230712:142831.557 In zbx_parse_eventlog_message6() EventRecordID:25940 9284:20230712:142831.558 In expand_message6() 9284:20230712:142831.559 End of expand_message6():Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying... 9284:20230712:142831.560 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.561 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25940 value:'Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...' 9284:20230712:142831.562 buffer: new element 12 9284:20230712:142831.563 End of process_value():SUCCEED 9284:20230712:142831.563 In zbx_parse_eventlog_message6() EventRecordID:25941 9284:20230712:142831.564 In expand_message6() 9284:20230712:142831.567 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142831.568 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.568 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25941 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142831.569 buffer: new element 13 9284:20230712:142831.570 End of process_value():SUCCEED 9284:20230712:142831.571 In zbx_parse_eventlog_message6() EventRecordID:25942 9284:20230712:142831.572 In expand_message6() 9284:20230712:142831.574 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] 9284:20230712:142831.575 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.576 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25942 value:'The Software Protection service has completed licensing status check. Application Id=0ff1ce15-a989-479d-af46-f275c6370663 Licensing Status= 1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])] ' 9284:20230712:142831.577 buffer: new element 14 9284:20230712:142831.578 End of process_value():SUCCEED 9284:20230712:142831.578 In zbx_parse_eventlog_message6() EventRecordID:25943 9284:20230712:142831.579 In expand_message6() 9284:20230712:142831.581 End of expand_message6():Outlook loaded the following add-in(s): Name: Microsoft Exchange Add-in Description: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability. ProgID: UmOutlookAddin.FormRegionAddin GUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\UmOutlookAddin.dll Boot Time (Milliseconds): 47 Name: Microsoft Teams Meeting Add-in for Microsoft Office Description: Microsoft Teams Meeting Add-in for Microsoft Office ProgID: TeamsAddin.FastConnect GUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D} Load Behavior: 3 HKLM: 0 Location: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22209.4\x64\Microsoft.Teams.AddinLoader.dll Boot Time (Milliseconds): 15 Name: Outlook Social Connector 2016 Description: Connects to social networking sites and provides people, activity, and status information. ProgID: OscAddin.Connect GUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\SOCIALCONNECTOR.DLL Boot Time (Milliseconds): 47 Name: OneNote Notes about Outlook Items Description: Adds Send to OneNote and Notes about this Item buttons to the command bar ProgID: OneNote.OutlookAddin GUID: {93E5752E-B889-47C5-8545-654EE2533C64} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll Boot Time (Milliseconds): 32 Name: Microsoft VBA for Outlook Addin Description: ProgID: Microsoft.VbaAddinForOutlook.1 GUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2} Load Behavior: 9 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\OUTLVBA.DLL Boot Time (Milliseconds): 0 Name: Microsoft SharePoint Server Colleague Import Add-in Description: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content ProgID: ColleagueImport.ColleagueImportAddin GUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120} Load Behavior: 3 HKLM: 0 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\ColleagueImport.dll Boot Time (Milliseconds): 62 Name: HP Sure Click Outlook Add-in 4.3.4.610 Description: HP Sure Click Outlook Add-in 4.3.4.610 ProgID: Bromium.vSentry.OutlookAddin GUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\HP\Sure Click\4.3.4.610\servers\BrOutlookAddin.dll Boot Time (Milliseconds): 281 9284:20230712:142831.582 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.583 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25943 value:'Outlook loaded the following add-in(s): Name: Microsoft Exchange Add-in Description: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability. ProgID: UmOutlookAddin.FormRegionAddin GUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\UmOutlookAddin.dll Boot Time (Milliseconds): 47 Name: Microsoft Teams Meeting Add-in for Microsoft Office Description: Microsoft Teams Meeting Add-in for Microsoft Office ProgID: TeamsAddin.FastConnect GUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D} Load Behavior: 3 HKLM: 0 Location: C:\Users\MihailsPrihodko\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22209.4\x64\Microsoft.Teams.AddinLoader.dll Boot Time (Milliseconds): 15 Name: Outlook Social Connector 2016 Description: Connects to social networking sites and provides people, activity, and status information. ProgID: OscAddin.Connect GUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\SOCIALCONNECTOR.DLL Boot Time (Milliseconds): 47 Name: OneNote Notes about Outlook Items Description: Adds Send to OneNote and Notes about this Item buttons to the command bar ProgID: OneNote.OutlookAddin GUID: {93E5752E-B889-47C5-8545-654EE2533C64} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll Boot Time (Milliseconds): 32 Name: Microsoft VBA for Outlook Addin Description: ProgID: Microsoft.VbaAddinForOutlook.1 GUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2} Load Behavior: 9 HKLM: 1 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\OUTLVBA.DLL Boot Time (Milliseconds): 0 Name: Microsoft SharePoint Server Colleague Import Add-in Description: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content ProgID: ColleagueImport.ColleagueImportAddin GUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120} Load Behavior: 3 HKLM: 0 Location: C:\Program Files\Microsoft Office\root\Office16\ADDINS\ColleagueImport.dll Boot Time (Milliseconds): 62 Name: HP Sure Click Outlook Add-in 4.3.4.610 Description: HP Sure Click Outlook Add-in 4.3.4.610 ProgID: Bromium.vSentry.OutlookAddin GUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495} Load Behavior: 3 HKLM: 1 Location: C:\Program Files\HP\Sure Click\4.3.4.610\servers\BrOutlookAddin.dll Boot Time (Milliseconds): 281 ' 9284:20230712:142831.584 buffer: new element 15 9284:20230712:142831.585 End of process_value():SUCCEED 9284:20230712:142831.586 In zbx_parse_eventlog_message6() EventRecordID:25944 9284:20230712:142831.586 In expand_message6() 9284:20230712:142831.588 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142831.589 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.590 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25944 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142831.591 buffer: new element 16 9284:20230712:142831.591 End of process_value():SUCCEED 9284:20230712:142831.592 In zbx_parse_eventlog_message6() EventRecordID:25945 9284:20230712:142831.593 In expand_message6() 9284:20230712:142831.594 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142831.595 ====== Fatal information: ====== 9284:20230712:142831.596 Program counter: 0x67e2cf19 9284:20230712:142831.597 === Registers: === 9284:20230712:142831.598 r8 = 18 = 24 = 24 9284:20230712:142831.599 r9 = 0 = 0 = 0 9284:20230712:142831.600 r10 = 0 = 0 = 0 9284:20230712:142831.601 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142831.602 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142831.602 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142831.603 r14 = 0 = 0 = 0 9284:20230712:142831.604 r15 = 0 = 0 = 0 9284:20230712:142831.605 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142831.606 rsi = 385ef50 = 59109200 = 59109200 9284:20230712:142831.606 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142831.607 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142831.608 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142831.609 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142831.609 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142831.610 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142831.611 efl = 202 = 514 = 514 9284:20230712:142831.612 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142831.613 === Backtrace: === 9284:20230712:142831.765 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142831.766 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142831.767 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142831.768 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142831.769 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142831.771 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142831.772 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142831.773 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142831.774 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142831.775 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142831.776 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142831.777 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142831.778 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142831.778 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142831.780 ================================ 9284:20230712:142831.781 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142831.782 End of expand_message6():(null) 9284:20230712:142831.782 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.783 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25945 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142831.784 buffer: new element 17 9284:20230712:142831.785 End of process_value():SUCCEED 9284:20230712:142831.785 In zbx_parse_eventlog_message6() EventRecordID:25946 9284:20230712:142831.786 In expand_message6() 9284:20230712:142831.788 End of expand_message6():Service stopped. 9284:20230712:142831.789 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.789 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25946 value:'Service stopped.' 9284:20230712:142831.790 buffer: new element 18 9284:20230712:142831.791 End of process_value():SUCCEED 9284:20230712:142831.792 In zbx_parse_eventlog_message6() EventRecordID:25947 9284:20230712:142831.792 In expand_message6() 9284:20230712:142831.793 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142831.793 ====== Fatal information: ====== 9284:20230712:142831.794 Program counter: 0x67e2cf19 9284:20230712:142831.795 === Registers: === 9284:20230712:142831.795 r8 = 18 = 24 = 24 9284:20230712:142831.796 r9 = 0 = 0 = 0 9284:20230712:142831.797 r10 = 0 = 0 = 0 9284:20230712:142831.797 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142831.798 r12 = 38639b0 = 59128240 = 59128240 9284:20230712:142831.798 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142831.799 r14 = 0 = 0 = 0 9284:20230712:142831.800 r15 = 0 = 0 = 0 9284:20230712:142831.800 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142831.801 rsi = 385f6d0 = 59111120 = 59111120 9284:20230712:142831.802 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142831.803 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142831.805 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142831.806 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142831.806 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142831.807 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142831.808 efl = 202 = 514 = 514 9284:20230712:142831.808 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142831.809 === Backtrace: === 9284:20230712:142831.974 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142831.974 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142831.975 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142831.976 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142831.977 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142831.980 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142831.981 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142831.981 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142831.982 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142831.983 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142831.985 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142831.986 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142831.987 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142831.988 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142831.990 ================================ 9284:20230712:142831.991 provider 'gupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142831.992 End of expand_message6():(null) 9284:20230712:142831.992 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.993 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25947 value:'The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142831.994 buffer: new element 19 9284:20230712:142831.994 End of process_value():SUCCEED 9284:20230712:142831.995 In zbx_parse_eventlog_message6() EventRecordID:25948 9284:20230712:142831.996 In expand_message6() 9284:20230712:142831.997 End of expand_message6():Service started successfully. 9284:20230712:142831.998 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142831.998 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25948 value:'Service started successfully.' 9284:20230712:142831.999 buffer: new element 20 9284:20230712:142832.000 End of process_value():SUCCEED 9284:20230712:142832.001 In zbx_parse_eventlog_message6() EventRecordID:25949 9284:20230712:142832.001 In expand_message6() 9284:20230712:142832.004 End of expand_message6():Started event manager Started event manager 9284:20230712:142832.005 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.006 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25949 value:'Started event manager Started event manager' 9284:20230712:142832.007 buffer: new element 21 9284:20230712:142832.007 End of process_value():SUCCEED 9284:20230712:142832.008 In zbx_parse_eventlog_message6() EventRecordID:25950 9284:20230712:142832.009 In expand_message6() 9284:20230712:142832.011 End of expand_message6():Service started successfully. 9284:20230712:142832.012 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.013 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25950 value:'Service started successfully.' 9284:20230712:142832.013 buffer: new element 22 9284:20230712:142832.014 End of process_value():SUCCEED 9284:20230712:142832.015 In zbx_parse_eventlog_message6() EventRecordID:25951 9284:20230712:142832.015 In expand_message6() 9284:20230712:142832.017 End of expand_message6():The Windows Security Center Service has started. 9284:20230712:142832.018 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.019 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25951 value:'The Windows Security Center Service has started.' 9284:20230712:142832.019 buffer: new element 23 9284:20230712:142832.020 End of process_value():SUCCEED 9284:20230712:142832.021 In zbx_parse_eventlog_message6() EventRecordID:25952 9284:20230712:142832.022 In expand_message6() 9284:20230712:142832.024 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142832.025 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.026 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25952 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142832.026 buffer: new element 24 9284:20230712:142832.027 End of process_value():SUCCEED 9284:20230712:142832.028 In zbx_parse_eventlog_message6() EventRecordID:25953 9284:20230712:142832.029 In expand_message6() 9284:20230712:142832.030 End of expand_message6():Version : 2.0.11.0 9284:20230712:142832.031 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.031 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25953 value:'Version : 2.0.11.0' 9284:20230712:142832.032 buffer: new element 25 9284:20230712:142832.033 End of process_value():SUCCEED 9284:20230712:142832.033 In zbx_parse_eventlog_message6() EventRecordID:25954 9284:20230712:142832.034 In expand_message6() 9284:20230712:142832.036 End of expand_message6():Cloud logging is enabled. 9284:20230712:142832.037 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.038 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25954 value:'Cloud logging is enabled.' 9284:20230712:142832.039 buffer: new element 26 9284:20230712:142832.039 End of process_value():SUCCEED 9284:20230712:142832.040 In zbx_parse_eventlog_message6() EventRecordID:25955 9284:20230712:142832.041 In expand_message6() 9284:20230712:142832.042 End of expand_message6():Load Balance is enabled. 9284:20230712:142832.043 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.044 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25955 value:'Load Balance is enabled.' 9284:20230712:142832.045 buffer: new element 27 9284:20230712:142832.046 End of process_value():SUCCEED 9284:20230712:142832.046 In zbx_parse_eventlog_message6() EventRecordID:25956 9284:20230712:142832.047 In expand_message6() 9284:20230712:142832.049 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-13T06:11:42Z. Reason: RulesEngine. 9284:20230712:142832.050 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.050 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25956 value:'Successfully scheduled Software Protection service for re-start at 2122-08-13T06:11:42Z. Reason: RulesEngine.' 9284:20230712:142832.051 buffer: new element 28 9284:20230712:142832.052 End of process_value():SUCCEED 9284:20230712:142832.053 In zbx_parse_eventlog_message6() EventRecordID:25957 9284:20230712:142832.054 In expand_message6() 9284:20230712:142832.057 End of expand_message6():The Software Protection service has stopped. 9284:20230712:142832.058 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.059 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25957 value:'The Software Protection service has stopped. ' 9284:20230712:142832.060 buffer: new element 29 9284:20230712:142832.060 End of process_value():SUCCEED 9284:20230712:142832.061 In zbx_parse_eventlog_message6() EventRecordID:25958 9284:20230712:142832.062 In expand_message6() 9284:20230712:142832.064 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142832.065 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.066 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25958 value:'Offline downlevel migration succeeded.' 9284:20230712:142832.066 buffer: new element 30 9284:20230712:142832.068 End of process_value():SUCCEED 9284:20230712:142832.069 In zbx_parse_eventlog_message6() EventRecordID:25959 9284:20230712:142832.069 In expand_message6() 9284:20230712:142832.073 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142832.074 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.075 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25959 value:'The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142832.076 buffer: new element 31 9284:20230712:142832.076 End of process_value():SUCCEED 9284:20230712:142832.077 In zbx_parse_eventlog_message6() EventRecordID:25960 9284:20230712:142832.078 In expand_message6() 9284:20230712:142832.080 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip. 9284:20230712:142832.081 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.082 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25960 value:'Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.' 9284:20230712:142832.083 buffer: new element 32 9284:20230712:142832.083 End of process_value():SUCCEED 9284:20230712:142832.084 In zbx_parse_eventlog_message6() EventRecordID:25961 9284:20230712:142832.085 In expand_message6() 9284:20230712:142832.088 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip. 9284:20230712:142832.089 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.090 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25961 value:'Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.' 9284:20230712:142832.090 buffer: new element 33 9284:20230712:142832.091 End of process_value():SUCCEED 9284:20230712:142832.091 In zbx_parse_eventlog_message6() EventRecordID:25962 9284:20230712:142832.092 In expand_message6() 9284:20230712:142832.095 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip. 9284:20230712:142832.096 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.096 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25962 value:'Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.' 9284:20230712:142832.097 buffer: new element 34 9284:20230712:142832.098 End of process_value():SUCCEED 9284:20230712:142832.099 In zbx_parse_eventlog_message6() EventRecordID:25963 9284:20230712:142832.100 In expand_message6() 9284:20230712:142832.102 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip. 9284:20230712:142832.103 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.104 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25963 value:'Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.' 9284:20230712:142832.104 buffer: new element 35 9284:20230712:142832.105 End of process_value():SUCCEED 9284:20230712:142832.106 In zbx_parse_eventlog_message6() EventRecordID:25964 9284:20230712:142832.106 In expand_message6() 9284:20230712:142832.108 End of expand_message6():Updated policy Kernel-RegisteredProcessors with value of 2 from Clip. 9284:20230712:142832.109 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.110 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25964 value:'Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.' 9284:20230712:142832.111 buffer: new element 36 9284:20230712:142832.111 End of process_value():SUCCEED 9284:20230712:142832.112 In zbx_parse_eventlog_message6() EventRecordID:25965 9284:20230712:142832.112 In expand_message6() 9284:20230712:142832.113 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142832.114 ====== Fatal information: ====== 9284:20230712:142832.114 Program counter: 0x67e2cf19 9284:20230712:142832.115 === Registers: === 9284:20230712:142832.116 r8 = 18 = 24 = 24 9284:20230712:142832.117 r9 = 0 = 0 = 0 9284:20230712:142832.117 r10 = 0 = 0 = 0 9284:20230712:142832.118 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142832.119 r12 = 38633b0 = 59126704 = 59126704 9284:20230712:142832.119 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142832.120 r14 = 0 = 0 = 0 9284:20230712:142832.121 r15 = 0 = 0 = 0 9284:20230712:142832.122 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142832.123 rsi = 385ed70 = 59108720 = 59108720 9284:20230712:142832.124 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142832.125 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142832.126 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142832.126 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142832.127 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142832.128 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142832.129 efl = 202 = 514 = 514 9284:20230712:142832.129 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142832.130 === Backtrace: === 9284:20230712:142832.276 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142832.276 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142832.277 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142832.278 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142832.278 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142832.281 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142832.281 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142832.282 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142832.283 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142832.284 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142832.284 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142832.285 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142832.286 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142832.287 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142832.288 ================================ 9284:20230712:142832.289 provider 'gupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142832.289 End of expand_message6():(null) 9284:20230712:142832.290 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.290 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25965 value:'The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142832.290 buffer: new element 37 9284:20230712:142832.291 End of process_value():SUCCEED 9284:20230712:142832.291 In zbx_parse_eventlog_message6() EventRecordID:25966 9284:20230712:142832.292 In expand_message6() 9284:20230712:142832.294 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-13T06:13:06Z. Reason: RulesEngine. 9284:20230712:142832.294 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.295 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25966 value:'Successfully scheduled Software Protection service for re-start at 2122-08-13T06:13:06Z. Reason: RulesEngine.' 9284:20230712:142832.295 buffer: new element 38 9284:20230712:142832.296 End of process_value():SUCCEED 9284:20230712:142832.296 In zbx_parse_eventlog_message6() EventRecordID:25967 9284:20230712:142832.297 In expand_message6() 9284:20230712:142832.298 End of expand_message6():Finish Device Check 9284:20230712:142832.298 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.299 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25967 value:'Finish Device Check' 9284:20230712:142832.299 buffer: new element 39 9284:20230712:142832.300 End of process_value():SUCCEED 9284:20230712:142832.300 In zbx_parse_eventlog_message6() EventRecordID:25968 9284:20230712:142832.301 In expand_message6() 9284:20230712:142832.302 End of expand_message6():Beginning a Windows Installer transaction: C:\Users\MIHAIL~1\AppData\Local\Temp\cm56dqpz96r7ebx6qwtzs9we\7odl21yv8fm8yh407lbrk3x9.msi. Client Process Id: 1140. 9284:20230712:142832.303 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.303 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25968 value:'Beginning a Windows Installer transaction: C:\Users\MIHAIL~1\AppData\Local\Temp\cm56dqpz96r7ebx6qwtzs9we\7odl21yv8fm8yh407lbrk3x9.msi. Client Process Id: 1140.' 9284:20230712:142832.304 buffer: new element 40 9284:20230712:142832.304 End of process_value():SUCCEED 9284:20230712:142832.305 In zbx_parse_eventlog_message6() EventRecordID:25969 9284:20230712:142832.305 In expand_message6() 9284:20230712:142832.307 End of expand_message6():Successfully created restore point (Process = C:\WINDOWS\system32\msiexec.exe /V; Description = Installed Oracle VM VirtualBox 6.1.38). 9284:20230712:142832.307 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.308 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25969 value:'Successfully created restore point (Process = C:\WINDOWS\system32\msiexec.exe /V; Description = Installed Oracle VM VirtualBox 6.1.38).' 9284:20230712:142832.308 buffer: new element 41 9284:20230712:142832.309 End of process_value():SUCCEED 9284:20230712:142832.309 In zbx_parse_eventlog_message6() EventRecordID:25970 9284:20230712:142832.310 In expand_message6() 9284:20230712:142832.312 End of expand_message6():Starting session 0 - ‎2022‎-‎09‎-‎06T06:16:21.790686000Z. 9284:20230712:142832.313 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.313 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25970 value:'Starting session 0 - ‎2022‎-‎09‎-‎06T06:16:21.790686000Z.' 9284:20230712:142832.314 buffer: new element 42 9284:20230712:142832.314 End of process_value():SUCCEED 9284:20230712:142832.315 In zbx_parse_eventlog_message6() EventRecordID:25971 9284:20230712:142832.316 In expand_message6() 9284:20230712:142832.318 End of expand_message6():Starting session 0 - ‎2022‎-‎09‎-‎06T06:16:24.414107600Z. 9284:20230712:142832.319 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.319 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25971 value:'Starting session 0 - ‎2022‎-‎09‎-‎06T06:16:24.414107600Z.' 9284:20230712:142832.320 buffer: new element 43 9284:20230712:142832.321 End of process_value():SUCCEED 9284:20230712:142832.321 In zbx_parse_eventlog_message6() EventRecordID:25972 9284:20230712:142832.322 In expand_message6() 9284:20230712:142832.323 End of expand_message6():Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4. 9284:20230712:142832.324 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.325 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25972 value:'Scoping started for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4.' 9284:20230712:142832.325 buffer: new element 44 9284:20230712:142832.326 End of process_value():SUCCEED 9284:20230712:142832.326 In zbx_parse_eventlog_message6() EventRecordID:25973 9284:20230712:142832.327 In expand_message6() 9284:20230712:142832.328 End of expand_message6():Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4. 9284:20230712:142832.329 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.329 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25973 value:'Scoping completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4.' 9284:20230712:142832.330 buffer: new element 45 9284:20230712:142832.331 End of process_value():SUCCEED 9284:20230712:142832.331 In zbx_parse_eventlog_message6() EventRecordID:25974 9284:20230712:142832.332 In expand_message6() 9284:20230712:142832.333 End of expand_message6():Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4. 9284:20230712:142832.334 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.334 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25974 value:'Scoping successfully completed for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4.' 9284:20230712:142832.335 buffer: new element 46 9284:20230712:142832.335 End of process_value():SUCCEED 9284:20230712:142832.336 In zbx_parse_eventlog_message6() EventRecordID:25975 9284:20230712:142832.337 In expand_message6() 9284:20230712:142832.338 End of expand_message6():An error occured while refreshing environment variables updated during the installation of ''. Some users logged on to the machine may not see these changes until they log off and then log back on. 9284:20230712:142832.339 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.339 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25975 value:'An error occured while refreshing environment variables updated during the installation of ''. Some users logged on to the machine may not see these changes until they log off and then log back on.' 9284:20230712:142832.340 buffer: new element 47 9284:20230712:142832.341 End of process_value():SUCCEED 9284:20230712:142832.341 In zbx_parse_eventlog_message6() EventRecordID:25976 9284:20230712:142832.342 In expand_message6() 9284:20230712:142832.344 End of expand_message6():Ending a Windows Installer transaction: C:\Users\MIHAIL~1\AppData\Local\Temp\cm56dqpz96r7ebx6qwtzs9we\7odl21yv8fm8yh407lbrk3x9.msi. Client Process Id: 1140. 9284:20230712:142832.344 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.345 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25976 value:'Ending a Windows Installer transaction: C:\Users\MIHAIL~1\AppData\Local\Temp\cm56dqpz96r7ebx6qwtzs9we\7odl21yv8fm8yh407lbrk3x9.msi. Client Process Id: 1140.' 9284:20230712:142832.346 buffer: new element 48 9284:20230712:142832.346 End of process_value():SUCCEED 9284:20230712:142832.347 In zbx_parse_eventlog_message6() EventRecordID:25977 9284:20230712:142832.347 In expand_message6() 9284:20230712:142832.349 End of expand_message6():Ending session 0 started ‎2022‎-‎09‎-‎06T06:16:21.790686000Z. 9284:20230712:142832.353 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142832.354 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25977 value:'Ending session 0 started ‎2022‎-‎09‎-‎06T06:16:21.790686000Z.' 9284:20230712:142832.355 buffer: new element 49 9284:20230712:142832.355 In send_buffer() host:'192.168.56.201' port:10051 entries:50/100 9284:20230712:142832.356 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:60, connection timeout:3] 9284:20230712:142832.357 JSON before sending [{"request":"agent data","session":"4027be861358abcc6136983f1f36335c","data":[{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.","lastlogsize":25928,"timestamp":1662444560,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":951,"clock":1689161311,"ns":296220700},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.","lastlogsize":25929,"timestamp":1662444560,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":952,"clock":1689161311,"ns":301475300},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.","lastlogsize":25930,"timestamp":1662444560,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":953,"clock":1689161311,"ns":306998400},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has started.\r\n10.0.19041.1889","lastlogsize":25931,"timestamp":1662444560,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":902,"id":954,"clock":1689161311,"ns":312447300},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=55c92734-d682-4d71-983e-d6ec3f16059f\r\nLicensing Status=\n1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]\n38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25932,"timestamp":1662444560,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":955,"clock":1689161311,"ns":318091500},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.","lastlogsize":25933,"timestamp":1662444560,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":956,"clock":1689161311,"ns":323091300},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.","lastlogsize":25934,"timestamp":1662444560,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":957,"clock":1689161311,"ns":328209800},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.","lastlogsize":25935,"timestamp":1662444560,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":958,"clock":1689161311,"ns":333098800},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.","lastlogsize":25936,"timestamp":1662444560,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":959,"clock":1689161311,"ns":338630000},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.","lastlogsize":25937,"timestamp":1662444560,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":960,"clock":1689161311,"ns":343636500},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'hpqcaslwmiex' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed","lastlogsize":25938,"timestamp":1662444561,"source":"hpqcaslwmiex","severity":1,"id":961,"clock":1689161311,"ns":547288400},{"host":"Windows host","key":"eventlog[Application]","value":"12926","lastlogsize":25939,"timestamp":1662444570,"source":"SensorFramework-LogonTask-{100ee514-48c8-f419-6760-6fb8cb2767cd}","severity":1,"eventid":92,"id":962,"clock":1689161311,"ns":555839300},{"host":"Windows host","key":"eventlog[Application]","value":"Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...","lastlogsize":25940,"timestamp":1662444579,"source":"DbxSvc","severity":1,"eventid":320,"id":963,"clock":1689161311,"ns":562515500},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 3d0631e3-1091-416d-92a5-42f84a86d868, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n3: 742178ed-6b28-42dd-b3d7-b7c0ea78741b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 812837cb-040b-4829-8e22-15c4919feba4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 81d507d6-e729-436d-ad4d-fed2cbe4e566, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25941,"timestamp":1662444585,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":964,"clock":1689161311,"ns":569960000},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=0ff1ce15-a989-479d-af46-f275c6370663\r\nLicensing Status=\n1: 6337137e-7c07-4197-8986-bece6a76fc33, 1, 1 [(0 [0xC004E003, 0, 0], [( 9 0xC004FC07 46 0)( 1 0x00000000)(?)( 2 0x00000000 3 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0xC004FC07 46 0)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 10 0)( 1 0x00000000)( 6 0xC004F009 10 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004FC07)])]\n\n","lastlogsize":25942,"timestamp":1662444585,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":965,"clock":1689161311,"ns":577462500},{"host":"Windows host","key":"eventlog[Application]","value":"Outlook loaded the following add-in(s):\n\n\nName: Microsoft Exchange Add-in\nDescription: Exchange support for Unified Messaging, e-mail permission rules, and calendar availability.\nProgID: UmOutlookAddin.FormRegionAddin\nGUID: {F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\UmOutlookAddin.dll\nBoot Time (Milliseconds): 47\n\nName: Microsoft Teams Meeting Add-in for Microsoft Office\nDescription: Microsoft Teams Meeting Add-in for Microsoft Office\nProgID: TeamsAddin.FastConnect\nGUID: {19A6E644-14E6-4A60-B8D7-DD20610A871D}\nLoad Behavior: 3\nHKLM: 0\nLocation: C:\\Users\\MihailsPrihodko\\AppData\\Local\\Microsoft\\TeamsMeetingAddin\\1.0.22209.4\\x64\\Microsoft.Teams.AddinLoader.dll\nBoot Time (Milliseconds): 15\n\nName: Outlook Social Connector 2016\nDescription: Connects to social networking sites and provides people, activity, and status information.\nProgID: OscAddin.Connect\nGUID: {2163EB1F-3FD9-4212-A41F-81D1F933597F}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\SOCIALCONNECTOR.DLL\nBoot Time (Milliseconds): 47\n\nName: OneNote Notes about Outlook Items\nDescription: Adds Send to OneNote and Notes about this Item buttons to the command bar\nProgID: OneNote.OutlookAddin\nGUID: {93E5752E-B889-47C5-8545-654EE2533C64}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ONBttnOL.dll\nBoot Time (Milliseconds): 32\n\nName: Microsoft VBA for Outlook Addin\nDescription: \nProgID: Microsoft.VbaAddinForOutlook.1\nGUID: {799ED9EA-FB5E-11D1-B7D6-00C04FC2AAE2}\nLoad Behavior: 9\nHKLM: 1\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\OUTLVBA.DLL\nBoot Time (Milliseconds): 0\n\nName: Microsoft SharePoint Server Colleague Import Add-in\nDescription: The Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content\nProgID: ColleagueImport.ColleagueImportAddin\nGUID: {EFEF7FDB-0CED-4FB6-B3BB-3C50D39F4120}\nLoad Behavior: 3\nHKLM: 0\nLocation: C:\\Program Files\\Microsoft Office\\root\\Office16\\ADDINS\\ColleagueImport.dll\nBoot Time (Milliseconds): 62\n\nName: HP Sure Click Outlook Add-in 4.3.4.610\nDescription: HP Sure Click Outlook Add-in 4.3.4.610\nProgID: Bromium.vSentry.OutlookAddin\nGUID: {B58A2548-77E4-434A-8DD6-C7AD3C6D4495}\nLoad Behavior: 3\nHKLM: 1\nLocation: C:\\Program Files\\HP\\Sure Click\\4.3.4.610\\servers\\BrOutlookAddin.dll\nBoot Time (Milliseconds): 281\n","lastlogsize":25943,"timestamp":1662444585,"source":"Outlook","severity":1,"eventid":45,"id":966,"clock":1689161311,"ns":584341100},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":25944,"timestamp":1662444586,"source":"Outlook","severity":1,"eventid":63,"id":967,"clock":1689161311,"ns":591315600},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25945,"timestamp":1662444668,"source":"dbupdate","severity":1,"id":968,"clock":1689161311,"ns":784529100},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped.","lastlogsize":25946,"timestamp":1662444668,"source":"edgeupdate","severity":1,"id":969,"clock":1689161311,"ns":790784700},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25947,"timestamp":1662444669,"source":"gupdate","severity":1,"id":970,"clock":1689161311,"ns":994298100},{"host":"Windows host","key":"eventlog[Application]","value":"Service started successfully.","lastlogsize":25948,"timestamp":1662444669,"source":"HP Comm Recovery","severity":1,"id":971,"clock":1689161311,"ns":999990000},{"host":"Windows host","key":"eventlog[Application]","value":"Started event manager\nStarted event manager","lastlogsize":25949,"timestamp":1662444669,"source":"IAStorDataMgrSvc","severity":1,"eventid":7303,"id":972,"clock":1689161312,"ns":7327700},{"host":"Windows host","key":"eventlog[Application]","value":"Service started successfully.","lastlogsize":25950,"timestamp":1662444669,"source":"IAStorDataMgrSvc","severity":1,"id":973,"clock":1689161312,"ns":13875100},{"host":"Windows host","key":"eventlog[Application]","value":"The Windows Security Center Service has started.","lastlogsize":25951,"timestamp":1662444671,"source":"SecurityCenter","severity":1,"eventid":1,"id":974,"clock":1689161312,"ns":20174800},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25952,"timestamp":1662444673,"source":"SecurityCenter","severity":1,"eventid":15,"id":975,"clock":1689161312,"ns":26904300},{"host":"Windows host","key":"eventlog[Application]","value":"Version : 2.0.11.0","lastlogsize":25953,"timestamp":1662444699,"source":"HP Comm Recovery","severity":1,"id":976,"clock":1689161312,"ns":32711500},{"host":"Windows host","key":"eventlog[Application]","value":"Cloud logging is enabled.","lastlogsize":25954,"timestamp":1662444699,"source":"HP Comm Recovery","severity":1,"id":977,"clock":1689161312,"ns":39286100},{"host":"Windows host","key":"eventlog[Application]","value":"Load Balance is enabled.","lastlogsize":25955,"timestamp":1662444699,"source":"HP Comm Recovery","severity":1,"id":978,"clock":1689161312,"ns":45588700},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-13T06:11:42Z. Reason: RulesEngine.","lastlogsize":25956,"timestamp":1662444702,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":979,"clock":1689161312,"ns":51816500},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has stopped.\r\n","lastlogsize":25957,"timestamp":1662444702,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":903,"id":980,"clock":1689161312,"ns":60360700},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25958,"timestamp":1662444722,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":981,"clock":1689161312,"ns":67043000},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=55c92734-d682-4d71-983e-d6ec3f16059f\r\nLicensing Status=\n1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]\n38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":25959,"timestamp":1662444724,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":982,"clock":1689161312,"ns":76185800},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.","lastlogsize":25960,"timestamp":1662444724,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":983,"clock":1689161312,"ns":83398900},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.","lastlogsize":25961,"timestamp":1662444724,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":984,"clock":1689161312,"ns":90673200},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.","lastlogsize":25962,"timestamp":1662444724,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":985,"clock":1689161312,"ns":97758500},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.","lastlogsize":25963,"timestamp":1662444724,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":986,"clock":1689161312,"ns":104865400},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.","lastlogsize":25964,"timestamp":1662444724,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":987,"clock":1689161312,"ns":111232200},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":25965,"timestamp":1662444782,"source":"gupdate","severity":1,"id":988,"clock":1689161312,"ns":291032800},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-13T06:13:06Z. Reason: RulesEngine.","lastlogsize":25966,"timestamp":1662444786,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":989,"clock":1689161312,"ns":295643100},{"host":"Windows host","key":"eventlog[Application]","value":"Finish Device Check","lastlogsize":25967,"timestamp":1662444879,"source":"HP Comm Recovery","severity":1,"eventid":1,"id":990,"clock":1689161312,"ns":299804400},{"host":"Windows host","key":"eventlog[Application]","value":"Beginning a Windows Installer transaction: C:\\Users\\MIHAIL~1\\AppData\\Local\\Temp\\cm56dqpz96r7ebx6qwtzs9we\\7odl21yv8fm8yh407lbrk3x9.msi. Client Process Id: 1140.","lastlogsize":25968,"timestamp":1662444968,"source":"MsiInstaller","severity":1,"eventid":1040,"id":991,"clock":1689161312,"ns":304304000},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully created restore point (Process = C:\\WINDOWS\\system32\\msiexec.exe /V; Description = Installed Oracle VM VirtualBox 6.1.38).","lastlogsize":25969,"timestamp":1662444979,"source":"System Restore","severity":1,"eventid":8194,"id":992,"clock":1689161312,"ns":308812000},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 0 - ‎2022‎-‎09‎-‎06T06:16:21.790686000Z.","lastlogsize":25970,"timestamp":1662444981,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":993,"clock":1689161312,"ns":314469200},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 0 - ‎2022‎-‎09‎-‎06T06:16:24.414107600Z.","lastlogsize":25971,"timestamp":1662444984,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":994,"clock":1689161312,"ns":320562800},{"host":"Windows host","key":"eventlog[Application]","value":"Scoping started for shadowcopy \\\\?\\GLOBALROOT\\Device\\HarddiskVolumeShadowCopy4.","lastlogsize":25972,"timestamp":1662444991,"source":"Microsoft-Windows-System-Restore","severity":1,"eventid":8300,"id":995,"clock":1689161312,"ns":325582400},{"host":"Windows host","key":"eventlog[Application]","value":"Scoping completed for shadowcopy \\\\?\\GLOBALROOT\\Device\\HarddiskVolumeShadowCopy4.","lastlogsize":25973,"timestamp":1662445001,"source":"Microsoft-Windows-System-Restore","severity":1,"eventid":8301,"id":996,"clock":1689161312,"ns":330581100},{"host":"Windows host","key":"eventlog[Application]","value":"Scoping successfully completed for shadowcopy \\\\?\\GLOBALROOT\\Device\\HarddiskVolumeShadowCopy4.","lastlogsize":25974,"timestamp":1662445001,"source":"Microsoft-Windows-System-Restore","severity":1,"eventid":8302,"id":997,"clock":1689161312,"ns":335528800},{"host":"Windows host","key":"eventlog[Application]","value":"An error occured while refreshing environment variables updated during the installation of ''. Some users logged on to the machine may not see these changes until they log off and then log back on.","lastlogsize":25975,"timestamp":1662445010,"source":"MsiInstaller","severity":2,"eventid":1032,"id":998,"clock":1689161312,"ns":340620800},{"host":"Windows host","key":"eventlog[Application]","value":"Ending a Windows Installer transaction: C:\\Users\\MIHAIL~1\\AppData\\Local\\Temp\\cm56dqpz96r7ebx6qwtzs9we\\7odl21yv8fm8yh407lbrk3x9.msi. Client Process Id: 1140.","lastlogsize":25976,"timestamp":1662445017,"source":"MsiInstaller","severity":1,"eventid":1042,"id":999,"clock":1689161312,"ns":346154700},{"host":"Windows host","key":"eventlog[Application]","value":"Ending session 0 started ‎2022‎-‎09‎-‎06T06:16:21.790686000Z.","lastlogsize":25977,"timestamp":1662445017,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10001,"id":1000,"clock":1689161312,"ns":355160800}],"clock":1689161312,"ns":357056100}] 9284:20230712:142832.362 JSON back [{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002689"}] 9284:20230712:142832.363 In check_response() response:'{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002689"}' 9284:20230712:142832.364 info from server: 'processed: 50; failed: 0; total: 50; seconds spent: 0.002689' 9284:20230712:142832.364 End of check_response():SUCCEED 9284:20230712:142832.365 OK 9284:20230712:142832.365 End of send_buffer():SUCCEED 9284:20230712:142832.366 End of process_value():SUCCEED 9284:20230712:142832.367 End of process_eventslog6():SUCCEED last eventid:10001 9284:20230712:142832.367 In finalize_eventlog6() 9284:20230712:142832.369 End of finalize_eventlog6():SUCCEED 9284:20230712:142832.369 In need_meta_update() key:eventlog[Application] 9284:20230712:142832.370 End of need_meta_update():FAIL 9284:20230712:142832.371 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142832.371 End of send_buffer():SUCCEED 9284:20230712:142832.372 End of process_active_checks() 9284:20230712:142832.373 In get_min_nextcheck() 9284:20230712:142832.373 End of get_min_nextcheck():1689161322 9284:20230712:142832.374 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142832.375 End of send_buffer():SUCCEED 9284:20230712:142832.375 In refresh_active_checks() host:'192.168.56.201' port:10051 9284:20230712:142832.380 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:3, connection timeout:3] 9284:20230712:142832.381 sending [{"request":"active checks","host":"Windows host","host_metadata":"Q21 Ver. 02.09.01","config_revision":919,"session":"4027be861358abcc6136983f1f36335c"}] 9284:20230712:142832.382 before read 9284:20230712:142832.383 got [{"response":"success"}] 9284:20230712:142832.384 In parse_list_of_checks() 9284:20230712:142832.385 End of parse_list_of_checks():SUCCEED 9284:20230712:142832.386 End of refresh_active_checks():SUCCEED 9284:20230712:142832.386 In process_active_checks() server:'192.168.56.201' port:10051 9284:20230712:142832.387 End of process_active_checks() 9284:20230712:142832.388 In get_min_nextcheck() 9284:20230712:142832.389 End of get_min_nextcheck():1689161322 2184:20230712:142832.551 In collect_perfstat() 2184:20230712:142832.554 End of collect_perfstat() 9284:20230712:142833.392 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142833.395 End of send_buffer():SUCCEED 2184:20230712:142833.556 In collect_perfstat() 2184:20230712:142833.564 End of collect_perfstat() 9284:20230712:142834.397 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142834.397 End of send_buffer():SUCCEED 2184:20230712:142834.565 In collect_perfstat() 2184:20230712:142834.570 End of collect_perfstat() 9284:20230712:142835.399 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142835.400 End of send_buffer():SUCCEED 2184:20230712:142835.573 In collect_perfstat() 2184:20230712:142835.578 End of collect_perfstat() 17028:20230712:142835.649 Requested [system.sw.os.get] 17028:20230712:142835.650 [MPLOG] in system_sw_os_get() 17028:20230712:142835.651 [MPLOG] end system_sw_os_get() 17028:20230712:142835.652 Sending back [{"os_type":"windows","product_name":"Windows 10 Pro","architecture":"x86_64","build_number":"19045","build_revision":"3086","build":"19045.3086","edition":"Professional","composition":"Enterprise","display_version":"22H2","version":"6.3","version_pretty":"Windows 10 Pro Build 19045.3086","version_full":"Windows 10 Pro 19041.1.amd64fre.vb_release.191206-1406 Build 19045.3086"}] 9284:20230712:142836.404 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142836.406 End of send_buffer():SUCCEED 2184:20230712:142836.581 In collect_perfstat() 2184:20230712:142836.587 End of collect_perfstat() 9284:20230712:142837.409 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142837.412 End of send_buffer():SUCCEED 9284:20230712:142837.414 In refresh_active_checks() host:'192.168.56.201' port:10051 9284:20230712:142837.429 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:3, connection timeout:3] 9284:20230712:142837.433 sending [{"request":"active checks","host":"Windows host","host_metadata":"Q21 Ver. 02.09.01","config_revision":919,"session":"4027be861358abcc6136983f1f36335c"}] 9284:20230712:142837.436 before read 9284:20230712:142837.438 got [{"response":"success"}] 9284:20230712:142837.441 In parse_list_of_checks() 9284:20230712:142837.443 End of parse_list_of_checks():SUCCEED 9284:20230712:142837.445 End of refresh_active_checks():SUCCEED 9284:20230712:142837.447 In process_active_checks() server:'192.168.56.201' port:10051 9284:20230712:142837.449 End of process_active_checks() 9284:20230712:142837.450 In get_min_nextcheck() 9284:20230712:142837.451 End of get_min_nextcheck():1689161322 2184:20230712:142837.591 In collect_perfstat() 2184:20230712:142837.597 End of collect_perfstat() 14488:20230712:142837.651 Requested [agent.ping] 14488:20230712:142837.653 Sending back [1] 9284:20230712:142838.455 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142838.457 End of send_buffer():SUCCEED 2184:20230712:142838.598 In collect_perfstat() 2184:20230712:142838.601 End of collect_perfstat() 9284:20230712:142839.461 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142839.464 End of send_buffer():SUCCEED 2184:20230712:142839.604 In collect_perfstat() 2184:20230712:142839.612 End of collect_perfstat() 9284:20230712:142840.466 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142840.467 End of send_buffer():SUCCEED 2184:20230712:142840.614 In collect_perfstat() 2184:20230712:142840.617 End of collect_perfstat() 9284:20230712:142841.469 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142841.471 End of send_buffer():SUCCEED 2184:20230712:142841.619 In collect_perfstat() 2184:20230712:142841.622 End of collect_perfstat() 9284:20230712:142842.475 In send_buffer() host:'192.168.56.201' port:10051 entries:0/100 9284:20230712:142842.477 End of send_buffer():SUCCEED 9284:20230712:142842.480 In refresh_active_checks() host:'192.168.56.201' port:10051 9284:20230712:142842.494 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:3, connection timeout:3] 9284:20230712:142842.498 sending [{"request":"active checks","host":"Windows host","host_metadata":"Q21 Ver. 02.09.01","config_revision":919,"session":"4027be861358abcc6136983f1f36335c"}] 9284:20230712:142842.501 before read 9284:20230712:142842.503 got [{"response":"success"}] 9284:20230712:142842.506 In parse_list_of_checks() 9284:20230712:142842.508 End of parse_list_of_checks():SUCCEED 9284:20230712:142842.509 End of refresh_active_checks():SUCCEED 9284:20230712:142842.511 In process_active_checks() server:'192.168.56.201' port:10051 9284:20230712:142842.513 In initialize_eventlog6() source:'Application' previous lastlogsize:25977 9284:20230712:142842.514 In zbx_open_eventlog6() lastlogsize:25977 9284:20230712:142842.516 In get_eventlog6_id() 9284:20230712:142842.518 End of get_eventlog6_id():SUCCEED id:94304984 9284:20230712:142842.519 In get_eventlog6_id() 9284:20230712:142842.521 End of get_eventlog6_id():SUCCEED id:94304976 9284:20230712:142842.522 End of zbx_open_eventlog6():SUCCEED FirstID:24378 LastID:70732 9284:20230712:142842.523 In zbx_get_handle_eventlog6(), previous lastlogsize:25977 9284:20230712:142842.524 End of zbx_get_handle_eventlog6():SUCCEED 9284:20230712:142842.525 End of initialize_eventlog6():SUCCEED 9284:20230712:142842.526 In process_eventslog6() source: 'Application' previous lastlogsize: 25977, FirstID: 24378, LastID: 70732 9284:20230712:142842.536 In zbx_parse_eventlog_message6() EventRecordID:25978 9284:20230712:142842.537 In expand_message6() 9284:20230712:142842.539 End of expand_message6():Ending session 0 started ‎2022‎-‎09‎-‎06T06:16:24.414107600Z. 9284:20230712:142842.540 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.540 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25978 value:'Ending session 0 started ‎2022‎-‎09‎-‎06T06:16:24.414107600Z.' 9284:20230712:142842.541 buffer: new element 0 9284:20230712:142842.542 End of process_value():SUCCEED 9284:20230712:142842.542 In zbx_parse_eventlog_message6() EventRecordID:25979 9284:20230712:142842.543 In expand_message6() 9284:20230712:142842.545 End of expand_message6():Product: Oracle VM VirtualBox 6.1.38 -- Installation completed successfully. 9284:20230712:142842.545 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.546 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25979 value:'Product: Oracle VM VirtualBox 6.1.38 -- Installation completed successfully.' 9284:20230712:142842.547 buffer: new element 1 9284:20230712:142842.547 End of process_value():SUCCEED 9284:20230712:142842.548 In zbx_parse_eventlog_message6() EventRecordID:25980 9284:20230712:142842.549 In expand_message6() 9284:20230712:142842.550 End of expand_message6():Windows Installer installed the product. Product Name: Oracle VM VirtualBox 6.1.38. Product Version: 6.1.38. Product Language: 1033. Manufacturer: Oracle Corporation. Installation success or error status: 0. 9284:20230712:142842.551 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.552 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25980 value:'Windows Installer installed the product. Product Name: Oracle VM VirtualBox 6.1.38. Product Version: 6.1.38. Product Language: 1033. Manufacturer: Oracle Corporation. Installation success or error status: 0.' 9284:20230712:142842.552 buffer: new element 2 9284:20230712:142842.553 End of process_value():SUCCEED 9284:20230712:142842.553 In zbx_parse_eventlog_message6() EventRecordID:25981 9284:20230712:142842.554 In expand_message6() 9284:20230712:142842.556 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142842.557 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.557 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25981 value:'Offline downlevel migration succeeded.' 9284:20230712:142842.558 buffer: new element 3 9284:20230712:142842.558 End of process_value():SUCCEED 9284:20230712:142842.559 In zbx_parse_eventlog_message6() EventRecordID:25982 9284:20230712:142842.560 In expand_message6() 9284:20230712:142842.561 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142842.562 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.563 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25982 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142842.563 buffer: new element 4 9284:20230712:142842.564 End of process_value():SUCCEED 9284:20230712:142842.565 In zbx_parse_eventlog_message6() EventRecordID:25983 9284:20230712:142842.565 In expand_message6() 9284:20230712:142842.567 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142842.567 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.568 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25983 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142842.569 buffer: new element 5 9284:20230712:142842.569 End of process_value():SUCCEED 9284:20230712:142842.570 In zbx_parse_eventlog_message6() EventRecordID:25984 9284:20230712:142842.571 In expand_message6() 9284:20230712:142842.572 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142842.573 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.574 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25984 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142842.574 buffer: new element 6 9284:20230712:142842.575 End of process_value():SUCCEED 9284:20230712:142842.576 In zbx_parse_eventlog_message6() EventRecordID:25985 9284:20230712:142842.576 In expand_message6() 9284:20230712:142842.578 End of expand_message6():The VSS service is shutting down due to idle timeout. 9284:20230712:142842.579 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.579 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25985 value:'The VSS service is shutting down due to idle timeout. ' 9284:20230712:142842.580 buffer: new element 7 9284:20230712:142842.581 End of process_value():SUCCEED 9284:20230712:142842.582 In zbx_parse_eventlog_message6() EventRecordID:25986 9284:20230712:142842.583 In expand_message6() 9284:20230712:142842.584 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142842.585 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.586 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25986 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142842.587 buffer: new element 8 9284:20230712:142842.587 End of process_value():SUCCEED 9284:20230712:142842.588 In zbx_parse_eventlog_message6() EventRecordID:25987 9284:20230712:142842.589 In expand_message6() 9284:20230712:142842.591 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-13T06:19:46Z. Reason: RulesEngine. 9284:20230712:142842.592 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.593 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25987 value:'Successfully scheduled Software Protection service for re-start at 2122-08-13T06:19:46Z. Reason: RulesEngine.' 9284:20230712:142842.594 buffer: new element 9 9284:20230712:142842.595 End of process_value():SUCCEED 9284:20230712:142842.596 In zbx_parse_eventlog_message6() EventRecordID:25988 9284:20230712:142842.596 In expand_message6() 9284:20230712:142842.598 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142842.599 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.600 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25988 value:'Offline downlevel migration succeeded.' 9284:20230712:142842.601 buffer: new element 10 9284:20230712:142842.602 End of process_value():SUCCEED 9284:20230712:142842.602 In zbx_parse_eventlog_message6() EventRecordID:25989 9284:20230712:142842.603 In expand_message6() 9284:20230712:142842.605 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-13T06:25:31Z. Reason: RulesEngine. 9284:20230712:142842.606 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.606 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25989 value:'Successfully scheduled Software Protection service for re-start at 2122-08-13T06:25:31Z. Reason: RulesEngine.' 9284:20230712:142842.607 buffer: new element 11 9284:20230712:142842.608 End of process_value():SUCCEED 9284:20230712:142842.608 In zbx_parse_eventlog_message6() EventRecordID:25990 9284:20230712:142842.609 In expand_message6() 9284:20230712:142842.611 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142842.612 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.613 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25990 value:'Offline downlevel migration succeeded.' 9284:20230712:142842.614 buffer: new element 12 9284:20230712:142842.614 End of process_value():SUCCEED 9284:20230712:142842.615 In zbx_parse_eventlog_message6() EventRecordID:25991 9284:20230712:142842.616 In expand_message6() 9284:20230712:142842.618 End of expand_message6():svchost (12784,P,98) DS_Token_DB: The database engine (10.00.19044.0000) is starting a new instance (0). 9284:20230712:142842.618 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.619 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25991 value:'svchost (12784,P,98) DS_Token_DB: The database engine (10.00.19044.0000) is starting a new instance (0).' 9284:20230712:142842.620 buffer: new element 13 9284:20230712:142842.620 End of process_value():SUCCEED 9284:20230712:142842.621 In zbx_parse_eventlog_message6() EventRecordID:25992 9284:20230712:142842.621 In expand_message6() 9284:20230712:142842.623 End of expand_message6():svchost (12784,R,98) DS_Token_DB: The database engine is initiating recovery steps. 9284:20230712:142842.624 End of zbx_parse_eventlog_message6():SUCCEED 2184:20230712:142842.624 In collect_perfstat() 9284:20230712:142842.625 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25992 value:'svchost (12784,R,98) DS_Token_DB: The database engine is initiating recovery steps.' 9284:20230712:142842.626 buffer: new element 14 9284:20230712:142842.626 End of process_value():SUCCEED 9284:20230712:142842.627 In zbx_parse_eventlog_message6() EventRecordID:25993 2184:20230712:142842.628 End of collect_perfstat() 9284:20230712:142842.628 In expand_message6() 9284:20230712:142842.630 End of expand_message6():svchost (12784,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Processing Stats: [1] 0.018239 -0.002705 (8) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:24336/17) +M(C:0K, Fs:99, WS:248K # 252K, PF:160K # 164K, P:160K). Log record of type 'AttachDB ' was seen most frequently (2 times) 9284:20230712:142842.631 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.631 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25993 value:'svchost (12784,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log. Processing Stats: [1] 0.018239 -0.002705 (8) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:24336/17) +M(C:0K, Fs:99, WS:248K # 252K, PF:160K # 164K, P:160K). Log record of type 'AttachDB ' was seen most frequently (2 times)' 9284:20230712:142842.632 buffer: new element 15 9284:20230712:142842.632 End of process_value():SUCCEED 9284:20230712:142842.633 In zbx_parse_eventlog_message6() EventRecordID:25994 9284:20230712:142842.633 In expand_message6() 9284:20230712:142842.635 End of expand_message6():svchost (12784,U,98) DS_Token_DB: The database engine has successfully completed recovery steps. 9284:20230712:142842.636 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.636 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25994 value:'svchost (12784,U,98) DS_Token_DB: The database engine has successfully completed recovery steps.' 9284:20230712:142842.637 buffer: new element 16 9284:20230712:142842.637 End of process_value():SUCCEED 9284:20230712:142842.638 In zbx_parse_eventlog_message6() EventRecordID:25995 9284:20230712:142842.638 In expand_message6() 9284:20230712:142842.640 End of expand_message6():svchost (12784,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000020:0001:0000 - 00000020:0006:0039 - 00000020:0007:0000 - 00000020:0007:0000 (00000000:0000:0000) cReInits = 2 Internal Timing Sequence: [1] 0.000932 +J(0) +M(C:0K, Fs:148, WS:572K # 572K, PF:2768K # 2768K, P:2768K) [2] 0.000373 +J(0) +M(C:8K, Fs:174, WS:688K # 688K, PF:1208K # 1208K, P:1208K) [3] 0.000020 +J(0) +M(C:0K, Fs:10, WS:36K # 36K, PF:68K # 68K, P:68K) [4] 0.000134 +J(0) +M(C:0K, Fs:83, WS:332K # 332K, PF:164K # 164K, P:164K) [5] 0.002325 +J(0) +M(C:0K, Fs:19, WS:76K # 76K, PF:16K # 16K, P:16K) [6] 0.007340 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.004168 -0.000403 (2) WT +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:64K # 64K, P:64K) [8] 0.031405 -0.003217 (11) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:24336/17) +M(C:0K, Fs:133, WS:376K # 380K, PF:252K # 256K, P:252K) [9] 0.001263 +J(0) +M(C:0K, Fs:7, WS:28K # 24K, PF:0K # 0K, P:0K) [10] 0.001926 -0.000780 (1) WT +J(0) +M(C:0K, Fs:13, WS:-8K # 52K, PF:4K # 60K, P:4K) [11] 0.000023 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [12] 0.004664 -0.002102 (1) WT +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.037391 -0.000339 (2) CM -0.004466 (23) WT +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:52, WS:88K # 100K, PF:160K # 168K, P:160K) [14] 0.000022 +J(0) [15] 0.000012 +J(0) [16] 0.001104 -0.000064 (1) WT +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K). 9284:20230712:142842.641 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.641 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25995 value:'svchost (12784,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) Additional Data: lgposV2[] = 00000020:0001:0000 - 00000020:0006:0039 - 00000020:0007:0000 - 00000020:0007:0000 (00000000:0000:0000) cReInits = 2 Internal Timing Sequence: [1] 0.000932 +J(0) +M(C:0K, Fs:148, WS:572K # 572K, PF:2768K # 2768K, P:2768K) [2] 0.000373 +J(0) +M(C:8K, Fs:174, WS:688K # 688K, PF:1208K # 1208K, P:1208K) [3] 0.000020 +J(0) +M(C:0K, Fs:10, WS:36K # 36K, PF:68K # 68K, P:68K) [4] 0.000134 +J(0) +M(C:0K, Fs:83, WS:332K # 332K, PF:164K # 164K, P:164K) [5] 0.002325 +J(0) +M(C:0K, Fs:19, WS:76K # 76K, PF:16K # 16K, P:16K) [6] 0.007340 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:20K # 20K, P:20K) [7] 0.004168 -0.000403 (2) WT +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:64K # 64K, P:64K) [8] 0.031405 -0.003217 (11) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:24336/17) +M(C:0K, Fs:133, WS:376K # 380K, PF:252K # 256K, P:252K) [9] 0.001263 +J(0) +M(C:0K, Fs:7, WS:28K # 24K, PF:0K # 0K, P:0K) [10] 0.001926 -0.000780 (1) WT +J(0) +M(C:0K, Fs:13, WS:-8K # 52K, PF:4K # 60K, P:4K) [11] 0.000023 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [12] 0.004664 -0.002102 (1) WT +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [13] 0.037391 -0.000339 (2) CM -0.004466 (23) WT +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:52, WS:88K # 100K, PF:160K # 168K, P:160K) [14] 0.000022 +J(0) [15] 0.000012 +J(0) [16] 0.001104 -0.000064 (1) WT +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).' 9284:20230712:142842.642 buffer: new element 17 9284:20230712:142842.642 End of process_value():SUCCEED 9284:20230712:142842.643 In zbx_parse_eventlog_message6() EventRecordID:25996 9284:20230712:142842.643 In expand_message6() 9284:20230712:142842.645 End of expand_message6():svchost (12784,D,50) DS_Token_DB: The database engine attached a database (1, C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000020:0009:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000004 +J(0) [2] 0.001487 -0.000359 (1) WT +J(0) +M(C:0K, Fs:17, WS:4K # 8K, PF:4K # 0K, P:4K) [3] 0.010844 -0.000465 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:11, WS:40K # 0K, PF:36K # 0K, P:36K) [4] 0.001760 +J(0) [5] - [6] - [7] - [8] 0.000484 -0.000329 (2) CM -0.000239 (2) WT +J(CM:2, PgRf:2, Rd:4/2, Dy:0/0, Lg:54/1) +M(C:8K, Fs:5, WS:20K # 0K, PF:28K # 0K, P:28K) [9] 0.001107 -0.000456 (3) CM -0.000336 (3) WT +J(CM:3, PgRf:23, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:26, WS:96K # 92K, PF:196K # 204K, P:196K) [10] 0.000726 -0.000486 (2) CM -0.000413 (2) WT +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:64K # 56K, P:64K) [11] 0.000016 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000084 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [13] 0.000001 +J(0) [14] 0.0 +J(0) [15] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0). 9284:20230712:142842.646 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.646 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25996 value:'svchost (12784,D,50) DS_Token_DB: The database engine attached a database (1, C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat). (Time=0 seconds) Saved Cache: 1 0 Additional Data: lgposAttach = 00000020:0009:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000004 +J(0) [2] 0.001487 -0.000359 (1) WT +J(0) +M(C:0K, Fs:17, WS:4K # 8K, PF:4K # 0K, P:4K) [3] 0.010844 -0.000465 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:11, WS:40K # 0K, PF:36K # 0K, P:36K) [4] 0.001760 +J(0) [5] - [6] - [7] - [8] 0.000484 -0.000329 (2) CM -0.000239 (2) WT +J(CM:2, PgRf:2, Rd:4/2, Dy:0/0, Lg:54/1) +M(C:8K, Fs:5, WS:20K # 0K, PF:28K # 0K, P:28K) [9] 0.001107 -0.000456 (3) CM -0.000336 (3) WT +J(CM:3, PgRf:23, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:26, WS:96K # 92K, PF:196K # 204K, P:196K) [10] 0.000726 -0.000486 (2) CM -0.000413 (2) WT +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:64K # 56K, P:64K) [11] 0.000016 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000084 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K) [13] 0.000001 +J(0) [14] 0.0 +J(0) [15] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).' 9284:20230712:142842.647 buffer: new element 18 9284:20230712:142842.647 End of process_value():SUCCEED 9284:20230712:142842.648 In zbx_parse_eventlog_message6() EventRecordID:25997 9284:20230712:142842.648 In expand_message6() 9284:20230712:142842.650 End of expand_message6():Starting session 1 - ‎2022‎-‎09‎-‎06T07:03:31.694538000Z. 9284:20230712:142842.651 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.651 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25997 value:'Starting session 1 - ‎2022‎-‎09‎-‎06T07:03:31.694538000Z.' 9284:20230712:142842.652 buffer: new element 19 9284:20230712:142842.652 End of process_value():SUCCEED 9284:20230712:142842.653 In zbx_parse_eventlog_message6() EventRecordID:25998 9284:20230712:142842.653 In expand_message6() 9284:20230712:142842.655 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-13T07:04:08Z. Reason: RulesEngine. 9284:20230712:142842.655 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.656 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25998 value:'Successfully scheduled Software Protection service for re-start at 2122-08-13T07:04:08Z. Reason: RulesEngine.' 9284:20230712:142842.656 buffer: new element 20 9284:20230712:142842.657 End of process_value():SUCCEED 9284:20230712:142842.657 In zbx_parse_eventlog_message6() EventRecordID:25999 9284:20230712:142842.658 In expand_message6() 9284:20230712:142842.660 End of expand_message6():Ending session 1 started ‎2022‎-‎09‎-‎06T07:03:31.694538000Z. 9284:20230712:142842.660 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.661 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:25999 value:'Ending session 1 started ‎2022‎-‎09‎-‎06T07:03:31.694538000Z.' 9284:20230712:142842.661 buffer: new element 21 9284:20230712:142842.662 End of process_value():SUCCEED 9284:20230712:142842.662 In zbx_parse_eventlog_message6() EventRecordID:26000 9284:20230712:142842.663 In expand_message6() 9284:20230712:142842.664 End of expand_message6():Service stopped. 9284:20230712:142842.665 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.665 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26000 value:'Service stopped.' 9284:20230712:142842.666 buffer: new element 22 9284:20230712:142842.666 End of process_value():SUCCEED 9284:20230712:142842.667 In zbx_parse_eventlog_message6() EventRecordID:26001 9284:20230712:142842.667 In expand_message6() 9284:20230712:142842.669 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142842.669 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.670 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26001 value:'Offline downlevel migration succeeded.' 9284:20230712:142842.670 buffer: new element 23 9284:20230712:142842.671 End of process_value():SUCCEED 9284:20230712:142842.671 In zbx_parse_eventlog_message6() EventRecordID:26002 9284:20230712:142842.672 In expand_message6() 9284:20230712:142842.674 End of expand_message6():Starting session 1 - ‎2022‎-‎09‎-‎06T07:30:50.617221100Z. 9284:20230712:142842.674 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.675 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26002 value:'Starting session 1 - ‎2022‎-‎09‎-‎06T07:30:50.617221100Z.' 9284:20230712:142842.675 buffer: new element 24 9284:20230712:142842.676 End of process_value():SUCCEED 9284:20230712:142842.676 In zbx_parse_eventlog_message6() EventRecordID:26003 9284:20230712:142842.676 In expand_message6() 9284:20230712:142842.678 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-13T07:31:08Z. Reason: RulesEngine. 9284:20230712:142842.679 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.679 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26003 value:'Successfully scheduled Software Protection service for re-start at 2122-08-13T07:31:08Z. Reason: RulesEngine.' 9284:20230712:142842.679 buffer: new element 25 9284:20230712:142842.680 End of process_value():SUCCEED 9284:20230712:142842.680 In zbx_parse_eventlog_message6() EventRecordID:26004 9284:20230712:142842.681 In expand_message6() 9284:20230712:142842.683 End of expand_message6():Ending session 1 started ‎2022‎-‎09‎-‎06T07:30:50.617221100Z. 9284:20230712:142842.683 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.684 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26004 value:'Ending session 1 started ‎2022‎-‎09‎-‎06T07:30:50.617221100Z.' 9284:20230712:142842.684 buffer: new element 26 9284:20230712:142842.685 End of process_value():SUCCEED 9284:20230712:142842.685 In zbx_parse_eventlog_message6() EventRecordID:26005 9284:20230712:142842.686 In expand_message6() 9284:20230712:142842.687 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142842.688 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.688 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26005 value:'Offline downlevel migration succeeded.' 9284:20230712:142842.689 buffer: new element 27 9284:20230712:142842.689 End of process_value():SUCCEED 9284:20230712:142842.690 In zbx_parse_eventlog_message6() EventRecordID:26006 9284:20230712:142842.690 In expand_message6() 9284:20230712:142842.692 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-13T08:14:33Z. Reason: RulesEngine. 9284:20230712:142842.692 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.693 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26006 value:'Successfully scheduled Software Protection service for re-start at 2122-08-13T08:14:33Z. Reason: RulesEngine.' 9284:20230712:142842.693 buffer: new element 28 9284:20230712:142842.694 End of process_value():SUCCEED 9284:20230712:142842.694 In zbx_parse_eventlog_message6() EventRecordID:26007 9284:20230712:142842.695 In expand_message6() 9284:20230712:142842.696 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142842.697 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.698 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26007 value:'Offline downlevel migration succeeded.' 9284:20230712:142842.698 buffer: new element 29 9284:20230712:142842.699 End of process_value():SUCCEED 9284:20230712:142842.699 In zbx_parse_eventlog_message6() EventRecordID:26008 9284:20230712:142842.700 In expand_message6() 9284:20230712:142842.701 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-13T09:19:42Z. Reason: RulesEngine. 9284:20230712:142842.702 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.702 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26008 value:'Successfully scheduled Software Protection service for re-start at 2122-08-13T09:19:42Z. Reason: RulesEngine.' 9284:20230712:142842.703 buffer: new element 30 9284:20230712:142842.703 End of process_value():SUCCEED 9284:20230712:142842.704 In zbx_parse_eventlog_message6() EventRecordID:26009 9284:20230712:142842.704 In expand_message6() 9284:20230712:142842.705 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142842.706 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.706 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26009 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142842.707 buffer: new element 31 9284:20230712:142842.707 End of process_value():SUCCEED 9284:20230712:142842.708 In zbx_parse_eventlog_message6() EventRecordID:26010 9284:20230712:142842.708 In expand_message6() 9284:20230712:142842.710 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142842.711 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.711 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26010 value:'Offline downlevel migration succeeded.' 9284:20230712:142842.712 buffer: new element 32 9284:20230712:142842.712 End of process_value():SUCCEED 9284:20230712:142842.713 In zbx_parse_eventlog_message6() EventRecordID:26011 9284:20230712:142842.713 In expand_message6() 9284:20230712:142842.715 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-13T10:27:31Z. Reason: RulesEngine. 9284:20230712:142842.715 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.716 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26011 value:'Successfully scheduled Software Protection service for re-start at 2122-08-13T10:27:31Z. Reason: RulesEngine.' 9284:20230712:142842.716 buffer: new element 33 9284:20230712:142842.717 End of process_value():SUCCEED 9284:20230712:142842.717 In zbx_parse_eventlog_message6() EventRecordID:26012 9284:20230712:142842.718 In expand_message6() 9284:20230712:142842.719 End of expand_message6():The VSS service is shutting down due to idle timeout. 9284:20230712:142842.720 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.720 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26012 value:'The VSS service is shutting down due to idle timeout. ' 9284:20230712:142842.721 buffer: new element 34 9284:20230712:142842.721 End of process_value():SUCCEED 9284:20230712:142842.722 In zbx_parse_eventlog_message6() EventRecordID:26013 9284:20230712:142842.722 In expand_message6() 9284:20230712:142842.723 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142842.723 ====== Fatal information: ====== 9284:20230712:142842.724 Program counter: 0x67e2cf19 9284:20230712:142842.724 === Registers: === 9284:20230712:142842.725 r8 = 18 = 24 = 24 9284:20230712:142842.725 r9 = 0 = 0 = 0 9284:20230712:142842.726 r10 = 0 = 0 = 0 9284:20230712:142842.726 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142842.727 r12 = 3863b30 = 59128624 = 59128624 9284:20230712:142842.727 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142842.728 r14 = 0 = 0 = 0 9284:20230712:142842.728 r15 = 0 = 0 = 0 9284:20230712:142842.729 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142842.729 rsi = 385e050 = 59105360 = 59105360 9284:20230712:142842.730 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142842.730 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142842.731 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142842.731 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142842.732 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142842.732 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142842.733 efl = 202 = 514 = 514 9284:20230712:142842.733 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142842.734 === Backtrace: === 9284:20230712:142842.895 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142842.896 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142842.896 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142842.897 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142842.897 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142842.900 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142842.900 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142842.901 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142842.902 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142842.903 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142842.903 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142842.904 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142842.905 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142842.905 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142842.907 ================================ 9284:20230712:142842.907 provider 'gupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142842.908 End of expand_message6():(null) 9284:20230712:142842.908 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.909 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26013 value:'The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142842.909 buffer: new element 35 9284:20230712:142842.910 End of process_value():SUCCEED 9284:20230712:142842.910 In zbx_parse_eventlog_message6() EventRecordID:26014 9284:20230712:142842.911 In expand_message6() 9284:20230712:142842.913 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142842.913 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.914 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26014 value:'Offline downlevel migration succeeded.' 9284:20230712:142842.914 buffer: new element 36 9284:20230712:142842.915 End of process_value():SUCCEED 9284:20230712:142842.915 In zbx_parse_eventlog_message6() EventRecordID:26015 9284:20230712:142842.916 In expand_message6() 9284:20230712:142842.917 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-13T11:20:09Z. Reason: RulesEngine. 9284:20230712:142842.918 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142842.918 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26015 value:'Successfully scheduled Software Protection service for re-start at 2122-08-13T11:20:09Z. Reason: RulesEngine.' 9284:20230712:142842.919 buffer: new element 37 9284:20230712:142842.920 End of process_value():SUCCEED 9284:20230712:142842.920 In zbx_parse_eventlog_message6() EventRecordID:26016 9284:20230712:142842.921 In expand_message6() 9284:20230712:142842.922 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142842.922 ====== Fatal information: ====== 9284:20230712:142842.923 Program counter: 0x67e2cf19 9284:20230712:142842.923 === Registers: === 9284:20230712:142842.924 r8 = 18 = 24 = 24 9284:20230712:142842.924 r9 = 0 = 0 = 0 9284:20230712:142842.925 r10 = 0 = 0 = 0 9284:20230712:142842.926 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142842.926 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142842.927 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142842.928 r14 = 0 = 0 = 0 9284:20230712:142842.928 r15 = 0 = 0 = 0 9284:20230712:142842.929 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142842.930 rsi = 385f6d0 = 59111120 = 59111120 9284:20230712:142842.930 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142842.931 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142842.932 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142842.932 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142842.933 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142842.933 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142842.934 efl = 202 = 514 = 514 9284:20230712:142842.935 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142842.935 === Backtrace: === 9284:20230712:142843.081 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142843.082 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142843.083 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142843.083 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142843.084 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142843.087 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142843.087 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142843.088 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142843.089 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142843.090 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142843.091 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142843.092 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142843.092 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142843.093 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142843.095 ================================ 9284:20230712:142843.095 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142843.096 End of expand_message6():(null) 9284:20230712:142843.096 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142843.097 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26016 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started' 9284:20230712:142843.098 buffer: new element 38 9284:20230712:142843.098 End of process_value():SUCCEED 9284:20230712:142843.099 In zbx_parse_eventlog_message6() EventRecordID:26017 9284:20230712:142843.099 In expand_message6() 9284:20230712:142843.100 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142843.101 ====== Fatal information: ====== 9284:20230712:142843.102 Program counter: 0x67e2cf19 9284:20230712:142843.102 === Registers: === 9284:20230712:142843.103 r8 = 18 = 24 = 24 9284:20230712:142843.103 r9 = 0 = 0 = 0 9284:20230712:142843.104 r10 = 0 = 0 = 0 9284:20230712:142843.105 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142843.105 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142843.106 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142843.106 r14 = 0 = 0 = 0 9284:20230712:142843.107 r15 = 0 = 0 = 0 9284:20230712:142843.108 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142843.108 rsi = 385f270 = 59110000 = 59110000 9284:20230712:142843.109 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142843.109 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142843.110 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142843.110 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142843.111 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142843.112 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142843.112 efl = 202 = 514 = 514 9284:20230712:142843.113 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142843.113 === Backtrace: === 9284:20230712:142843.260 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142843.261 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142843.262 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142843.263 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142843.264 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142843.266 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142843.267 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142843.268 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142843.269 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142843.270 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142843.271 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142843.272 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142843.272 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142843.273 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142843.275 ================================ 9284:20230712:142843.276 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142843.276 End of expand_message6():(null) 9284:20230712:142843.277 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142843.278 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26017 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142843.278 buffer: new element 39 9284:20230712:142843.279 End of process_value():SUCCEED 9284:20230712:142843.280 In zbx_parse_eventlog_message6() EventRecordID:26018 9284:20230712:142843.280 In expand_message6() 9284:20230712:142843.282 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142843.283 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142843.283 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26018 value:'Offline downlevel migration succeeded.' 9284:20230712:142843.284 buffer: new element 40 9284:20230712:142843.285 End of process_value():SUCCEED 9284:20230712:142843.285 In zbx_parse_eventlog_message6() EventRecordID:26019 9284:20230712:142843.286 In expand_message6() 9284:20230712:142843.288 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-13T12:19:44Z. Reason: RulesEngine. 9284:20230712:142843.288 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142843.289 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26019 value:'Successfully scheduled Software Protection service for re-start at 2122-08-13T12:19:44Z. Reason: RulesEngine.' 9284:20230712:142843.290 buffer: new element 41 9284:20230712:142843.290 End of process_value():SUCCEED 9284:20230712:142843.291 In zbx_parse_eventlog_message6() EventRecordID:26020 9284:20230712:142843.292 In expand_message6() 9284:20230712:142843.293 End of expand_message6():The Open procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available. 9284:20230712:142843.294 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142843.295 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26020 value:'The Open procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available.' 9284:20230712:142843.295 buffer: new element 42 9284:20230712:142843.296 End of process_value():SUCCEED 9284:20230712:142843.297 In zbx_parse_eventlog_message6() EventRecordID:26021 9284:20230712:142843.297 In expand_message6() 9284:20230712:142843.299 End of expand_message6():The Open procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available. 9284:20230712:142843.300 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142843.300 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26021 value:'The Open procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available.' 9284:20230712:142843.301 buffer: new element 43 9284:20230712:142843.302 End of process_value():SUCCEED 9284:20230712:142843.302 In zbx_parse_eventlog_message6() EventRecordID:26022 9284:20230712:142843.303 In expand_message6() 9284:20230712:142843.305 End of expand_message6():The Open procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available. 9284:20230712:142843.305 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142843.306 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26022 value:'The Open procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed with error code The parameter is incorrect.. Performance data for this service will not be available.' 9284:20230712:142843.306 buffer: new element 44 9284:20230712:142843.307 End of process_value():SUCCEED 9284:20230712:142843.308 In zbx_parse_eventlog_message6() EventRecordID:26023 9284:20230712:142843.308 In expand_message6() 9284:20230712:142843.310 End of expand_message6():The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted. 9284:20230712:142843.310 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142843.311 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26023 value:'The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.' 9284:20230712:142843.311 buffer: new element 45 9284:20230712:142843.312 End of process_value():SUCCEED 9284:20230712:142843.312 In zbx_parse_eventlog_message6() EventRecordID:26024 9284:20230712:142843.313 In expand_message6() 9284:20230712:142843.315 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142843.315 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142843.316 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26024 value:'Offline downlevel migration succeeded.' 9284:20230712:142843.316 buffer: new element 46 9284:20230712:142843.317 End of process_value():SUCCEED 9284:20230712:142843.317 In zbx_parse_eventlog_message6() EventRecordID:26025 9284:20230712:142843.318 In expand_message6() 9284:20230712:142843.319 End of expand_message6():Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. 9284:20230712:142843.320 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142843.321 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26025 value:'Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.' 9284:20230712:142843.321 buffer: new element 47 9284:20230712:142843.322 End of process_value():SUCCEED 9284:20230712:142843.322 In zbx_parse_eventlog_message6() EventRecordID:26026 9284:20230712:142843.323 In expand_message6() 9284:20230712:142843.324 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-13T12:20:56Z. Reason: RulesEngine. 9284:20230712:142843.325 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142843.325 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26026 value:'Successfully scheduled Software Protection service for re-start at 2122-08-13T12:20:56Z. Reason: RulesEngine.' 9284:20230712:142843.326 buffer: new element 48 9284:20230712:142843.326 End of process_value():SUCCEED 9284:20230712:142843.327 In zbx_parse_eventlog_message6() EventRecordID:26027 9284:20230712:142843.328 In expand_message6() 9284:20230712:142843.329 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142843.330 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142843.330 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26027 value:'Offline downlevel migration succeeded.' 9284:20230712:142843.331 buffer: new element 49 9284:20230712:142843.331 In send_buffer() host:'192.168.56.201' port:10051 entries:50/100 9284:20230712:142843.332 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:60, connection timeout:3] 9284:20230712:142843.333 JSON before sending [{"request":"agent data","session":"4027be861358abcc6136983f1f36335c","data":[{"host":"Windows host","key":"eventlog[Application]","value":"Ending session 0 started ‎2022‎-‎09‎-‎06T06:16:24.414107600Z.","lastlogsize":25978,"timestamp":1662445017,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10001,"id":1001,"clock":1689161322,"ns":541674800},{"host":"Windows host","key":"eventlog[Application]","value":"Product: Oracle VM VirtualBox 6.1.38 -- Installation completed successfully.","lastlogsize":25979,"timestamp":1662445086,"source":"MsiInstaller","severity":1,"eventid":11707,"id":1002,"clock":1689161322,"ns":547271700},{"host":"Windows host","key":"eventlog[Application]","value":"Windows Installer installed the product. Product Name: Oracle VM VirtualBox 6.1.38. Product Version: 6.1.38. Product Language: 1033. Manufacturer: Oracle Corporation. Installation success or error status: 0.","lastlogsize":25980,"timestamp":1662445086,"source":"MsiInstaller","severity":1,"eventid":1033,"id":1003,"clock":1689161322,"ns":552807300},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25981,"timestamp":1662445149,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":1004,"clock":1689161322,"ns":558401800},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25982,"timestamp":1662445152,"source":"SecurityCenter","severity":1,"eventid":15,"id":1005,"clock":1689161322,"ns":563931200},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25983,"timestamp":1662445166,"source":"SecurityCenter","severity":1,"eventid":15,"id":1006,"clock":1689161322,"ns":569425300},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25984,"timestamp":1662445170,"source":"SecurityCenter","severity":1,"eventid":15,"id":1007,"clock":1689161322,"ns":574909300},{"host":"Windows host","key":"eventlog[Application]","value":"The VSS service is shutting down due to idle timeout. ","lastlogsize":25985,"timestamp":1662445170,"source":"VSS","severity":1,"eventid":8224,"id":1008,"clock":1689161322,"ns":580988500},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":25986,"timestamp":1662445172,"source":"SecurityCenter","severity":1,"eventid":15,"id":1009,"clock":1689161322,"ns":587201800},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-13T06:19:46Z. Reason: RulesEngine.","lastlogsize":25987,"timestamp":1662445186,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":1010,"clock":1689161322,"ns":594415000},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25988,"timestamp":1662445443,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":1011,"clock":1689161322,"ns":601280700},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-13T06:25:31Z. Reason: RulesEngine.","lastlogsize":25989,"timestamp":1662445531,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":1012,"clock":1689161322,"ns":607729400},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":25990,"timestamp":1662447794,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":1013,"clock":1689161322,"ns":614327800},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (12784,P,98) DS_Token_DB: The database engine (10.00.19044.0000) is starting a new instance (0).","lastlogsize":25991,"timestamp":1662447795,"source":"ESENT","severity":1,"eventid":102,"id":1014,"clock":1689161322,"ns":620192100},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (12784,R,98) DS_Token_DB: The database engine is initiating recovery steps.","lastlogsize":25992,"timestamp":1662447795,"source":"ESENT","severity":1,"eventid":300,"id":1015,"clock":1689161322,"ns":626112600},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (12784,R,98) DS_Token_DB: The database engine has finished replaying logfile C:\\WINDOWS\\system32\\config\\systemprofile\\AppData\\Local\\DataSharing\\Storage\\DSS.log. \r\n \r\nProcessing Stats: \n[1] 0.018239 -0.002705 (8) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:24336/17) +M(C:0K, Fs:99, WS:248K # 252K, PF:160K # 164K, P:160K). \r\nLog record of type 'AttachDB ' was seen most frequently (2 times)","lastlogsize":25993,"timestamp":1662447795,"source":"ESENT","severity":1,"eventid":301,"id":1016,"clock":1689161322,"ns":632335700},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (12784,U,98) DS_Token_DB: The database engine has successfully completed recovery steps.","lastlogsize":25994,"timestamp":1662447795,"source":"ESENT","severity":1,"eventid":302,"id":1017,"clock":1689161322,"ns":637295700},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (12784,D,0) DS_Token_DB: The database engine started a new instance (0). (Time=0 seconds) \r\n \r\nAdditional Data:\r\n lgposV2[] = 00000020:0001:0000 - 00000020:0006:0039 - 00000020:0007:0000 - 00000020:0007:0000 (00000000:0000:0000)\ncReInits = 2\n \r\n \r\nInternal Timing Sequence: \n[1] 0.000932 +J(0) +M(C:0K, Fs:148, WS:572K # 572K, PF:2768K # 2768K, P:2768K)\n[2] 0.000373 +J(0) +M(C:8K, Fs:174, WS:688K # 688K, PF:1208K # 1208K, P:1208K)\n[3] 0.000020 +J(0) +M(C:0K, Fs:10, WS:36K # 36K, PF:68K # 68K, P:68K)\n[4] 0.000134 +J(0) +M(C:0K, Fs:83, WS:332K # 332K, PF:164K # 164K, P:164K)\n[5] 0.002325 +J(0) +M(C:0K, Fs:19, WS:76K # 76K, PF:16K # 16K, P:16K)\n[6] 0.007340 +J(0) +M(C:0K, Fs:28, WS:112K # 112K, PF:20K # 20K, P:20K)\n[7] 0.004168 -0.000403 (2) WT +J(0) +M(C:0K, Fs:29, WS:116K # 116K, PF:64K # 64K, P:64K)\n[8] 0.031405 -0.003217 (11) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:24336/17) +M(C:0K, Fs:133, WS:376K # 380K, PF:252K # 256K, P:252K)\n[9] 0.001263 +J(0) +M(C:0K, Fs:7, WS:28K # 24K, PF:0K # 0K, P:0K)\n[10] 0.001926 -0.000780 (1) WT +J(0) +M(C:0K, Fs:13, WS:-8K # 52K, PF:4K # 60K, P:4K)\n[11] 0.000023 +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:49/1) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[12] 0.004664 -0.002102 (1) WT +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[13] 0.037391 -0.000339 (2) CM -0.004466 (23) WT +J(CM:2, PgRf:2, Rd:0/2, Dy:0/0, Lg:8759/5) +M(C:0K, Fs:52, WS:88K # 100K, PF:160K # 168K, P:160K)\n[14] 0.000022 +J(0)\n[15] 0.000012 +J(0)\n[16] 0.001104 -0.000064 (1) WT +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).","lastlogsize":25995,"timestamp":1662447795,"source":"ESENT","severity":1,"eventid":105,"id":1018,"clock":1689161322,"ns":642212300},{"host":"Windows host","key":"eventlog[Application]","value":"svchost (12784,D,50) DS_Token_DB: The database engine attached a database (1, C:\\WINDOWS\\system32\\config\\systemprofile\\AppData\\Local\\DataSharing\\Storage\\DSTokenDB2.dat). (Time=0 seconds) \r\n \r\nSaved Cache: 1 0 \r\nAdditional Data: lgposAttach = 00000020:0009:0268,\ndbv = 1568.110.240 \r\n \r\nInternal Timing Sequence: \n[1] 0.000004 +J(0)\n[2] 0.001487 -0.000359 (1) WT +J(0) +M(C:0K, Fs:17, WS:4K # 8K, PF:4K # 0K, P:4K)\n[3] 0.010844 -0.000465 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:11, WS:40K # 0K, PF:36K # 0K, P:36K)\n[4] 0.001760 +J(0)\n[5] -\n[6] -\n[7] -\n[8] 0.000484 -0.000329 (2) CM -0.000239 (2) WT +J(CM:2, PgRf:2, Rd:4/2, Dy:0/0, Lg:54/1) +M(C:8K, Fs:5, WS:20K # 0K, PF:28K # 0K, P:28K)\n[9] 0.001107 -0.000456 (3) CM -0.000336 (3) WT +J(CM:3, PgRf:23, Rd:0/3, Dy:0/0, Lg:0/0) +M(C:0K, Fs:26, WS:96K # 92K, PF:196K # 204K, P:196K)\n[10] 0.000726 -0.000486 (2) CM -0.000413 (2) WT +J(CM:2, PgRf:40, Rd:0/2, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:64K # 56K, P:64K)\n[11] 0.000016 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K)\n[12] 0.000084 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:6, WS:24K # 24K, PF:0K # 0K, P:0K)\n[13] 0.000001 +J(0)\n[14] 0.0 +J(0)\n[15] 0.000014 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).","lastlogsize":25996,"timestamp":1662447795,"source":"ESENT","severity":1,"eventid":326,"id":1019,"clock":1689161322,"ns":647199300},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 1 - ‎2022‎-‎09‎-‎06T07:03:31.694538000Z.","lastlogsize":25997,"timestamp":1662447811,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":1020,"clock":1689161322,"ns":652388000},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-13T07:04:08Z. Reason: RulesEngine.","lastlogsize":25998,"timestamp":1662447848,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":1021,"clock":1689161322,"ns":657033700},{"host":"Windows host","key":"eventlog[Application]","value":"Ending session 1 started ‎2022‎-‎09‎-‎06T07:03:31.694538000Z.","lastlogsize":25999,"timestamp":1662447935,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10001,"id":1022,"clock":1689161322,"ns":662002100},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped.","lastlogsize":26000,"timestamp":1662448051,"source":"edgeupdate","severity":1,"id":1023,"clock":1689161322,"ns":666367900},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":26001,"timestamp":1662449438,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":1024,"clock":1689161322,"ns":670866400},{"host":"Windows host","key":"eventlog[Application]","value":"Starting session 1 - ‎2022‎-‎09‎-‎06T07:30:50.617221100Z.","lastlogsize":26002,"timestamp":1662449450,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10000,"id":1025,"clock":1689161322,"ns":675606600},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-13T07:31:08Z. Reason: RulesEngine.","lastlogsize":26003,"timestamp":1662449468,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":1026,"clock":1689161322,"ns":680070200},{"host":"Windows host","key":"eventlog[Application]","value":"Ending session 1 started ‎2022‎-‎09‎-‎06T07:30:50.617221100Z.","lastlogsize":26004,"timestamp":1662449575,"source":"Microsoft-Windows-RestartManager","severity":1,"eventid":10001,"id":1027,"clock":1689161322,"ns":684846000},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":26005,"timestamp":1662452043,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":1028,"clock":1689161322,"ns":689375100},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-13T08:14:33Z. Reason: RulesEngine.","lastlogsize":26006,"timestamp":1662452073,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":1029,"clock":1689161322,"ns":693912800},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":26007,"timestamp":1662455948,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":1030,"clock":1689161322,"ns":698675200},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-13T09:19:42Z. Reason: RulesEngine.","lastlogsize":26008,"timestamp":1662455982,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":1031,"clock":1689161322,"ns":703289200},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":26009,"timestamp":1662458995,"source":"Outlook","severity":1,"eventid":63,"id":1032,"clock":1689161322,"ns":707557300},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":26010,"timestamp":1662460005,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":1033,"clock":1689161322,"ns":712133100},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-13T10:27:31Z. Reason: RulesEngine.","lastlogsize":26011,"timestamp":1662460051,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":1034,"clock":1689161322,"ns":716697200},{"host":"Windows host","key":"eventlog[Application]","value":"The VSS service is shutting down due to idle timeout. ","lastlogsize":26012,"timestamp":1662462091,"source":"VSS","severity":1,"eventid":8224,"id":1035,"clock":1689161322,"ns":721302900},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":26013,"timestamp":1662462686,"source":"gupdate","severity":1,"id":1036,"clock":1689161322,"ns":909981500},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":26014,"timestamp":1662463178,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":1037,"clock":1689161322,"ns":914663000},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-13T11:20:09Z. Reason: RulesEngine.","lastlogsize":26015,"timestamp":1662463209,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":1038,"clock":1689161322,"ns":919646700},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started","lastlogsize":26016,"timestamp":1662463383,"source":"dbupdate","severity":1,"id":1039,"clock":1689161323,"ns":98339000},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":26017,"timestamp":1662463383,"source":"dbupdate","severity":1,"id":1040,"clock":1689161323,"ns":279037800},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":26018,"timestamp":1662466748,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":1041,"clock":1689161323,"ns":284730400},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-13T12:19:44Z. Reason: RulesEngine.","lastlogsize":26019,"timestamp":1662466784,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":1042,"clock":1689161323,"ns":290374600},{"host":"Windows host","key":"eventlog[Application]","value":"The Open procedure for service \"ASP.NET\" in DLL \"C:\\Windows\\System32\\aspnet_counters.dll\" failed with error code The parameter is incorrect.. Performance data for this service will not be available.","lastlogsize":26020,"timestamp":1662466788,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":1008,"id":1043,"clock":1689161323,"ns":295983700},{"host":"Windows host","key":"eventlog[Application]","value":"The Open procedure for service \"ASP.NET_4.0.30319\" in DLL \"C:\\Windows\\System32\\aspnet_counters.dll\" failed with error code The parameter is incorrect.. Performance data for this service will not be available.","lastlogsize":26021,"timestamp":1662466788,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":1008,"id":1044,"clock":1689161323,"ns":301577100},{"host":"Windows host","key":"eventlog[Application]","value":"The Open procedure for service \"aspnet_state\" in DLL \"C:\\Windows\\System32\\aspnet_counters.dll\" failed with error code The parameter is incorrect.. Performance data for this service will not be available.","lastlogsize":26022,"timestamp":1662466788,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":1008,"id":1045,"clock":1689161323,"ns":307024800},{"host":"Windows host","key":"eventlog[Application]","value":"The configuration information of the performance library \"C:\\Windows\\System32\\perfts.dll\" for the \"TermService\" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.","lastlogsize":26023,"timestamp":1662466792,"source":"Microsoft-Windows-Perflib","severity":2,"eventid":2003,"id":1046,"clock":1689161323,"ns":311925100},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":26024,"timestamp":1662466826,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":1047,"clock":1689161323,"ns":316768800},{"host":"Windows host","key":"eventlog[Application]","value":"Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.","lastlogsize":26025,"timestamp":1662466836,"source":"SecurityCenter","severity":1,"eventid":15,"id":1048,"clock":1689161323,"ns":321614400},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-13T12:20:56Z. Reason: RulesEngine.","lastlogsize":26026,"timestamp":1662466856,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":1049,"clock":1689161323,"ns":326508000},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":26027,"timestamp":1662467125,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":1050,"clock":1689161323,"ns":331480100}],"clock":1689161323,"ns":333253300}] 9284:20230712:142843.337 JSON back [{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.001757"}] 9284:20230712:142843.338 In check_response() response:'{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.001757"}' 9284:20230712:142843.338 info from server: 'processed: 50; failed: 0; total: 50; seconds spent: 0.001757' 9284:20230712:142843.339 End of check_response():SUCCEED 9284:20230712:142843.340 OK 9284:20230712:142843.341 End of send_buffer():SUCCEED 9284:20230712:142843.341 End of process_value():SUCCEED 9284:20230712:142843.342 In zbx_parse_eventlog_message6() EventRecordID:26028 9284:20230712:142843.343 In expand_message6() 9284:20230712:142843.344 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-13T12:25:56Z. Reason: RulesEngine. 9284:20230712:142843.345 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142843.346 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26028 value:'Successfully scheduled Software Protection service for re-start at 2122-08-13T12:25:56Z. Reason: RulesEngine.' 9284:20230712:142843.346 buffer: new element 0 9284:20230712:142843.347 End of process_value():SUCCEED 9284:20230712:142843.347 In zbx_parse_eventlog_message6() EventRecordID:26029 9284:20230712:142843.348 In expand_message6() 9284:20230712:142843.350 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142843.350 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142843.351 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26029 value:'Offline downlevel migration succeeded.' 9284:20230712:142843.351 buffer: new element 1 9284:20230712:142843.352 End of process_value():SUCCEED 9284:20230712:142843.352 In zbx_parse_eventlog_message6() EventRecordID:26030 9284:20230712:142843.353 In expand_message6() 9284:20230712:142843.355 End of expand_message6():Successfully scheduled Software Protection service for re-start at 2122-08-13T13:15:03Z. Reason: RulesEngine. 9284:20230712:142843.355 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142843.356 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26030 value:'Successfully scheduled Software Protection service for re-start at 2122-08-13T13:15:03Z. Reason: RulesEngine.' 9284:20230712:142843.356 buffer: new element 2 9284:20230712:142843.357 End of process_value():SUCCEED 9284:20230712:142843.357 In zbx_parse_eventlog_message6() EventRecordID:26031 9284:20230712:142843.358 In expand_message6() 9284:20230712:142843.359 End of expand_message6():The Exchange web service request GetAppManifests succeeded. 9284:20230712:142843.360 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142843.360 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26031 value:'The Exchange web service request GetAppManifests succeeded. ' 9284:20230712:142843.361 buffer: new element 3 9284:20230712:142843.362 End of process_value():SUCCEED 9284:20230712:142843.362 In zbx_parse_eventlog_message6() EventRecordID:26032 9284:20230712:142843.363 In expand_message6() 9284:20230712:142843.364 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142843.364 ====== Fatal information: ====== 9284:20230712:142843.365 Program counter: 0x67e2cf19 9284:20230712:142843.365 === Registers: === 9284:20230712:142843.366 r8 = 18 = 24 = 24 9284:20230712:142843.367 r9 = 0 = 0 = 0 9284:20230712:142843.368 r10 = 0 = 0 = 0 9284:20230712:142843.368 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142843.369 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142843.369 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142843.370 r14 = 0 = 0 = 0 9284:20230712:142843.371 r15 = 0 = 0 = 0 9284:20230712:142843.371 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142843.372 rsi = 385e730 = 59107120 = 59107120 9284:20230712:142843.372 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142843.373 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142843.374 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142843.374 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142843.375 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142843.376 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142843.376 efl = 202 = 514 = 514 9284:20230712:142843.377 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142843.378 === Backtrace: === 9284:20230712:142843.523 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142843.523 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142843.524 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142843.525 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142843.525 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142843.528 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142843.528 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142843.529 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142843.530 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142843.531 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142843.532 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142843.533 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142843.534 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142843.534 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142843.536 ================================ 9284:20230712:142843.536 provider 'gupdatem' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142843.537 End of expand_message6():(null) 9284:20230712:142843.538 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142843.538 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26032 value:'The description for Event ID:0 in Source:'gupdatem' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142843.539 buffer: new element 4 9284:20230712:142843.539 End of process_value():SUCCEED 9284:20230712:142843.540 In zbx_parse_eventlog_message6() EventRecordID:26033 9284:20230712:142843.541 In expand_message6() 9284:20230712:142843.541 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142843.542 ====== Fatal information: ====== 9284:20230712:142843.543 Program counter: 0x67e2cf19 9284:20230712:142843.543 === Registers: === 9284:20230712:142843.544 r8 = 18 = 24 = 24 9284:20230712:142843.545 r9 = 0 = 0 = 0 9284:20230712:142843.545 r10 = 0 = 0 = 0 9284:20230712:142843.546 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142843.546 r12 = 384f910 = 59046160 = 59046160 9284:20230712:142843.547 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142843.548 r14 = 0 = 0 = 0 9284:20230712:142843.548 r15 = 0 = 0 = 0 9284:20230712:142843.549 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142843.549 rsi = 385f130 = 59109680 = 59109680 9284:20230712:142843.550 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142843.551 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142843.551 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142843.552 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142843.552 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142843.553 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142843.554 efl = 202 = 514 = 514 9284:20230712:142843.554 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142843.555 === Backtrace: === 2184:20230712:142843.629 In collect_perfstat() 2184:20230712:142843.632 End of collect_perfstat() 9284:20230712:142843.698 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142843.699 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142843.700 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142843.700 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142843.701 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142843.703 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142843.704 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142843.705 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142843.705 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142843.706 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142843.707 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142843.708 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142843.709 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142843.709 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142843.711 ================================ 9284:20230712:142843.711 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142843.712 End of expand_message6():(null) 9284:20230712:142843.713 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142843.713 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26033 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test ' 9284:20230712:142843.714 buffer: new element 5 9284:20230712:142843.714 End of process_value():SUCCEED 9284:20230712:142843.715 In zbx_parse_eventlog_message6() EventRecordID:26034 9284:20230712:142843.716 In expand_message6() 9284:20230712:142843.716 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142843.717 ====== Fatal information: ====== 9284:20230712:142843.718 Program counter: 0x67e2cf19 9284:20230712:142843.718 === Registers: === 9284:20230712:142843.719 r8 = 18 = 24 = 24 9284:20230712:142843.719 r9 = 0 = 0 = 0 9284:20230712:142843.720 r10 = 0 = 0 = 0 9284:20230712:142843.720 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142843.721 r12 = 384f590 = 59045264 = 59045264 9284:20230712:142843.722 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142843.722 r14 = 0 = 0 = 0 9284:20230712:142843.723 r15 = 0 = 0 = 0 9284:20230712:142843.723 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142843.724 rsi = 385ed70 = 59108720 = 59108720 9284:20230712:142843.725 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142843.725 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142843.726 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142843.726 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142843.727 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142843.727 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142843.728 efl = 202 = 514 = 514 9284:20230712:142843.729 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142843.729 === Backtrace: === 9284:20230712:142843.871 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142843.872 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142843.873 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142843.874 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142843.874 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142843.877 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142843.877 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142843.878 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142843.879 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142843.880 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142843.881 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142843.882 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142843.882 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142843.883 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142843.884 ================================ 9284:20230712:142843.885 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142843.885 End of expand_message6():(null) 9284:20230712:142843.886 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142843.886 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26034 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1 ' 9284:20230712:142843.887 buffer: new element 6 9284:20230712:142843.887 End of process_value():SUCCEED 9284:20230712:142843.888 In zbx_parse_eventlog_message6() EventRecordID:26035 9284:20230712:142843.888 In expand_message6() 9284:20230712:142843.890 End of expand_message6():The winlogon notification subscriber was unavailable to handle a notification event. 9284:20230712:142843.891 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142843.891 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26035 value:'The winlogon notification subscriber was unavailable to handle a notification event.' 9284:20230712:142843.892 buffer: new element 7 9284:20230712:142843.892 End of process_value():SUCCEED 9284:20230712:142843.893 In zbx_parse_eventlog_message6() EventRecordID:26036 9284:20230712:142843.893 In expand_message6() 9284:20230712:142843.895 End of expand_message6():The winlogon notification subscriber was unavailable to handle a notification event. 9284:20230712:142843.896 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142843.896 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26036 value:'The winlogon notification subscriber was unavailable to handle a notification event.' 9284:20230712:142843.897 buffer: new element 8 9284:20230712:142843.897 End of process_value():SUCCEED 9284:20230712:142843.898 In zbx_parse_eventlog_message6() EventRecordID:26037 9284:20230712:142843.898 In expand_message6() 9284:20230712:142843.899 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142843.899 ====== Fatal information: ====== 9284:20230712:142843.900 Program counter: 0x67e2cf19 9284:20230712:142843.900 === Registers: === 9284:20230712:142843.901 r8 = 18 = 24 = 24 9284:20230712:142843.901 r9 = 0 = 0 = 0 9284:20230712:142843.902 r10 = 0 = 0 = 0 9284:20230712:142843.902 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142843.902 r12 = 384e870 = 59041904 = 59041904 9284:20230712:142843.903 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142843.903 r14 = 0 = 0 = 0 9284:20230712:142843.904 r15 = 0 = 0 = 0 9284:20230712:142843.904 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142843.905 rsi = 385ed70 = 59108720 = 59108720 9284:20230712:142843.905 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142843.906 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142843.906 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142843.907 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142843.907 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142843.908 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142843.908 efl = 202 = 514 = 514 9284:20230712:142843.909 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142843.909 === Backtrace: === 9284:20230712:142844.051 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142844.052 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142844.052 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142844.053 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142844.054 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142844.056 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142844.057 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142844.058 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142844.059 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142844.059 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142844.060 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142844.061 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142844.062 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142844.063 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142844.064 ================================ 9284:20230712:142844.065 provider 'BrService_4_3_4_610' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142844.066 End of expand_message6():(null) 9284:20230712:142844.066 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.067 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26037 value:'The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped' 9284:20230712:142844.067 buffer: new element 9 9284:20230712:142844.068 End of process_value():SUCCEED 9284:20230712:142844.069 In zbx_parse_eventlog_message6() EventRecordID:26038 9284:20230712:142844.069 In expand_message6() 9284:20230712:142844.071 End of expand_message6():Service has been successfully shut down. 9284:20230712:142844.071 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.072 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26038 value:'Service has been successfully shut down.' 9284:20230712:142844.072 buffer: new element 10 9284:20230712:142844.073 End of process_value():SUCCEED 9284:20230712:142844.073 In zbx_parse_eventlog_message6() EventRecordID:26039 9284:20230712:142844.074 In expand_message6() 9284:20230712:142844.075 End of expand_message6():Service stopped (0) 9284:20230712:142844.076 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.077 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26039 value:'Service stopped (0) ' 9284:20230712:142844.077 buffer: new element 11 9284:20230712:142844.078 End of process_value():SUCCEED 9284:20230712:142844.078 In zbx_parse_eventlog_message6() EventRecordID:26040 9284:20230712:142844.079 In expand_message6() 9284:20230712:142844.080 End of expand_message6():Service has been successfully shut down. 9284:20230712:142844.081 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.082 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26040 value:'Service has been successfully shut down.' 9284:20230712:142844.082 buffer: new element 12 9284:20230712:142844.083 End of process_value():SUCCEED 9284:20230712:142844.083 In zbx_parse_eventlog_message6() EventRecordID:26041 9284:20230712:142844.084 In expand_message6() 9284:20230712:142844.085 End of expand_message6():Service has been successfully shut down. 9284:20230712:142844.086 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.087 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26041 value:'Service has been successfully shut down.' 9284:20230712:142844.088 buffer: new element 13 9284:20230712:142844.088 End of process_value():SUCCEED 9284:20230712:142844.089 In zbx_parse_eventlog_message6() EventRecordID:26042 9284:20230712:142844.090 In expand_message6() 9284:20230712:142844.091 End of expand_message6():The Windows Security Center Service has stopped. 9284:20230712:142844.092 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.093 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26042 value:'The Windows Security Center Service has stopped.' 9284:20230712:142844.094 buffer: new element 14 9284:20230712:142844.094 End of process_value():SUCCEED 9284:20230712:142844.095 In zbx_parse_eventlog_message6() EventRecordID:26043 9284:20230712:142844.096 In expand_message6() 9284:20230712:142844.097 End of expand_message6():The User Profile Service has stopped. 9284:20230712:142844.098 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.099 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26043 value:'The User Profile Service has stopped. ' 9284:20230712:142844.099 buffer: new element 15 9284:20230712:142844.100 End of process_value():SUCCEED 9284:20230712:142844.101 In zbx_parse_eventlog_message6() EventRecordID:26044 9284:20230712:142844.101 In expand_message6() 9284:20230712:142844.102 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142844.103 ====== Fatal information: ====== 9284:20230712:142844.103 Program counter: 0x67e2cf19 9284:20230712:142844.104 === Registers: === 9284:20230712:142844.105 r8 = 18 = 24 = 24 9284:20230712:142844.105 r9 = 0 = 0 = 0 9284:20230712:142844.106 r10 = 0 = 0 = 0 9284:20230712:142844.107 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142844.107 r12 = 33f39f0 = 54475248 = 54475248 9284:20230712:142844.108 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142844.108 r14 = 0 = 0 = 0 9284:20230712:142844.109 r15 = 0 = 0 = 0 9284:20230712:142844.110 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142844.110 rsi = 385fd10 = 59112720 = 59112720 9284:20230712:142844.111 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142844.111 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142844.112 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142844.113 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142844.114 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142844.114 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142844.115 efl = 202 = 514 = 514 9284:20230712:142844.116 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142844.116 === Backtrace: === 9284:20230712:142844.259 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142844.260 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142844.260 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142844.261 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142844.262 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142844.264 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142844.265 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142844.266 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142844.267 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142844.267 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142844.268 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142844.269 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142844.270 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142844.271 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142844.272 ================================ 9284:20230712:142844.273 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142844.273 End of expand_message6():(null) 9284:20230712:142844.274 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.274 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26044 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed' 9284:20230712:142844.275 buffer: new element 16 9284:20230712:142844.275 End of process_value():SUCCEED 9284:20230712:142844.276 In zbx_parse_eventlog_message6() EventRecordID:26045 9284:20230712:142844.276 In expand_message6() 9284:20230712:142844.278 End of expand_message6():The User Profile Service has started successfully. 9284:20230712:142844.278 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.279 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26045 value:'The User Profile Service has started successfully. ' 9284:20230712:142844.279 buffer: new element 17 9284:20230712:142844.280 End of process_value():SUCCEED 9284:20230712:142844.280 In zbx_parse_eventlog_message6() EventRecordID:26046 9284:20230712:142844.281 In expand_message6() 9284:20230712:142844.282 End of expand_message6():Intel(R) Dynamic Application Loader Host Interface Service started. 9284:20230712:142844.282 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.283 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26046 value:'Intel(R) Dynamic Application Loader Host Interface Service started.' 9284:20230712:142844.283 buffer: new element 18 9284:20230712:142844.284 End of process_value():SUCCEED 9284:20230712:142844.284 In zbx_parse_eventlog_message6() EventRecordID:26047 9284:20230712:142844.285 In expand_message6() 9284:20230712:142844.286 End of expand_message6():Windows Management Instrumentation Service started sucessfully 9284:20230712:142844.287 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.287 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26047 value:'Windows Management Instrumentation Service started sucessfully' 9284:20230712:142844.288 buffer: new element 19 9284:20230712:142844.288 End of process_value():SUCCEED 9284:20230712:142844.289 In zbx_parse_eventlog_message6() EventRecordID:26048 9284:20230712:142844.289 In expand_message6() 9284:20230712:142844.290 End of expand_message6():Local Management Service started. 9284:20230712:142844.291 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.291 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26048 value:'Local Management Service started.' 9284:20230712:142844.292 buffer: new element 20 9284:20230712:142844.292 End of process_value():SUCCEED 9284:20230712:142844.293 In zbx_parse_eventlog_message6() EventRecordID:26049 9284:20230712:142844.293 In expand_message6() 9284:20230712:142844.294 End of expand_message6():Service started/resumed 9284:20230712:142844.295 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.295 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26049 value:'Service started/resumed' 9284:20230712:142844.295 buffer: new element 21 9284:20230712:142844.296 End of process_value():SUCCEED 9284:20230712:142844.296 In zbx_parse_eventlog_message6() EventRecordID:26050 9284:20230712:142844.297 In expand_message6() 9284:20230712:142844.298 End of expand_message6():Windows Management Instrumentation Service subsystems initialized successfully 9284:20230712:142844.299 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.300 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26050 value:'Windows Management Instrumentation Service subsystems initialized successfully' 9284:20230712:142844.300 buffer: new element 22 9284:20230712:142844.301 End of process_value():SUCCEED 9284:20230712:142844.301 In zbx_parse_eventlog_message6() EventRecordID:26051 9284:20230712:142844.302 In expand_message6() 9284:20230712:142844.303 End of expand_message6():Service started successfully. 9284:20230712:142844.303 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.304 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26051 value:'Service started successfully.' 9284:20230712:142844.304 buffer: new element 23 9284:20230712:142844.305 End of process_value():SUCCEED 9284:20230712:142844.305 In zbx_parse_eventlog_message6() EventRecordID:26052 9284:20230712:142844.306 In expand_message6() 9284:20230712:142844.307 End of expand_message6():The Software Protection service is starting. Parameters:TriggerStarted:6 9284:20230712:142844.308 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.308 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26052 value:'The Software Protection service is starting. Parameters:TriggerStarted:6' 9284:20230712:142844.309 buffer: new element 24 9284:20230712:142844.309 End of process_value():SUCCEED 9284:20230712:142844.310 In zbx_parse_eventlog_message6() EventRecordID:26053 9284:20230712:142844.310 In expand_message6() 9284:20230712:142844.312 End of expand_message6():Offline downlevel migration succeeded. 9284:20230712:142844.312 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.313 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26053 value:'Offline downlevel migration succeeded.' 9284:20230712:142844.313 buffer: new element 25 9284:20230712:142844.314 End of process_value():SUCCEED 9284:20230712:142844.314 In zbx_parse_eventlog_message6() EventRecordID:26054 9284:20230712:142844.315 In expand_message6() 9284:20230712:142844.317 End of expand_message6():Initialization status for service objects. C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 9284:20230712:142844.317 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.318 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26054 value:'Initialization status for service objects. C:\WINDOWS\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000 C:\WINDOWS\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000 ' 9284:20230712:142844.318 buffer: new element 26 9284:20230712:142844.319 End of process_value():SUCCEED 9284:20230712:142844.319 In zbx_parse_eventlog_message6() EventRecordID:26055 9284:20230712:142844.320 In expand_message6() 9284:20230712:142844.321 End of expand_message6():The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9284:20230712:142844.322 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.322 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26055 value:'The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )] 38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] ' 9284:20230712:142844.323 buffer: new element 27 9284:20230712:142844.324 End of process_value():SUCCEED 9284:20230712:142844.324 In zbx_parse_eventlog_message6() EventRecordID:26056 9284:20230712:142844.325 In expand_message6() 9284:20230712:142844.326 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip. 9284:20230712:142844.327 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.327 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26056 value:'Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.' 9284:20230712:142844.328 buffer: new element 28 9284:20230712:142844.328 End of process_value():SUCCEED 9284:20230712:142844.329 In zbx_parse_eventlog_message6() EventRecordID:26057 9284:20230712:142844.329 In expand_message6() 9284:20230712:142844.331 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip. 9284:20230712:142844.331 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.332 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26057 value:'Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.' 9284:20230712:142844.332 buffer: new element 29 9284:20230712:142844.333 End of process_value():SUCCEED 9284:20230712:142844.333 In zbx_parse_eventlog_message6() EventRecordID:26058 9284:20230712:142844.333 In expand_message6() 9284:20230712:142844.335 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip. 9284:20230712:142844.336 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.336 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26058 value:'Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.' 9284:20230712:142844.337 buffer: new element 30 9284:20230712:142844.337 End of process_value():SUCCEED 9284:20230712:142844.338 In zbx_parse_eventlog_message6() EventRecordID:26059 9284:20230712:142844.338 In expand_message6() 9284:20230712:142844.340 End of expand_message6():Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip. 9284:20230712:142844.341 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.341 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26059 value:'Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.' 9284:20230712:142844.342 buffer: new element 31 9284:20230712:142844.342 End of process_value():SUCCEED 9284:20230712:142844.343 In zbx_parse_eventlog_message6() EventRecordID:26060 9284:20230712:142844.343 In expand_message6() 9284:20230712:142844.345 End of expand_message6():Updated policy Kernel-RegisteredProcessors with value of 2 from Clip. 9284:20230712:142844.345 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.346 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26060 value:'Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.' 9284:20230712:142844.347 buffer: new element 32 9284:20230712:142844.347 End of process_value():SUCCEED 9284:20230712:142844.348 In zbx_parse_eventlog_message6() EventRecordID:26061 9284:20230712:142844.348 In expand_message6() 9284:20230712:142844.350 End of expand_message6():The Software Protection service has started. 10.0.19041.1889 9284:20230712:142844.350 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.351 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26061 value:'The Software Protection service has started. 10.0.19041.1889' 9284:20230712:142844.351 buffer: new element 33 9284:20230712:142844.352 End of process_value():SUCCEED 9284:20230712:142844.352 In zbx_parse_eventlog_message6() EventRecordID:26062 9284:20230712:142844.353 In expand_message6() 9284:20230712:142844.354 End of expand_message6():Service initializing 9284:20230712:142844.355 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.355 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26062 value:'Service initializing' 9284:20230712:142844.356 buffer: new element 34 9284:20230712:142844.356 End of process_value():SUCCEED 9284:20230712:142844.357 In zbx_parse_eventlog_message6() EventRecordID:26063 9284:20230712:142844.358 In expand_message6() 9284:20230712:142844.359 End of expand_message6():Service started (1.0.24.0). 9284:20230712:142844.359 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.360 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26063 value:'Service started (1.0.24.0).' 9284:20230712:142844.360 buffer: new element 35 9284:20230712:142844.361 End of process_value():SUCCEED 9284:20230712:142844.361 In zbx_parse_eventlog_message6() EventRecordID:26064 9284:20230712:142844.362 In expand_message6() 9284:20230712:142844.363 End of expand_message6():Pipe server thread started. 9284:20230712:142844.364 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.364 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26064 value:'Pipe server thread started.' 9284:20230712:142844.365 buffer: new element 36 9284:20230712:142844.366 End of process_value():SUCCEED 9284:20230712:142844.366 In zbx_parse_eventlog_message6() EventRecordID:26065 9284:20230712:142844.367 In expand_message6() 9284:20230712:142844.368 End of expand_message6():Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying... 9284:20230712:142844.368 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.369 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26065 value:'Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...' 9284:20230712:142844.369 buffer: new element 37 9284:20230712:142844.370 End of process_value():SUCCEED 9284:20230712:142844.371 In zbx_parse_eventlog_message6() EventRecordID:26066 9284:20230712:142844.371 In expand_message6() 9284:20230712:142844.372 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142844.372 ====== Fatal information: ====== 9284:20230712:142844.373 Program counter: 0x67e2cf19 9284:20230712:142844.373 === Registers: === 9284:20230712:142844.374 r8 = 18 = 24 = 24 9284:20230712:142844.375 r9 = 0 = 0 = 0 9284:20230712:142844.375 r10 = 0 = 0 = 0 9284:20230712:142844.376 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142844.376 r12 = 6af650 = 7009872 = 7009872 9284:20230712:142844.377 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142844.377 r14 = 0 = 0 = 0 9284:20230712:142844.378 r15 = 0 = 0 = 0 9284:20230712:142844.378 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142844.379 rsi = 385e690 = 59106960 = 59106960 9284:20230712:142844.380 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142844.380 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142844.381 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142844.381 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142844.382 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142844.382 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142844.383 efl = 202 = 514 = 514 9284:20230712:142844.383 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142844.384 === Backtrace: === 9284:20230712:142844.526 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142844.527 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142844.528 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142844.528 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142844.529 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142844.531 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142844.532 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142844.533 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142844.534 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142844.535 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142844.536 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142844.537 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142844.537 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142844.538 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142844.539 ================================ 9284:20230712:142844.540 provider 'AdobeARMservice' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142844.541 End of expand_message6():(null) 9284:20230712:142844.541 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.542 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26066 value:'The description for Event ID:0 in Source:'AdobeARMservice' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started' 9284:20230712:142844.543 buffer: new element 38 9284:20230712:142844.543 End of process_value():SUCCEED 9284:20230712:142844.544 In zbx_parse_eventlog_message6() EventRecordID:26067 9284:20230712:142844.544 In expand_message6() 9284:20230712:142844.545 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142844.546 ====== Fatal information: ====== 9284:20230712:142844.546 Program counter: 0x67e2cf19 9284:20230712:142844.547 === Registers: === 9284:20230712:142844.547 r8 = 18 = 24 = 24 9284:20230712:142844.548 r9 = 0 = 0 = 0 9284:20230712:142844.549 r10 = 0 = 0 = 0 9284:20230712:142844.549 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142844.550 r12 = 6787f0 = 6785008 = 6785008 9284:20230712:142844.550 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142844.551 r14 = 0 = 0 = 0 9284:20230712:142844.552 r15 = 0 = 0 = 0 9284:20230712:142844.552 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142844.553 rsi = 385fc70 = 59112560 = 59112560 9284:20230712:142844.553 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142844.554 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142844.555 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142844.555 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142844.556 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142844.556 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142844.557 efl = 202 = 514 = 514 9284:20230712:142844.557 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142844.558 === Backtrace: === 2184:20230712:142844.633 In collect_perfstat() 2184:20230712:142844.636 End of collect_perfstat() 9284:20230712:142844.702 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142844.703 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142844.704 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142844.704 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142844.705 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142844.707 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142844.708 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142844.709 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142844.710 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142844.711 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142844.712 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142844.713 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142844.713 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142844.714 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142844.716 ================================ 9284:20230712:142844.716 provider 'LanWlanSwitchingService' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142844.717 End of expand_message6():(null) 9284:20230712:142844.718 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.718 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26067 value:'The description for Event ID:0 in Source:'LanWlanSwitchingService' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: LanWlanSwitchingService; LAN/WLAN | LAN/WWAN Switching Service in OnStart' 9284:20230712:142844.719 buffer: new element 39 9284:20230712:142844.719 End of process_value():SUCCEED 9284:20230712:142844.720 In zbx_parse_eventlog_message6() EventRecordID:26068 9284:20230712:142844.720 In expand_message6() 9284:20230712:142844.722 End of expand_message6():Service initialized 9284:20230712:142844.722 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.723 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26068 value:'Service initialized' 9284:20230712:142844.724 buffer: new element 40 9284:20230712:142844.724 End of process_value():SUCCEED 9284:20230712:142844.725 In zbx_parse_eventlog_message6() EventRecordID:26069 9284:20230712:142844.726 In expand_message6() 9284:20230712:142844.727 End of expand_message6():Service started 9284:20230712:142844.727 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.728 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26069 value:'Service started ' 9284:20230712:142844.729 buffer: new element 41 9284:20230712:142844.729 End of process_value():SUCCEED 9284:20230712:142844.730 In zbx_parse_eventlog_message6() EventRecordID:26070 9284:20230712:142844.730 In expand_message6() 9284:20230712:142844.732 End of expand_message6():The winlogon notification subscriber was unavailable to handle a critical notification event. 9284:20230712:142844.733 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.734 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26070 value:'The winlogon notification subscriber was unavailable to handle a critical notification event.' 9284:20230712:142844.734 buffer: new element 42 9284:20230712:142844.735 End of process_value():SUCCEED 9284:20230712:142844.735 In zbx_parse_eventlog_message6() EventRecordID:26071 9284:20230712:142844.736 In expand_message6() 9284:20230712:142844.737 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142844.737 ====== Fatal information: ====== 9284:20230712:142844.738 Program counter: 0x67e2cf19 9284:20230712:142844.738 === Registers: === 9284:20230712:142844.739 r8 = 18 = 24 = 24 9284:20230712:142844.740 r9 = 0 = 0 = 0 9284:20230712:142844.740 r10 = 0 = 0 = 0 9284:20230712:142844.741 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142844.741 r12 = 63cfe0 = 6541280 = 6541280 9284:20230712:142844.742 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142844.742 r14 = 0 = 0 = 0 9284:20230712:142844.743 r15 = 0 = 0 = 0 9284:20230712:142844.743 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142844.744 rsi = 385f950 = 59111760 = 59111760 9284:20230712:142844.744 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142844.745 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142844.745 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142844.746 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142844.746 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142844.747 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142844.747 efl = 202 = 514 = 514 9284:20230712:142844.747 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142844.748 === Backtrace: === 9284:20230712:142844.890 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142844.891 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142844.892 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142844.892 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142844.893 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142844.895 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142844.896 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142844.897 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142844.897 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142844.898 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142844.899 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142844.900 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142844.900 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142844.901 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142844.902 ================================ 9284:20230712:142844.903 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142844.903 End of expand_message6():(null) 9284:20230712:142844.904 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142844.904 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26071 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1 ' 9284:20230712:142844.905 buffer: new element 43 9284:20230712:142844.905 End of process_value():SUCCEED 9284:20230712:142844.906 In zbx_parse_eventlog_message6() EventRecordID:26072 9284:20230712:142844.906 In expand_message6() 9284:20230712:142844.907 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142844.907 ====== Fatal information: ====== 9284:20230712:142844.908 Program counter: 0x67e2cf19 9284:20230712:142844.908 === Registers: === 9284:20230712:142844.909 r8 = 18 = 24 = 24 9284:20230712:142844.909 r9 = 0 = 0 = 0 9284:20230712:142844.910 r10 = 0 = 0 = 0 9284:20230712:142844.910 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142844.911 r12 = 384fbb0 = 59046832 = 59046832 9284:20230712:142844.911 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142844.912 r14 = 0 = 0 = 0 9284:20230712:142844.912 r15 = 0 = 0 = 0 9284:20230712:142844.913 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142844.913 rsi = 385e870 = 59107440 = 59107440 9284:20230712:142844.914 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142844.914 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142844.914 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142844.915 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142844.915 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142844.916 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142844.916 efl = 202 = 514 = 514 9284:20230712:142844.917 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142844.917 === Backtrace: === 9284:20230712:142845.059 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142845.060 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142845.061 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142845.061 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142845.062 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142845.064 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142845.065 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142845.066 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142845.067 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142845.067 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142845.068 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142845.069 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142845.070 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142845.070 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142845.072 ================================ 9284:20230712:142845.072 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142845.073 End of expand_message6():(null) 9284:20230712:142845.074 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142845.074 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26072 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1 ' 9284:20230712:142845.075 buffer: new element 44 9284:20230712:142845.075 End of process_value():SUCCEED 9284:20230712:142845.076 In zbx_parse_eventlog_message6() EventRecordID:26073 9284:20230712:142845.077 In expand_message6() 9284:20230712:142845.079 End of expand_message6():The winlogon notification subscriber was unavailable to handle a notification event. 9284:20230712:142845.079 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142845.080 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26073 value:'The winlogon notification subscriber was unavailable to handle a notification event.' 9284:20230712:142845.081 buffer: new element 45 9284:20230712:142845.081 End of process_value():SUCCEED 9284:20230712:142845.082 In zbx_parse_eventlog_message6() EventRecordID:26074 9284:20230712:142845.083 In expand_message6() 9284:20230712:142845.083 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142845.084 ====== Fatal information: ====== 9284:20230712:142845.084 Program counter: 0x67e2cf19 9284:20230712:142845.085 === Registers: === 9284:20230712:142845.086 r8 = 18 = 24 = 24 9284:20230712:142845.086 r9 = 0 = 0 = 0 9284:20230712:142845.087 r10 = 0 = 0 = 0 9284:20230712:142845.087 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142845.088 r12 = 63bfe0 = 6537184 = 6537184 9284:20230712:142845.089 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142845.089 r14 = 0 = 0 = 0 9284:20230712:142845.090 r15 = 0 = 0 = 0 9284:20230712:142845.090 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142845.091 rsi = 385f130 = 59109680 = 59109680 9284:20230712:142845.092 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142845.092 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142845.093 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142845.094 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142845.094 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142845.095 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142845.095 efl = 202 = 514 = 514 9284:20230712:142845.096 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142845.096 === Backtrace: === 9284:20230712:142845.238 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142845.239 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142845.240 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142845.240 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142845.241 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142845.243 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142845.244 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142845.245 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142845.246 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142845.247 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142845.248 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142845.249 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142845.249 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142845.250 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142845.252 ================================ 9284:20230712:142845.252 provider 'igfxCUIService2.0.0.0' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142845.253 End of expand_message6():(null) 9284:20230712:142845.253 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142845.254 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26074 value:'The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1 ' 9284:20230712:142845.255 buffer: new element 46 9284:20230712:142845.255 End of process_value():SUCCEED 9284:20230712:142845.256 In zbx_parse_eventlog_message6() EventRecordID:26075 9284:20230712:142845.256 In expand_message6() 9284:20230712:142845.258 End of expand_message6():SearchIndexer (8952,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0). 9284:20230712:142845.259 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142845.259 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26075 value:'SearchIndexer (8952,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0).' 9284:20230712:142845.260 buffer: new element 47 9284:20230712:142845.260 End of process_value():SUCCEED 9284:20230712:142845.261 In zbx_parse_eventlog_message6() EventRecordID:26076 9284:20230712:142845.262 In expand_message6() 9284:20230712:142845.263 End of expand_message6():SearchIndexer (8952,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.001683 +J(0) +M(C:0K, Fs:319, WS:1248K # 1248K, PF:5400K # 5400K, P:5400K) [2] 0.000275 +J(0) +M(C:0K, Fs:125, WS:500K # 500K, PF:444K # 444K, P:444K) [3] 0.000716 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K) [4] 0.000094 +J(0) +M(C:0K, Fs:30, WS:120K # 120K, PF:352K # 352K, P:352K) [5] 0.000942 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:24K # 24K, P:24K) [6] 0.004200 +J(0) +M(C:0K, Fs:25, WS:96K # 96K, PF:20K # 20K, P:20K) [7] 0.004701 -0.001713 (2) WT +J(0) +M(C:0K, Fs:270, WS:1076K # 1076K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.010718 -0.000287 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1024K # 12K, P:-1024K) [14] 0.000021 +J(0) [15] 0.000085 +J(0) +M(C:0K, Fs:65, WS:260K # 0K, PF:64K # 0K, P:64K) [16] 0.000290 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K). 9284:20230712:142845.264 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142845.264 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26076 value:'SearchIndexer (8952,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) Additional Data: Internal Timing Sequence: [1] 0.001683 +J(0) +M(C:0K, Fs:319, WS:1248K # 1248K, PF:5400K # 5400K, P:5400K) [2] 0.000275 +J(0) +M(C:0K, Fs:125, WS:500K # 500K, PF:444K # 444K, P:444K) [3] 0.000716 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K) [4] 0.000094 +J(0) +M(C:0K, Fs:30, WS:120K # 120K, PF:352K # 352K, P:352K) [5] 0.000942 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:24K # 24K, P:24K) [6] 0.004200 +J(0) +M(C:0K, Fs:25, WS:96K # 96K, PF:20K # 20K, P:20K) [7] 0.004701 -0.001713 (2) WT +J(0) +M(C:0K, Fs:270, WS:1076K # 1076K, PF:1028K # 1028K, P:1028K) [8] - [9] - [10] - [11] - [12] - [13] 0.010718 -0.000287 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1024K # 12K, P:-1024K) [14] 0.000021 +J(0) [15] 0.000085 +J(0) +M(C:0K, Fs:65, WS:260K # 0K, PF:64K # 0K, P:64K) [16] 0.000290 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).' 9284:20230712:142845.265 buffer: new element 48 9284:20230712:142845.266 End of process_value():SUCCEED 9284:20230712:142845.266 In zbx_parse_eventlog_message6() EventRecordID:26077 9284:20230712:142845.267 In expand_message6() 9284:20230712:142845.269 End of expand_message6():SearchIndexer (8952,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000BEE:0041:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000003 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [2] 0.001999 -0.000281 (1) WT +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.004382 -0.000970 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:42, WS:124K # 0K, PF:148K # 0K, P:148K) [4] 0.000205 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] - [8] 0.001193 -0.000843 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:52, WS:204K # 0K, PF:696K # 0K, P:696K) [9] 0.016857 -0.000284 (5) CM -0.016343 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:256K # 176K, P:256K) [10] 0.000304 -0.000208 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 16K, PF:96K # 96K, P:96K) [11] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000045 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K) [13] 0.0 +J(0) [14] 0.0 +J(0) [15] 0.000005 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0). 9284:20230712:142845.269 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142845.270 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26077 value:'SearchIndexer (8952,D,50) Windows: The database engine attached a database (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Time=0 seconds) Saved Cache: 0 0 Additional Data: lgposAttach = 00000BEE:0041:0268, dbv = 1568.110.240 Internal Timing Sequence: [1] 0.000003 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [2] 0.001999 -0.000281 (1) WT +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K) [3] 0.004382 -0.000970 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:42, WS:124K # 0K, PF:148K # 0K, P:148K) [4] 0.000205 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [5] - [6] - [7] - [8] 0.001193 -0.000843 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:52, WS:204K # 0K, PF:696K # 0K, P:696K) [9] 0.016857 -0.000284 (5) CM -0.016343 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:256K # 176K, P:256K) [10] 0.000304 -0.000208 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 16K, PF:96K # 96K, P:96K) [11] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K) [12] 0.000045 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K) [13] 0.0 +J(0) [14] 0.0 +J(0) [15] 0.000005 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).' 9284:20230712:142845.270 buffer: new element 49 9284:20230712:142845.271 In send_buffer() host:'192.168.56.201' port:10051 entries:50/100 9284:20230712:142845.272 In zbx_connect_to_server() [192.168.56.201]:10051 [timeout:60, connection timeout:3] 9284:20230712:142845.273 JSON before sending [{"request":"agent data","session":"4027be861358abcc6136983f1f36335c","data":[{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-13T12:25:56Z. Reason: RulesEngine.","lastlogsize":26028,"timestamp":1662467156,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":1051,"clock":1689161323,"ns":346904300},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":26029,"timestamp":1662470072,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":1052,"clock":1689161323,"ns":351908900},{"host":"Windows host","key":"eventlog[Application]","value":"Successfully scheduled Software Protection service for re-start at 2122-08-13T13:15:03Z. Reason: RulesEngine.","lastlogsize":26030,"timestamp":1662470103,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16384,"id":1053,"clock":1689161323,"ns":356804700},{"host":"Windows host","key":"eventlog[Application]","value":"The Exchange web service request GetAppManifests succeeded. ","lastlogsize":26031,"timestamp":1662473414,"source":"Outlook","severity":1,"eventid":63,"id":1054,"clock":1689161323,"ns":361570300},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'gupdatem' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":26032,"timestamp":1662477255,"source":"gupdatem","severity":1,"id":1055,"clock":1689161323,"ns":539477300},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: Test\n","lastlogsize":26033,"timestamp":1662477269,"source":"igfxCUIService2.0.0.0","severity":1,"id":1056,"clock":1689161323,"ns":714458300},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logoff: 1\n","lastlogsize":26034,"timestamp":1662477269,"source":"igfxCUIService2.0.0.0","severity":1,"id":1057,"clock":1689161323,"ns":887243800},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a notification event.","lastlogsize":26035,"timestamp":1662477269,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6000,"id":1058,"clock":1689161323,"ns":892278200},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a notification event.","lastlogsize":26036,"timestamp":1662477269,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6000,"id":1059,"clock":1689161323,"ns":897188700},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service stopped","lastlogsize":26037,"timestamp":1662477269,"source":"BrService_4_3_4_610","severity":1,"id":1060,"clock":1689161324,"ns":67994500},{"host":"Windows host","key":"eventlog[Application]","value":"Service has been successfully shut down.","lastlogsize":26038,"timestamp":1662477273,"source":"IAStorDataMgrSvc","severity":1,"id":1061,"clock":1689161324,"ns":72960900},{"host":"Windows host","key":"eventlog[Application]","value":"Service stopped (0)\n","lastlogsize":26039,"timestamp":1662477273,"source":"Bonjour Service","severity":1,"eventid":100,"id":1062,"clock":1689161324,"ns":77795300},{"host":"Windows host","key":"eventlog[Application]","value":"Service has been successfully shut down.","lastlogsize":26040,"timestamp":1662477273,"source":"HP Comm Recovery","severity":1,"id":1063,"clock":1689161324,"ns":82739500},{"host":"Windows host","key":"eventlog[Application]","value":"Service has been successfully shut down.","lastlogsize":26041,"timestamp":1662477273,"source":"XTUService","severity":1,"id":1064,"clock":1689161324,"ns":88317700},{"host":"Windows host","key":"eventlog[Application]","value":"The Windows Security Center Service has stopped.","lastlogsize":26042,"timestamp":1662477273,"source":"SecurityCenter","severity":1,"eventid":2,"id":1065,"clock":1689161324,"ns":94265200},{"host":"Windows host","key":"eventlog[Application]","value":"The User Profile Service has stopped. \r\n\r\n","lastlogsize":26043,"timestamp":1662477273,"source":"Microsoft-Windows-User Profiles Service","severity":1,"eventid":1532,"id":1066,"clock":1689161324,"ns":100030700},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed","lastlogsize":26044,"timestamp":1662531042,"source":"igfxCUIService2.0.0.0","severity":1,"id":1067,"clock":1689161324,"ns":275242600},{"host":"Windows host","key":"eventlog[Application]","value":"The User Profile Service has started successfully. \r\n\r\n","lastlogsize":26045,"timestamp":1662531042,"source":"Microsoft-Windows-User Profiles Service","severity":1,"eventid":1531,"id":1068,"clock":1689161324,"ns":279783000},{"host":"Windows host","key":"eventlog[Application]","value":"Intel(R) Dynamic Application Loader Host Interface Service started.","lastlogsize":26046,"timestamp":1662531043,"source":"IntelDalJhi","severity":1,"id":1069,"clock":1689161324,"ns":283709700},{"host":"Windows host","key":"eventlog[Application]","value":"Windows Management Instrumentation Service started sucessfully","lastlogsize":26047,"timestamp":1662531043,"source":"Microsoft-Windows-WMI","severity":1,"eventid":5615,"id":1070,"clock":1689161324,"ns":288170200},{"host":"Windows host","key":"eventlog[Application]","value":"Local Management Service started.","lastlogsize":26048,"timestamp":1662531043,"source":"LMS","severity":1,"eventid":2000,"id":1071,"clock":1689161324,"ns":292120000},{"host":"Windows host","key":"eventlog[Application]","value":"Service started/resumed","lastlogsize":26049,"timestamp":1662531043,"source":"LMS","severity":1,"id":1072,"clock":1689161324,"ns":296051800},{"host":"Windows host","key":"eventlog[Application]","value":"Windows Management Instrumentation Service subsystems initialized successfully","lastlogsize":26050,"timestamp":1662531043,"source":"Microsoft-Windows-WMI","severity":1,"eventid":5617,"id":1073,"clock":1689161324,"ns":300604300},{"host":"Windows host","key":"eventlog[Application]","value":"Service started successfully.","lastlogsize":26051,"timestamp":1662531047,"source":"XTUService","severity":1,"id":1074,"clock":1689161324,"ns":304834000},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service is starting.\r\nParameters:TriggerStarted:6","lastlogsize":26052,"timestamp":1662531048,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":900,"id":1075,"clock":1689161324,"ns":309371100},{"host":"Windows host","key":"eventlog[Application]","value":"Offline downlevel migration succeeded.","lastlogsize":26053,"timestamp":1662531048,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16394,"id":1076,"clock":1689161324,"ns":313935000},{"host":"Windows host","key":"eventlog[Application]","value":"Initialization status for service objects.\r\nC:\\WINDOWS\\system32\\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000\nC:\\WINDOWS\\system32\\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000\n","lastlogsize":26054,"timestamp":1662531048,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1066,"id":1077,"clock":1689161324,"ns":318704200},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has completed licensing status check.\r\nApplication Id=55c92734-d682-4d71-983e-d6ec3f16059f\r\nLicensing Status=\n1: 040fa323-92b1-4baf-97a2-5b67feaefddb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n2: 0724cb7d-3437-4cb7-93cb-830375d0079d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n3: 0ad2ac98-7bb9-4201-8d92-312299201369, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n4: 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n5: 221a02da-e2a1-4b75-864c-0a4410a33fdf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n6: 291ece0e-9c38-40ca-a9e1-32cc7ec19507, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n7: 2936d1d2-913a-4542-b54e-ce5a602a2a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n8: 2c293c26-a45a-4a2a-a350-c69a67097529, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n9: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n10: 2ffd8952-423e-4903-b993-72a1aa44cf82, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n11: 30a42c86-b7a0-4a34-8c90-ff177cb2acb7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n12: 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n13: 3502365a-f88a-4ba4-822a-5769d3073b65, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n14: 377333b1-8b5d-48d6-9679-1225c872d37c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n15: 3df374ef-d444-4494-a5a1-4b0d9fd0e203, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n16: 3f1afc82-f8ac-4f6c-8005-1d233e606eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n17: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n18: 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n19: 4f3da0d2-271d-4508-ae81-626b60809a38, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n20: 60b3ec1b-9545-4921-821f-311b129dd6f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n21: 613d217f-7f13-4268-9907-1662339531cd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n22: 62f0c100-9c53-4e02-b886-a3528ddfe7f6, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n23: 6365275e-368d-46ca-a0ef-fc0404119333, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n24: 721f9237-9341-4453-a661-09e8baa6cca5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n25: 73111121-5638-40f6-bc11-f1d7b0d64300, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n26: 7a802526-4c94-4bd1-ba14-835a1aca2120, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n27: 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n28: 82bbc092-bc50-4e16-8e18-b74fc486aec3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n29: 8ab9bdd1-1f67-4997-82d9-8878520837d9, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n30: 8b351c9c-f398-4515-9900-09df49427262, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n31: 90da7373-1c51-430b-bf26-c97e9c5cdc31, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n32: 95dca82f-385d-4d39-b85b-5c73fa285d6f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n33: a48938aa-62fa-4966-9d44-9f04da3f72f2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n34: b0773a15-df3a-4312-9ad2-83d69648e356, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n35: b4bfe195-541e-4e64-ad23-6177f19e395e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n36: b68e61d2-68ca-4757-be45-0cc2f3e68eee, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n37: bd3762d7-270d-4760-8fb3-d829ca45278a, 1, 1 [(0 )(1 )(2 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(3 )]\n38: c86d5194-4840-4dae-9c1c-0301003a5ab0, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n39: d552befb-48cc-4327-8f39-47d2d94f987c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n40: d6eadb3b-5ca8-4a6b-986e-35b550756111, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n41: df96023b-dcd9-4be2-afa0-c6c871159ebe, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n42: e0c42288-980c-4788-a014-c080d2e1926e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n43: e4db50ea-bda1-4566-b047-0ca50abc6f07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n44: e558417a-5123-4f6f-91e7-385c1c7ca9d4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n45: e7a950a2-e548-4f10-bf16-02ec848e0643, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n46: eb6d346f-1c60-4643-b960-40ec31596c45, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n47: ec868e65-fadf-4759-b23e-93fe37f2cc29, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n48: ef51e000-2659-4f25-8345-3de70a9cf4c4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n49: f7af7d09-40e4-419c-a49b-eae366689ebd, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n50: fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n51: fe74f55b-0338-41d6-b267-4a201abe7285, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]\n\n","lastlogsize":26055,"timestamp":1662531048,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":1003,"id":1078,"clock":1689161324,"ns":323661300},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm with value of 4096 from Clip.","lastlogsize":26056,"timestamp":1662531048,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":1079,"clock":1689161324,"ns":328131400},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedArm64 with value of 2097152 from Clip.","lastlogsize":26057,"timestamp":1662531049,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":1080,"clock":1689161324,"ns":332598200},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx64 with value of 2097152 from Clip.","lastlogsize":26058,"timestamp":1662531049,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":1081,"clock":1689161324,"ns":337381300},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-WindowsMaxMemAllowedx86 with value of 4096 from Clip.","lastlogsize":26059,"timestamp":1662531049,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":1082,"clock":1689161324,"ns":342320100},{"host":"Windows host","key":"eventlog[Application]","value":"Updated policy Kernel-RegisteredProcessors with value of 2 from Clip.","lastlogsize":26060,"timestamp":1662531049,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":16390,"id":1083,"clock":1689161324,"ns":347186600},{"host":"Windows host","key":"eventlog[Application]","value":"The Software Protection service has started.\r\n10.0.19041.1889","lastlogsize":26061,"timestamp":1662531049,"source":"Microsoft-Windows-Security-SPP","severity":1,"eventid":902,"id":1084,"clock":1689161324,"ns":352058500},{"host":"Windows host","key":"eventlog[Application]","value":"Service initializing","lastlogsize":26062,"timestamp":1662531049,"source":"Bonjour Service","severity":1,"eventid":100,"id":1085,"clock":1689161324,"ns":356539300},{"host":"Windows host","key":"eventlog[Application]","value":"Service started (1.0.24.0).","lastlogsize":26063,"timestamp":1662531049,"source":"DbxSvc","severity":1,"eventid":336,"id":1086,"clock":1689161324,"ns":361004400},{"host":"Windows host","key":"eventlog[Application]","value":"Pipe server thread started.","lastlogsize":26064,"timestamp":1662531049,"source":"DbxSvc","severity":1,"eventid":258,"id":1087,"clock":1689161324,"ns":365552500},{"host":"Windows host","key":"eventlog[Application]","value":"Failed to connect to the driver: (-2147024894) The system cannot find the file specified. , retrying...","lastlogsize":26065,"timestamp":1662531049,"source":"DbxSvc","severity":1,"eventid":320,"id":1088,"clock":1689161324,"ns":370064300},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'AdobeARMservice' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started","lastlogsize":26066,"timestamp":1662531049,"source":"AdobeARMservice","severity":1,"id":1089,"clock":1689161324,"ns":543235500},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'LanWlanSwitchingService' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: LanWlanSwitchingService; LAN/WLAN | LAN/WWAN Switching Service in OnStart","lastlogsize":26067,"timestamp":1662531049,"source":"LanWlanSwitchingService","severity":1,"id":1090,"clock":1689161324,"ns":719345900},{"host":"Windows host","key":"eventlog[Application]","value":"Service initialized","lastlogsize":26068,"timestamp":1662531049,"source":"Bonjour Service","severity":1,"eventid":100,"id":1091,"clock":1689161324,"ns":724273400},{"host":"Windows host","key":"eventlog[Application]","value":"Service started\n","lastlogsize":26069,"timestamp":1662531050,"source":"Bonjour Service","severity":1,"eventid":100,"id":1092,"clock":1689161324,"ns":729200400},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a critical notification event.","lastlogsize":26070,"timestamp":1662531052,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6003,"id":1093,"clock":1689161324,"ns":734839900},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Log on event received User1\n","lastlogsize":26071,"timestamp":1662531055,"source":"igfxCUIService2.0.0.0","severity":1,"id":1094,"clock":1689161324,"ns":905316900},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Logon: 1\n","lastlogsize":26072,"timestamp":1662531055,"source":"igfxCUIService2.0.0.0","severity":1,"id":1095,"clock":1689161325,"ns":75506100},{"host":"Windows host","key":"eventlog[Application]","value":"The winlogon notification subscriber was unavailable to handle a notification event.","lastlogsize":26073,"timestamp":1662531055,"source":"Microsoft-Windows-Winlogon","severity":1,"eventid":6000,"id":1096,"clock":1689161325,"ns":81304500},{"host":"Windows host","key":"eventlog[Application]","value":"The description for Event ID:0 in Source:'igfxCUIService2.0.0.0' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Received Post Shell Event 1\n","lastlogsize":26074,"timestamp":1662531055,"source":"igfxCUIService2.0.0.0","severity":1,"id":1097,"clock":1689161325,"ns":255243400},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (8952,P,98) Windows: The database engine (10.00.19044.0000) is starting a new instance (0).","lastlogsize":26075,"timestamp":1662531056,"source":"ESENT","severity":1,"eventid":102,"id":1098,"clock":1689161325,"ns":260448300},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (8952,D,0) Windows: The database engine started a new instance (0). (Time=0 seconds) \r\n \r\nAdditional Data:\r\n \r\n \r\nInternal Timing Sequence: \n[1] 0.001683 +J(0) +M(C:0K, Fs:319, WS:1248K # 1248K, PF:5400K # 5400K, P:5400K)\n[2] 0.000275 +J(0) +M(C:0K, Fs:125, WS:500K # 500K, PF:444K # 444K, P:444K)\n[3] 0.000716 +J(0) +M(C:0K, Fs:11, WS:40K # 40K, PF:68K # 68K, P:68K)\n[4] 0.000094 +J(0) +M(C:0K, Fs:30, WS:120K # 120K, PF:352K # 352K, P:352K)\n[5] 0.000942 +J(0) +M(C:0K, Fs:12, WS:48K # 48K, PF:24K # 24K, P:24K)\n[6] 0.004200 +J(0) +M(C:0K, Fs:25, WS:96K # 96K, PF:20K # 20K, P:20K)\n[7] 0.004701 -0.001713 (2) WT +J(0) +M(C:0K, Fs:270, WS:1076K # 1076K, PF:1028K # 1028K, P:1028K)\n[8] -\n[9] -\n[10] -\n[11] -\n[12] -\n[13] 0.010718 -0.000287 (1) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:616/1) +M(C:0K, Fs:9, WS:-996K # 32K, PF:-1024K # 12K, P:-1024K)\n[14] 0.000021 +J(0)\n[15] 0.000085 +J(0) +M(C:0K, Fs:65, WS:260K # 0K, PF:64K # 0K, P:64K)\n[16] 0.000290 +J(0) +M(C:0K, Fs:2, WS:0K # 0K, PF:0K # 0K, P:0K).","lastlogsize":26076,"timestamp":1662531056,"source":"ESENT","severity":1,"eventid":105,"id":1099,"clock":1689161325,"ns":265668200},{"host":"Windows host","key":"eventlog[Application]","value":"SearchIndexer (8952,D,50) Windows: The database engine attached a database (1, C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb). (Time=0 seconds) \r\n \r\nSaved Cache: 0 0 \r\nAdditional Data: lgposAttach = 00000BEE:0041:0268,\ndbv = 1568.110.240 \r\n \r\nInternal Timing Sequence: \n[1] 0.000003 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[2] 0.001999 -0.000281 (1) WT +J(0) +M(C:0K, Fs:24, WS:32K # 0K, PF:32K # 0K, P:32K)\n[3] 0.004382 -0.000970 (6) WT +J(CM:0, PgRf:0, Rd:0/0, Dy:0/0, Lg:3480/2) +M(C:0K, Fs:42, WS:124K # 0K, PF:148K # 0K, P:148K)\n[4] 0.000205 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)\n[5] -\n[6] -\n[7] -\n[8] 0.001193 -0.000843 (2) CM +J(CM:2, PgRf:2, Rd:14/2, Dy:0/0, Lg:54/1) +M(C:0K, Fs:52, WS:204K # 0K, PF:696K # 0K, P:696K)\n[9] 0.016857 -0.000284 (5) CM -0.016343 (1) WT +J(CM:5, PgRf:23, Rd:0/5, Dy:0/0, Lg:0/0) +M(C:0K, Fs:70, WS:280K # 0K, PF:256K # 176K, P:256K)\n[10] 0.000304 -0.000208 (1) CM +J(CM:1, PgRf:40, Rd:0/1, Dy:0/0, Lg:0/0) +M(C:0K, Fs:10, WS:40K # 16K, PF:96K # 96K, P:96K)\n[11] 0.000013 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:2, WS:8K # 8K, PF:0K # 0K, P:0K)\n[12] 0.000045 +J(CM:0, PgRf:42, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:3, WS:12K # 12K, PF:0K # 0K, P:0K)\n[13] 0.0 +J(0)\n[14] 0.0 +J(0)\n[15] 0.000005 +J(CM:0, PgRf:1, Rd:0/0, Dy:0/0, Lg:0/0).","lastlogsize":26077,"timestamp":1662531056,"source":"ESENT","severity":1,"eventid":326,"id":1100,"clock":1689161325,"ns":270995900}],"clock":1689161325,"ns":272836200}] 9284:20230712:142845.278 JSON back [{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002318"}] 9284:20230712:142845.278 In check_response() response:'{"response":"success","info":"processed: 50; failed: 0; total: 50; seconds spent: 0.002318"}' 9284:20230712:142845.279 info from server: 'processed: 50; failed: 0; total: 50; seconds spent: 0.002318' 9284:20230712:142845.280 End of check_response():SUCCEED 9284:20230712:142845.280 OK 9284:20230712:142845.281 End of send_buffer():SUCCEED 9284:20230712:142845.282 End of process_value():SUCCEED 9284:20230712:142845.284 In zbx_parse_eventlog_message6() EventRecordID:26078 9284:20230712:142845.285 In expand_message6() 9284:20230712:142845.287 End of expand_message6():The Windows Search Service started. 9284:20230712:142845.288 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142845.288 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26078 value:'The Windows Search Service started. ' 9284:20230712:142845.289 buffer: new element 0 9284:20230712:142845.290 End of process_value():SUCCEED 9284:20230712:142845.290 In zbx_parse_eventlog_message6() EventRecordID:26079 9284:20230712:142845.291 In expand_message6() 9284:20230712:142845.291 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142845.292 ====== Fatal information: ====== 9284:20230712:142845.293 Program counter: 0x67e2cf19 9284:20230712:142845.293 === Registers: === 9284:20230712:142845.294 r8 = 18 = 24 = 24 9284:20230712:142845.294 r9 = 0 = 0 = 0 9284:20230712:142845.295 r10 = 0 = 0 = 0 9284:20230712:142845.295 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142845.296 r12 = 33f48f0 = 54479088 = 54479088 9284:20230712:142845.296 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142845.297 r14 = 0 = 0 = 0 9284:20230712:142845.297 r15 = 0 = 0 = 0 9284:20230712:142845.298 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142845.298 rsi = 385fdb0 = 59112880 = 59112880 9284:20230712:142845.299 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142845.299 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142845.300 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142845.301 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142845.301 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142845.302 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142845.302 efl = 202 = 514 = 514 9284:20230712:142845.303 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142845.303 === Backtrace: === 9284:20230712:142845.449 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142845.450 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142845.450 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142845.451 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142845.451 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142845.454 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142845.454 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142845.455 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142845.456 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142845.456 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142845.457 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142845.458 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142845.459 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142845.459 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142845.461 ================================ 9284:20230712:142845.462 provider 'BrService_4_3_4_610' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142845.462 End of expand_message6():(null) 9284:20230712:142845.463 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142845.463 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26079 value:'The description for Event ID:0 in Source:'BrService_4_3_4_610' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started/resumed' 9284:20230712:142845.464 buffer: new element 1 9284:20230712:142845.464 End of process_value():SUCCEED 9284:20230712:142845.465 In zbx_parse_eventlog_message6() EventRecordID:26080 9284:20230712:142845.465 In expand_message6() 9284:20230712:142845.466 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142845.467 ====== Fatal information: ====== 9284:20230712:142845.467 Program counter: 0x67e2cf19 9284:20230712:142845.468 === Registers: === 9284:20230712:142845.468 r8 = 18 = 24 = 24 9284:20230712:142845.469 r9 = 0 = 0 = 0 9284:20230712:142845.469 r10 = 0 = 0 = 0 9284:20230712:142845.470 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142845.470 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142845.471 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142845.471 r14 = 0 = 0 = 0 9284:20230712:142845.472 r15 = 0 = 0 = 0 9284:20230712:142845.472 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142845.473 rsi = 385e2d0 = 59106000 = 59106000 9284:20230712:142845.473 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142845.474 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142845.474 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142845.475 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142845.475 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142845.476 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142845.477 efl = 202 = 514 = 514 9284:20230712:142845.477 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142845.478 === Backtrace: === 9284:20230712:142845.621 13: C:\WINDOWS\System32\KERNELBASE.dll(RaiseException+0x69) [0x67e2cf19] 9284:20230712:142845.622 12: C:\WINDOWS\System32\ucrtbase.dll(CxxThrowException+0xad) [0x67a8da1d] 9284:20230712:142845.623 11: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x96c) [0x62fe553c] 9284:20230712:142845.624 10: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtNext+0x50e) [0x62fe50de] 9284:20230712:142845.625 9: C:\WINDOWS\SYSTEM32\wevtapi.dll(EvtOpenPublisherMetadata+0xdf) [0x62fe580f] 9284:20230712:142845.627 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_parse_eventlog_message6+0x22a c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:766) [0x4003331a] 9284:20230712:142845.628 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventslog6+0x2eb c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:945) [0x40031dcb] 9284:20230712:142845.628 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_eventlog_check+0x4f1 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\eventlog.c:1816) [0x40030f81] 9284:20230712:142845.629 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(process_active_checks+0x206 c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1272) [0x4002e806] 9284:20230712:142845.630 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(active_checks_thread+0x30c c:\zabbix1\zabbix-6.4.5rc1\src\zabbix_agent\active.c:1530) [0x4002d7cc] 9284:20230712:142845.631 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(zbx_win_thread_entry+0x7 c:\zabbix1\zabbix-6.4.5rc1\src\libs\zbxthreads\threads.c:33) [0x400137d7] 9284:20230712:142845.632 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(thread_start+0x50 minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97) [0x400a10ec] 9284:20230712:142845.633 1: C:\WINDOWS\System32\KERNEL32.DLL(BaseThreadInitThunk+0x14) [0x68e77614] 9284:20230712:142845.634 0: C:\WINDOWS\SYSTEM32\ntdll.dll(RtlUserThreadStart+0x21) [0x6a3026f1] 9284:20230712:142845.635 ================================ 9284:20230712:142845.636 provider 'dbupdate' could not be opened: [0x00000002] The system cannot find the file specified. 9284:20230712:142845.637 End of expand_message6():(null) 9284:20230712:142845.637 End of zbx_parse_eventlog_message6():SUCCEED 9284:20230712:142845.638 In process_value() key:'Windows host:eventlog[Application]' lastlogsize:26080 value:'The description for Event ID:0 in Source:'dbupdate' cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: Service started' 2184:20230712:142845.639 In collect_perfstat() 9284:20230712:142845.640 buffer: new element 2 9284:20230712:142845.641 End of process_value():SUCCEED 9284:20230712:142845.642 In zbx_parse_eventlog_message6() EventRecordID:26081 2184:20230712:142845.642 End of collect_perfstat() 9284:20230712:142845.643 In expand_message6() 9284:20230712:142845.644 [MPLOG] VEH Trap detected exception e06d7363 at 0x00007FFA67E2CF19. Exception information: 9284:20230712:142845.645 ====== Fatal information: ====== 9284:20230712:142845.646 Program counter: 0x67e2cf19 9284:20230712:142845.647 === Registers: === 9284:20230712:142845.647 r8 = 18 = 24 = 24 9284:20230712:142845.648 r9 = 0 = 0 = 0 9284:20230712:142845.649 r10 = 0 = 0 = 0 9284:20230712:142845.650 r11 = 59eec30 = 94301232 = 94301232 9284:20230712:142845.651 r12 = 6af310 = 7009040 = 7009040 9284:20230712:142845.651 r13 = 221c740 = 35768128 = 35768128 9284:20230712:142845.652 r14 = 0 = 0 = 0 9284:20230712:142845.653 r15 = 0 = 0 = 0 9284:20230712:142845.654 rdi = 59ef208 = 94302728 = 94302728 9284:20230712:142845.654 rsi = 385eeb0 = 59109040 = 59109040 9284:20230712:142845.655 rbp = 59ef1a0 = 94302624 = 94302624 9284:20230712:142845.656 rbx = 7ffa63038760 = 140713379727200 = 140713379727200 9284:20230712:142845.656 rdx = 7ffa690253a3 = 140713480311715 = 140713480311715 9284:20230712:142845.657 rax = 59ee8f0 = 94300400 = 94300400 9284:20230712:142845.658 rcx = 7ffa6302b750 = 140713379673936 = 140713379673936 9284:20230712:142845.659 rsp = 59ef060 = 94302304 = 94302304 9284:20230712:142845.660 efl = 202 = 514 = 514 9284:20230712:142845.660 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142845.661 === Backtrace: === 19844:20230712:142845.666 Requested [system.sw.os.get] 19844:20230712:142845.667 [MPLOG] in system_sw_os_get() 19844:20230712:142845.668 [MPLOG] end system_sw_os_get() 19844:20230712:142845.669 Sending back [{"os_type":"windows","product_name":"Windows 10 Pro","architecture":"x86_64","build_number":"19045","build_revision":"3086","build":"19045.3086","edition":"Professional","composition":"Enterprise","display_version":"22H2","version":"6.3","version_pretty":"Windows 10 Pro Build 19045.3086","version_full":"Windows 10 Pro 19041.1.amd64fre.vb_release.191206-1406 Build 19045.3086"}] 9284:20230712:142845.685 [MPLOG] VEH Trap detected exception c0000374 at 0x00007FFA6A3AF4C9. Exception information: 9284:20230712:142845.685 ====== Fatal information: ====== 9284:20230712:142845.686 Program counter: 0x6a3af4c9 9284:20230712:142845.687 === Registers: === 9284:20230712:142845.688 r8 = 4010 = 16400 = 16400 9284:20230712:142845.689 r9 = 3ff = 1023 = 1023 9284:20230712:142845.689 r10 = 13aa = 5034 = 5034 9284:20230712:142845.690 r11 = fb0000fb = 4211081467 = 4211081467 9284:20230712:142845.691 r12 = 0 = 0 = 0 9284:20230712:142845.692 r13 = 4ed87d0 = 82675664 = 82675664 9284:20230712:142845.692 r14 = 4ed87c0 = 82675648 = 82675648 9284:20230712:142845.693 r15 = 0 = 0 = 0 9284:20230712:142845.694 rdi = 7ffa6a4197f0 = 140713501235184 = 140713501235184 9284:20230712:142845.695 rsi = 1 = 1 = 1 9284:20230712:142845.695 rbp = 0 = 0 = 0 9284:20230712:142845.696 rbx = c0000374 = 3221226356 = 3221226356 9284:20230712:142845.696 rdx = 79e2a80 = 127806080 = 127806080 9284:20230712:142845.697 rax = fb = 251 = 251 9284:20230712:142845.698 rcx = 13aa = 5034 = 5034 9284:20230712:142845.698 rsp = 59eaa70 = 94284400 = 94284400 9284:20230712:142845.699 efl = 202 = 514 = 514 9284:20230712:142845.700 csgsfs = 332b5300 = 858477312 = 858477312 9284:20230712:142845.700 === Backtrace: === 9284:20230712:142845.701 17: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(null) [0x6a3af4c9] 9284:20230712:142845.702 16: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(null) [0x500] 9284:20230712:142845.703 15: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(null) [0xc0000374] 9284:20230712:142845.703 14: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(null) [0x1] 9284:20230712:142845.704 13: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(null) [0x59da000] 9284:20230712:142845.705 12: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(null) [0x5f0000] 9284:20230712:142845.705 11: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(null) [0x59eaa40] 9284:20230712:142845.706 10: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(null) [0x6303d000] 9284:20230712:142845.707 9: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(null) [0x62fe0000] 9284:20230712:142845.707 8: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(null) [0x65000] 9284:20230712:142845.708 7: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(null) [0x6a3af493] 9284:20230712:142845.709 6: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(null) [0x630323b8] 9284:20230712:142845.709 5: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(null) [0x59ef1b0] 9284:20230712:142845.710 4: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(null) [0x5f0101] 9284:20230712:142845.711 3: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(null) [0x5f0000] 9284:20230712:142845.711 2: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(null) [0xc0000374] 9284:20230712:142845.712 1: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(null) [0x67e6beb6] 9284:20230712:142845.713 0: C:\zabbix1\zabbix-6.4.5rc1\bin\win64\zabbix_agentd.exe(null) [0xc0000374] 9284:20230712:142845.713 ================================ 2184:20230712:142846.801 In collect_perfstat() 2184:20230712:142846.804 End of collect_perfstat()