MSSQL$SQLEXPRESS
63 events across 1 channel
| Event | Title | Channel | Sample |
|---|---|---|---|
| 1 | Event ID 1 | Application | Y |
| 852 | Event ID 852 | Application | Y |
| 873 | Event ID 873 | Application | Y |
| 894 | Event ID 894 | Application | Y |
| 944 | Event ID 944 | Application | Y |
| 951 | Event ID 951 | Application | Y |
| 958 | Event ID 958 | Application | Y |
| 1486 | Event ID 1486 | Application | Y |
| 3408 | Event ID 3408 | Application | Y |
| 5084 | Event ID 5084 | Application | Y |
| 5701 | Event ID 5701 | Application | Y |
| 5703 | Event ID 5703 | Application | Y |
| 6253 | Event ID 6253 | Application | Y |
| 6527 | Event ID 6527 | Application | Y |
| 8128 | Event ID 8128 | Application | Y |
| 9048 | Event ID 9048 | Application | Y |
| 9666 | Event ID 9666 | Application | Y |
| 9688 | Event ID 9688 | Application | Y |
| 15268 | Event ID 15268 | Application | Y |
| 15281 | Event ID 15281 | Application | Y |
| 15457 | Event ID 15457 | Application | Y |
| 17069 | Event ID 17069 | Application | Y |
| 17101 | Event ID 17101 | Application | Y |
| 17103 | Event ID 17103 | Application | Y |
| 17104 | Event ID 17104 | Application | Y |
| 17107 | Event ID 17107 | Application | Y |
| 17108 | Event ID 17108 | Application | Y |
| 17110 | Event ID 17110 | Application | Y |
| 17111 | Event ID 17111 | Application | Y |
| 17115 | Event ID 17115 | Application | Y |
| 17118 | Event ID 17118 | Application | Y |
| 17125 | Event ID 17125 | Application | Y |
| 17126 | Event ID 17126 | Application | Y |
| 17136 | Event ID 17136 | Application | Y |
| 17137 | Event ID 17137 | Application | Y |
| 17148 | Event ID 17148 | Application | Y |
| 17152 | Event ID 17152 | Application | Y |
| 17162 | Event ID 17162 | Application | Y |
| 17164 | Event ID 17164 | Application | Y |
| 17176 | Event ID 17176 | Application | Y |
| 17199 | Event ID 17199 | Application | Y |
| 17264 | Event ID 17264 | Application | Y |
| 17656 | Event ID 17656 | Application | Y |
| 17658 | Event ID 17658 | Application | Y |
| 17663 | Event ID 17663 | Application | Y |
| 17811 | Event ID 17811 | Application | Y |
| 18496 | Event ID 18496 | Application | Y |
| 19030 | Event ID 19030 | Application | Y |
| 19032 | Event ID 19032 | Application | Y |
| 25753 | Event ID 25753 | Application | Y |
| 25754 | Event ID 25754 | Application | Y |
| 26018 | Event ID 26018 | Application | Y |
| 26048 | Event ID 26048 | Application | Y |
| 26067 | Event ID 26067 | Application | Y |
| 26076 | Event ID 26076 | Application | Y |
| 33090 | Event ID 33090 | Application | Y |
| 33217 | Event ID 33217 | Application | Y |
| 33218 | Event ID 33218 | Application | Y |
| 49903 | Event ID 49903 | Application | Y |
| 49904 | Event ID 49904 | Application | Y |
| 49910 | Event ID 49910 | Application | Y |
| 49916 | Event ID 49916 | Application | Y |
| 49917 | Event ID 49917 | Application | Y |
Event ID 1
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 1,
"version": 0,
"level": 4,
"task": 1,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 19:00:20.982807+00:00",
"event_record_id": 1727,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>SqlCeip started pid: 7416 instance: SQLEXPRESS CPEFlag: True</string>\n",
"Binary": ""
},
"message": ""
}
Event ID 852
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 852,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:42.864870+00:00",
"event_record_id": 1364,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "",
"Binary": "VAMAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 873
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 873,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:43.021164+00:00",
"event_record_id": 1367,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "",
"Binary": "aQMAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 894
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 894,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:42.927385+00:00",
"event_record_id": 1365,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>4194304</string>\n<string>2406268</string>\n",
"Binary": "fgMAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 944
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 944,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:43.974766+00:00",
"event_record_id": 1380,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>master</string>\n<string>927</string>\n<string>957</string>\n",
"Binary": "sAMAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAcAAABtAGEAcwB0AGUAcgAAAA=="
},
"message": ""
}
Event ID 951
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 951,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:43.974766+00:00",
"event_record_id": 1381,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>master</string>\n<string>927</string>\n<string>928</string>\n",
"Binary": "twMAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAcAAABtAGEAcwB0AGUAcgAAAA=="
},
"message": ""
}
Event ID 958
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 958,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:44.584597+00:00",
"event_record_id": 1420,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>16.00.1000</string>\n",
"Binary": "vgMAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAcAAABtAGEAcwB0AGUAcgAAAA=="
},
"message": ""
}
Event ID 1486
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 1486,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:43.521643+00:00",
"event_record_id": 1374,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "",
"Binary": "zgUAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 3408
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 3408,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:45.084618+00:00",
"event_record_id": 1492,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "",
"Binary": "UA0AAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAcAAABtAGEAcwB0AGUAcgAAAA=="
},
"message": ""
}
Event ID 5084
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 5084,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:45.241428+00:00",
"event_record_id": 1495,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": "S-1-5-21-1006758700-2167138679-1475694448-1000"
}
},
"event_data": {
"Data_0": "<string>RECOVERY</string>\n<string>SIMPLE</string>\n<string>model</string>\n",
"Binary": "3BMAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAcAAABtAGEAcwB0AGUAcgAAAA=="
},
"message": ""
}
Event ID 5701
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 5701,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:45.163353+00:00",
"event_record_id": 1493,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": "S-1-5-21-1006758700-2167138679-1475694448-1000"
}
},
"event_data": {
"Data_0": "<string>master</string>\n",
"Binary": "RRYAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAcAAABtAGEAcwB0AGUAcgAAAA=="
},
"message": ""
}
Event ID 5703
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 5703,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:45.163353+00:00",
"event_record_id": 1494,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": "S-1-5-21-1006758700-2167138679-1475694448-1000"
}
},
"event_data": {
"Data_0": "<string>us_english</string>\n",
"Binary": "RxYAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAcAAABtAGEAcwB0AGUAcgAAAA=="
},
"message": ""
}
Event ID 6253
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 6253,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:44.490841+00:00",
"event_record_id": 1411,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>v4.0.30319</string>\n<string>C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\</string>\n",
"Binary": "bRgAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 6527
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 6527,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:46.538504+00:00",
"event_record_id": 1508,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "",
"Binary": "fxkAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAcAAABtAGEAcwB0AGUAcgAAAA=="
},
"message": ""
}
Event ID 8128
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 8128,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:49.961617+00:00",
"event_record_id": 1669,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": "S-1-5-21-1006758700-2167138679-1475694448-1000"
}
},
"event_data": {
"Data_0": "<string>xpstar.dll</string>\n<string>2022.160.1000</string>\n<string>xp_sqlagent_is_starting</string>\n",
"Binary": "wB8AAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAcAAABtAGEAcwB0AGUAcgAAAA=="
},
"message": ""
}
Event ID 9048
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 9048,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:43.521643+00:00",
"event_record_id": 1375,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>clflush</string>\n",
"Binary": "WCMAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 9666
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 9666,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:55.870483+00:00",
"event_record_id": 1714,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>Service Broker</string>\n",
"Binary": "wiUAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAcAAABtAGEAcwB0AGUAcgAAAA=="
},
"message": ""
}
Event ID 9688
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 9688,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:55.886095+00:00",
"event_record_id": 1716,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "",
"Binary": "2CUAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAcAAABtAGEAcwB0AGUAcgAAAA=="
},
"message": ""
}
Event ID 15268
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 15268,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:42.864870+00:00",
"event_record_id": 1356,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>WINDOWS-ONLY</string>\n",
"Binary": "pDsAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 15281
#Fields #
| Name | Description |
|---|---|
Data | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 15281,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2020-08-03T08:11:51.057019+00:00",
"event_record_id": 37899,
"correlation": {},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "LAPTOP-JU4M3I0E",
"security": {
"user_id": "S-1-5-21-1586556212-2165235939-1437495523-1001"
}
},
"event_data": {
"Data": [
"procedure",
"sys.xp_cmdshell",
"xp_cmdshell",
"xp_cmdshell",
"xp_cmdshell",
"xp_cmdshell"
],
"Binary": "sTsAAAoAAAAbAAAATABBAFAAVABPAFAALQBKAFUANABNADMASQAwAEUAXABTAFEATABFAFgAUABSAEUAUwBTAAAABwAAAG0AYQBzAHQAZQByAAAA"
},
"message": ""
}
References #
- Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx
Event ID 15457
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 15457,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:45.288338+00:00",
"event_record_id": 1496,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": "S-1-5-21-1006758700-2167138679-1475694448-1000"
}
},
"event_data": {
"Data_0": "<string>show advanced options</string>\n<string>0</string>\n<string>1</string>\n",
"Binary": "YTwAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAcAAABtAGEAcwB0AGUAcgAAAA=="
},
"message": ""
}
Event ID 17069
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17069,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:42.864870+00:00",
"event_record_id": 1350,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>Microsoft SQL Server 2022 (RTM) - 16.0.1000.6 (X64) \n\tOct 8 2022 05:58:25 \n\tCopyright (C) 2022 Microsoft Corporation\n\tExpress Edition (64-bit) on Windows Server 2022 Standard Evaluation 10.0 <X64> (Build 20348: ) (Hypervisor)\n</string>\n",
"Binary": "rUIAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 17101
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17101,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:42.864870+00:00",
"event_record_id": 1352,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "",
"Binary": "zUIAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 17103
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17103,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:42.864870+00:00",
"event_record_id": 1353,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "",
"Binary": "z0IAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 17104
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17104,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:42.864870+00:00",
"event_record_id": 1354,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>8832</string>\n",
"Binary": "0EIAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 17107
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17107,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:43.287275+00:00",
"event_record_id": 1369,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "",
"Binary": "00IAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 17108
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17108,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:44.553381+00:00",
"event_record_id": 1417,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "",
"Binary": "1EIAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 17110
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17110,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:42.864870+00:00",
"event_record_id": 1359,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>\n\t -d C:\\Program Files\\Microsoft SQL Server\\MSSQL16.SQLEXPRESS\\MSSQL\\DATA\\master.mdf\n\t -e C:\\Program Files\\Microsoft SQL Server\\MSSQL16.SQLEXPRESS\\MSSQL\\Log\\ERRORLOG\n\t -l C:\\Program Files\\Microsoft SQL Server\\MSSQL16.SQLEXPRESS\\MSSQL\\DATA\\mastlog.ldf</string>\n",
"Binary": "1kIAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 17111
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17111,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:42.864870+00:00",
"event_record_id": 1357,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>C:\\Program Files\\Microsoft SQL Server\\MSSQL16.SQLEXPRESS\\MSSQL\\Log\\ERRORLOG</string>\n",
"Binary": "10IAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 17115
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17115,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:42.864870+00:00",
"event_record_id": 1360,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>\n\t -s \"SQLEXPRESS\"\n\t -m \"SqlSetup\"\n\t -Q\n\t -q \"SQL_Latin1_General_CP1_CI_AS\"\n\t -T 4022\n\t -T 4010\n\t -T 3659\n\t -T 3610\n\t -T 8015\n\t -d \"C:\\Program Files\\Microsoft SQL Server\\MSSQL16.SQLEXPRESS\\MSSQL\\Template Data\\master.mdf\"\n\t -l \"C:\\Program Files\\Microsoft SQL Server\\MSSQL16.SQLEXPRESS\\MSSQL\\Template Data\\mastlog.ldf\"</string>\n",
"Binary": "20IAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 17118
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17118,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:43.506020+00:00",
"event_record_id": 1373,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>disabled</string>\n",
"Binary": "3kIAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 17125
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17125,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:43.427896+00:00",
"event_record_id": 1372,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>2500</string>\n<string>5000</string>\n",
"Binary": "5UIAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 17126
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17126,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:44.943968+00:00",
"event_record_id": 1488,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "",
"Binary": "5kIAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 17136
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17136,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:44.912714+00:00",
"event_record_id": 1481,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "",
"Binary": "8EIAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAcAAABtAGEAcwB0AGUAcgAAAA=="
},
"message": ""
}
Event ID 17137
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17137,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:43.521643+00:00",
"event_record_id": 1379,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>master</string>\n",
"Binary": "8UIAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 17148
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17148,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:46.538504+00:00",
"event_record_id": 1507,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "",
"Binary": "/EIAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAcAAABtAGEAcwB0AGUAcgAAAA=="
},
"message": ""
}
Event ID 17152
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17152,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:43.412270+00:00",
"event_record_id": 1371,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>0</string>\n<string>000000000000000f</string>\n<string>0</string>\n<string>000000000000000f</string>\n<string>0</string>\n",
"Binary": "AEMAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 17162
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17162,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:42.864870+00:00",
"event_record_id": 1362,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "",
"Binary": "CkMAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 17164
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17164,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:42.864870+00:00",
"event_record_id": 1361,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>1</string>\n<string>12</string>\n<string>12</string>\n<string>12</string>\n<string>4</string>\n",
"Binary": "DEMAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 17176
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17176,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:48.242029+00:00",
"event_record_id": 1531,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>8832</string>\n<string>5/8/2026 6:54:46 PM</string>\n<string>5/8/2026 6:54:46 PM</string>\n",
"Binary": "GEMAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 17199
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17199,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:44.928343+00:00",
"event_record_id": 1486,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>7806</string>\n",
"Binary": "L0MAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 17264
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17264,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:43.271646+00:00",
"event_record_id": 1368,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>SSE SSE2 SSE3 SSSE3 SSE41 SSE42 AVX AVX2 POPCNT BMI1 BMI2</string>\n",
"Binary": "cEMAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 17656
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17656,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:43.521643+00:00",
"event_record_id": 1377,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "",
"Binary": "+EQAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 17658
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17658,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:43.521643+00:00",
"event_record_id": 1378,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "",
"Binary": "+kQAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 17663
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17663,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:44.553381+00:00",
"event_record_id": 1416,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>tel2-DC01-2022\\SQLEXPRESS</string>\n",
"Binary": "/0QAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAcAAABtAGEAcwB0AGUAcgAAAA=="
},
"message": ""
}
Event ID 17811
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 17811,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:43.412270+00:00",
"event_record_id": 1370,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>1</string>\n",
"Binary": "k0UAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 18496
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 18496,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:42.864870+00:00",
"event_record_id": 1355,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>QEMU</string>\n<string>Standard PC (i440FX + PIIX, 1996)</string>\n",
"Binary": "QEgAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 19030
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 19030,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:44.553381+00:00",
"event_record_id": 1415,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>1</string>\n<string>sa</string>\n",
"Binary": "VkoAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAcAAABtAGEAcwB0AGUAcgAAAA=="
},
"message": ""
}
Event ID 19032
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 19032,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:46.569784+00:00",
"event_record_id": 1509,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>1</string>\n",
"Binary": "WEoAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAcAAABtAGEAcwB0AGUAcgAAAA=="
},
"message": ""
}
Event ID 25753
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 25753,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:44.537764+00:00",
"event_record_id": 1414,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>system_health</string>\n",
"Binary": "mWQAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAcAAABtAGEAcwB0AGUAcgAAAA=="
},
"message": ""
}
Event ID 25754
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 25754,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 19:05:52.967579+00:00",
"event_record_id": 1734,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": "S-1-5-80-1985561900-798682989-2213159822-1904180398-3434236965"
}
},
"event_data": {
"Data_0": "<string>telemetry_xevents</string>\n",
"Binary": "mmQAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAcAAABtAGEAcwB0AGUAcgAAAA=="
},
"message": ""
}
Event ID 26018
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 26018,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:44.928343+00:00",
"event_record_id": 1484,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "",
"Binary": "omUAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 26048
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 26048,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:44.928343+00:00",
"event_record_id": 1485,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>\\\\.\\pipe\\SQLLocal\\SQLEXPRESS</string>\n",
"Binary": "wGUAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 26067
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 26067,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:44.959593+00:00",
"event_record_id": 1490,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>MSSQLSvc/tel2-DC01-2022.ludus.domain:SQLEXPRESS</string>\n<string>0x2098</string>\n<string>15</string>\n",
"Binary": "02UAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 26076
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 26076,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:44.943968+00:00",
"event_record_id": 1487,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "",
"Binary": "3GUAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 33090
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 33090,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:49.914743+00:00",
"event_record_id": 1668,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": "S-1-5-21-1006758700-2167138679-1475694448-1000"
}
},
"event_data": {
"Data_0": "<string>xpstar.dll</string>\n",
"Binary": "QoEAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAcAAABtAGEAcwB0AGUAcgAAAA=="
},
"message": ""
}
Event ID 33217
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 33217,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:44.522095+00:00",
"event_record_id": 1412,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "",
"Binary": "wYEAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAcAAABtAGEAcwB0AGUAcgAAAA=="
},
"message": ""
}
Event ID 33218
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 33218,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:44.522095+00:00",
"event_record_id": 1413,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "",
"Binary": "woEAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAcAAABtAGEAcwB0AGUAcgAAAA=="
},
"message": ""
}
Event ID 49903
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 49903,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:42.864870+00:00",
"event_record_id": 1363,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>16383</string>\n",
"Binary": "78IAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 49904
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 49904,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:42.864870+00:00",
"event_record_id": 1358,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>NT Service\\MSSQL$SQLEXPRESS</string>\n",
"Binary": "8MIAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 49910
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 49910,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:43.521643+00:00",
"event_record_id": 1376,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "",
"Binary": "9sIAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 49916
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 49916,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:42.864870+00:00",
"event_record_id": 1351,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>0</string>\n<string>00</string>\n",
"Binary": "/MIAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}
Event ID 49917
#Fields #
| Name | Description |
|---|---|
Data_0 | |
Binary |
Example Event #
{
"system": {
"provider": "MSSQL$SQLEXPRESS",
"guid": "",
"event_source_name": "",
"event_id": 49917,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-05-08 18:54:42.974264+00:00",
"event_record_id": 1366,
"correlation": {
"ActivityID": "",
"RelatedActivityID": ""
},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Application",
"computer": "tel2-DC01-2022.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "<string>SQL_Latin1_General_CP1_CI_AS</string>\n<string>us_english</string>\n<string>1033</string>\n",
"Binary": "/cIAAAoAAAAaAAAAdABlAGwAMgAtAEQAQwAwADEALQAyADAAMgAyAFwAUwBRAEwARQBYAFAAUgBFAFMAUwAAAAAAAAA="
},
"message": ""
}