C:\Windows\System32\WDI\LogFiles\BootCKCL.etl or BootPerfDiagLogger.etl file seems to contain all exe, dll, sys file details that were launched at the time of the windows boot up. Would it be possible to get this information parsed via a OSQuery schema, if yes how and where to make that request? The information in the file could be useful to investigate persistence on a system if associated with booting up of the machine.