10/09/2020 08:38:37 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79389 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 10/09/2020 08:38:37 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79388 Keywords=None Message=There are 0x1 boot options on this system. 10/09/2020 08:38:37 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=79387 Keywords=None Message=The boot menu policy was 0x0. 10/09/2020 08:38:37 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=79386 Keywords=None Message=The boot type was 0x0. 10/09/2020 08:38:37 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=79385 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 10/09/2020 08:38:37 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79384 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 10/09/2020 08:38:37 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=79383 Keywords=None Message=The operating system started at system time ‎2020‎-‎10‎-‎09T08:38:37.485772000Z. 10/09/2020 08:38:42 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79394 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:38:42 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79393 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:38:42 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79392 Keywords=None Message=Volume \\?\Volume{48cc2f57-0000-0000-0000-100000000000} (\Device\HarddiskVolume1) is healthy. No action is needed. 10/09/2020 08:38:42 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79391 Keywords=None Message=File System Filter 'WdFilter' (10.0, ‎2012‎-‎07‎-‎05T22:48:10.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:38:42 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79390 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:38:43 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79399 Keywords=None Message=The access history in hive \Device\HarddiskVolume1\Boot\BCD was cleared updating 49 keys and creating 4 modified pages. 10/09/2020 08:38:43 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=15 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79398 Keywords=None Message=Hive \SystemRoot\System32\config\DRIVERS was reorganized with a starting size of 5181440 bytes and an ending size of 5165056 bytes. 10/09/2020 08:38:43 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=79397 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 08:38:43 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=79396 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 08:38:43 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=79395 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 10/09/2020 08:38:45 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79403 Keywords=None Message=The access history in hive \SystemRoot\System32\Config\SAM was cleared updating 85 keys and creating 9 modified pages. 10/09/2020 08:38:45 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79402 Keywords=None Message=The access history in hive \SystemRoot\System32\Config\SECURITY was cleared updating 83 keys and creating 4 modified pages. 10/09/2020 08:38:45 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79401 Keywords=None Message=The access history in hive \SystemRoot\System32\Config\DEFAULT was cleared updating 282 keys and creating 41 modified pages. 10/09/2020 08:38:45 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=15 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79400 Keywords=None Message=Hive \SystemRoot\System32\Config\SOFTWARE was reorganized with a starting size of 88662016 bytes and an ending size of 78172160 bytes. 10/09/2020 08:38:53 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79404 Keywords=None Message=The access history in hive \??\C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT was cleared updating 621 keys and creating 34 modified pages. 10/09/2020 08:38:55 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79408 Keywords=None Message=The access history in hive \??\C:\Users\Default\NTUSER.DAT was cleared updating 1948 keys and creating 135 modified pages. 10/09/2020 08:38:55 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79407 Keywords=None Message=The access history in hive \??\C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat was cleared updating 842 keys and creating 113 modified pages. 10/09/2020 08:38:55 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79406 Keywords=None Message=The access history in hive \??\C:\Users\Administrator\NTUSER.DAT was cleared updating 1950 keys and creating 135 modified pages. 10/09/2020 08:38:55 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79405 Keywords=None Message=The access history in hive \??\C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT was cleared updating 627 keys and creating 37 modified pages. 10/09/2020 08:39:07 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79409 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 10/09/2020 08:39:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79419 Keywords=Classic Message=The DeviceInstall service entered the running state. 10/09/2020 08:39:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79418 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 10/09/2020 08:39:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79417 Keywords=Classic Message=The sppsvc service entered the running state. 10/09/2020 08:39:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79416 Keywords=Classic Message=The LSM service entered the running state. 10/09/2020 08:39:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79415 Keywords=Classic Message=The RpcSs service entered the running state. 10/09/2020 08:39:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79414 Keywords=Classic Message=The RpcEptMapper service entered the running state. 10/09/2020 08:39:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79413 Keywords=Classic Message=The DcomLaunch service entered the running state. 10/09/2020 08:39:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79412 Keywords=Classic Message=The Power service entered the running state. 10/09/2020 08:39:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79411 Keywords=Classic Message=The PlugPlay service entered the running state. 10/09/2020 08:39:08 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79410 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 10/09/2020 08:39:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79425 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 10/09/2020 08:39:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79424 Keywords=Classic Message=The AppXSvc service entered the running state. 10/09/2020 08:39:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79423 Keywords=Classic Message=The StateRepository service entered the running state. 10/09/2020 08:39:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79422 Keywords=Classic Message=The dmwappushservice service entered the running state. 10/09/2020 08:39:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79421 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 10/09/2020 08:39:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79420 Keywords=Classic Message=The NetSetupSvc service entered the running state. 10/09/2020 08:39:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79442 Keywords=Classic Message=The Dhcp service entered the running state. 10/09/2020 08:39:14 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=79441 Keywords=None Message=DHCPv6 client service is started 10/09/2020 08:39:14 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=79440 Keywords=None Message=DHCPv4 client service is started 10/09/2020 08:39:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79439 Keywords=Classic Message=The ProfSvc service entered the running state. 10/09/2020 08:39:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79438 Keywords=Classic Message=The gpsvc service entered the running state. 10/09/2020 08:39:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79437 Keywords=Classic Message=The SENS service entered the running state. 10/09/2020 08:39:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79436 Keywords=Classic Message=The nsi service entered the running state. 10/09/2020 08:39:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79435 Keywords=Classic Message=The EventLog service entered the running state. 10/09/2020 08:39:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79434 Keywords=Classic Message=The Themes service entered the running state. 10/09/2020 08:39:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79433 Keywords=Classic Message=The EventSystem service entered the running state. 10/09/2020 08:39:14 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79432 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:39:14 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79431 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:39:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79430 Keywords=Classic Message=The WPDBusEnum service entered the running state. 10/09/2020 08:39:14 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79429 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2019‎-‎04‎-‎02T04:23:00.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:39:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79428 Keywords=Classic Message=The DsmSvc service entered the running state. 10/09/2020 08:39:14 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79427 Keywords=None Message=The access history in hive \SystemRoot\System32\Config\BBI was cleared updating 52 keys and creating 13 modified pages. 10/09/2020 08:39:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79426 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 10/09/2020 08:39:14 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=None RecordNumber=79378 Keywords=Classic Message=The Event log service was started. 10/09/2020 08:39:14 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=None RecordNumber=79377 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 10/09/2020 08:39:14 AM LogName=System SourceName=EventLog EventCode=6011 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=None RecordNumber=79376 Keywords=Classic Message=The NetBIOS name and DNS host name of this machine have been changed from EC2AMAZ-V5DC57V to WIN-5BE09859FGA. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79471 Keywords=Classic Message=The WinDefend service entered the running state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7023 EventType=2 Type=Error ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79470 Keywords=Classic Message=The IP Helper service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79469 Keywords=Classic Message=The iphlpsvc service entered the stopped state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79468 Keywords=Classic Message=The LanmanServer service entered the running state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79467 Keywords=Classic Message=The WinRM service entered the running state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79466 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79465 Keywords=Classic Message=The UserManager service entered the running state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79464 Keywords=Classic Message=The Winmgmt service entered the running state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79463 Keywords=Classic Message=The PcaSvc service entered the running state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79462 Keywords=Classic Message=The W32Time service entered the running state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79461 Keywords=Classic Message=The RemoteRegistry service entered the running state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79460 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79459 Keywords=Classic Message=The TrkWks service entered the running state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79458 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79457 Keywords=Classic Message=The CryptSvc service entered the running state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79456 Keywords=Classic Message=The Spooler service entered the running state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79455 Keywords=Classic Message=The SamSs service entered the running state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79454 Keywords=Classic Message=The MpsSvc service entered the running state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79453 Keywords=Classic Message=The BFE service entered the running state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79452 Keywords=Classic Message=The Schedule service entered the running state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=Info RecordNumber=79451 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79450 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7023 EventType=2 Type=Error ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79449 Keywords=Classic Message=The netprofm service terminated with the following error: The device is not ready. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79448 Keywords=Classic Message=The netprofm service entered the stopped state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79447 Keywords=Classic Message=The NlaSvc service entered the running state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79446 Keywords=Classic Message=The Dnscache service entered the running state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79445 Keywords=Classic Message=The Wcmsvc service entered the running state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79444 Keywords=Classic Message=The FontCache service entered the running state. 10/09/2020 08:39:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79443 Keywords=Classic Message=The ShellHWDetection service entered the running state. 10/09/2020 08:39:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79472 Keywords=Classic Message=The WpnService service entered the running state. 10/09/2020 08:39:17 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79473 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 10/09/2020 08:39:18 AM LogName=System SourceName=Microsoft-Windows-UserPnp EventCode=20003 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=7005 OpCode=Info RecordNumber=79474 Keywords=None Message=Driver Management has concluded the process to add Service vxn for Device Instance ID PCI\VEN_8086&DEV_10ED&SUBSYS_00000000&REV_01\3&267A616A&2&18 with the following status: 0. 10/09/2020 08:39:19 AM LogName=System SourceName=Microsoft-Windows-UserPnp EventCode=20001 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=7005 OpCode=Info RecordNumber=79475 Keywords=None Message=Driver Management concluded the process to install driver vxn65x64.inf_amd64_c69f09961e9fb531\vxn65x64.inf for Device Instance ID PCI\VEN_8086&DEV_10ED&SUBSYS_00000000&REV_01\3&267A616A&2&18 with the following status: 0x0. 10/09/2020 08:39:20 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79476 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 10/09/2020 08:39:21 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79483 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 10/09/2020 08:39:21 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79482 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.AssignedAccessLockApp_1000.14393.2068.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 10/09/2020 08:39:21 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79481 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Apprep.ChxApp_1000.14393.2969.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 10/09/2020 08:39:21 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79480 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.LockApp_10.0.14393.2068_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 10/09/2020 08:39:21 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79479 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.BioEnrollment_10.0.14393.0_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 10/09/2020 08:39:21 AM LogName=System SourceName=vxn EventCode=31 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=None RecordNumber=79478 Keywords=Classic Message=Intel(R) 82599 Virtual Function Network link has been established at 10Gbps full duplex. 10/09/2020 08:39:21 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79477 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.AccountsControl_10.0.14393.2068_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 10/09/2020 08:39:22 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79488 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 10/09/2020 08:39:22 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79487 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 10/09/2020 08:39:22 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79486 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.SecondaryTileExperience_10.0.0.0_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 10/09/2020 08:39:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79485 Keywords=Classic Message=The TCP/IP NetBIOS Helper service entered the running state. 10/09/2020 08:39:22 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79484 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 10/09/2020 08:39:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79492 Keywords=Classic Message=The Windows Defender Network Inspection Service service entered the running state. 10/09/2020 08:39:23 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79491 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Windows.PrintDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 10/09/2020 08:39:23 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79490 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Windows.MiracastView_6.3.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 10/09/2020 08:39:23 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79489 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 10/09/2020 08:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79493 Keywords=Classic Message=The Windows Update service entered the running state. 10/09/2020 08:39:26 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79494 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 10/09/2020 08:39:31 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=35 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79496 Keywords=None Message=The time service is now synchronizing the system time with the time source 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 10/09/2020 08:39:31 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=15 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79495 Keywords=None Message=Hive \??\C:\Windows\System32\config\COMPONENTS was reorganized with a starting size of 112295936 bytes and an ending size of 85536768 bytes. 10/09/2020 08:39:32 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=15 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79497 Keywords=None Message=Hive \??\C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT was reorganized with a starting size of 12066816 bytes and an ending size of 11694080 bytes. 10/09/2020 08:39:38 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=79499 Keywords=Time Message=The system time has changed to ‎2020‎-‎10‎-‎09T08:39:38.689000000Z from ‎2020‎-‎10‎-‎09T08:39:38.700704000Z. Change Reason: An application or system component changed the time. 10/09/2020 08:39:38 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=79498 Keywords=Time Message=The system time has changed to ‎2020‎-‎10‎-‎09T08:39:38.689490600Z from ‎2020‎-‎10‎-‎09T08:39:38.689490600Z. Change Reason: System time adjusted to the new time zone. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79531 Keywords=Classic Message=The Windows Defender Service service entered the stopped state. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79526 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79525 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79524 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79523 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79522 Keywords=Classic Message=The State Repository Service service entered the stopped state. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79521 Keywords=Classic Message=The User Profile Service service entered the stopped state. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79520 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79519 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79518 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79517 Keywords=Classic Message=The DHCP Client service entered the stopped state. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=79516 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79515 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the stopped state. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79514 Keywords=Classic Message=The Distributed Link Tracking Client service entered the stopped state. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79513 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79512 Keywords=Classic Message=The Device Install Service service entered the stopped state. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79511 Keywords=Classic Message=The Software Protection service entered the stopped state. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79510 Keywords=Classic Message=The Plug and Play service entered the stopped state. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79509 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79508 Keywords=Classic Message=The Windows Time service entered the stopped state. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=79507 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=79506 Keywords=Time Message=The system time has changed to ‎2020‎-‎10‎-‎09T08:39:44.117000000Z from ‎2020‎-‎10‎-‎09T08:39:44.130546000Z. Change Reason: An application or system component changed the time. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79505 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79504 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79503 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 10/09/2020 08:39:44 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79502 Keywords=Classic Message=The process C:\Windows\system32\winlogon.exe (EC2AMAZ-V5DC57V) has initiated the restart of computer WIN-5BE09859FGA on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Upgrade (Planned) Reason Code: 0x80020003 Shutdown Type: restart Comment: 10/09/2020 08:39:44 AM LogName=System SourceName=Microsoft-Windows-Setup EventCode=2004 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=OS information OpCode=Info RecordNumber=79501 Keywords=None Message=Successfully logged OS information 10/09/2020 08:39:44 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=EC2AMAZ-V5DC57V TaskCategory=None OpCode=None RecordNumber=79500 Keywords=Classic Message=The Event log service was stopped. 10/09/2020 08:39:45 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=103 OpCode=Info RecordNumber=79537 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 10/09/2020 08:39:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79536 Keywords=Classic Message=The Windows Update service entered the stopped state. 10/09/2020 08:39:45 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79535 Keywords=None Message=The access history in hive \??\C:\Windows\AppCompat\Programs\Amcache.hve was cleared updating 17 keys and creating 7 modified pages. 10/09/2020 08:39:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7023 EventType=2 Type=Error ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79534 Keywords=Classic Message=The Network Connection Broker service terminated with the following error: A device attached to the system is not functioning. 10/09/2020 08:39:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79533 Keywords=Classic Message=The Network Connection Broker service entered the stopped state. 10/09/2020 08:39:45 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10010 EventType=2 Type=Error ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79532 Keywords=Classic Message=The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout. 10/09/2020 08:39:46 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=2 OpCode=Info RecordNumber=79538 Keywords=None Message=The operating system is shutting down at system time ‎2020‎-‎10‎-‎09T08:39:46.551908600Z. 10/09/2020 08:40:17 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79545 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 10/09/2020 08:40:17 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79544 Keywords=None Message=There are 0x1 boot options on this system. 10/09/2020 08:40:17 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=79543 Keywords=None Message=The boot menu policy was 0x0. 10/09/2020 08:40:17 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=79542 Keywords=None Message=The boot type was 0x0. 10/09/2020 08:40:17 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=79541 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 10/09/2020 08:40:17 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79540 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 10/09/2020 08:40:17 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=79539 Keywords=None Message=The operating system started at system time ‎2020‎-‎10‎-‎09T08:40:17.492376100Z. 10/09/2020 08:40:21 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79548 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 10/09/2020 08:40:21 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79547 Keywords=None Message=File System Filter 'WdFilter' (10.0, ‎2012‎-‎07‎-‎05T22:48:10.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:40:21 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79546 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:40:22 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=79553 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 08:40:22 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=79552 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 08:40:22 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=79551 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 10/09/2020 08:40:22 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79550 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:40:22 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79549 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:40:23 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79554 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 10/09/2020 08:40:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79571 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 10/09/2020 08:40:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79570 Keywords=Classic Message=The AppXSvc service entered the running state. 10/09/2020 08:40:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79569 Keywords=Classic Message=The StateRepository service entered the running state. 10/09/2020 08:40:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79568 Keywords=Classic Message=The NetSetupSvc service entered the running state. 10/09/2020 08:40:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79567 Keywords=Classic Message=The dmwappushservice service entered the running state. 10/09/2020 08:40:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79566 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 10/09/2020 08:40:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79565 Keywords=Classic Message=The DeviceInstall service entered the running state. 10/09/2020 08:40:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79564 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 10/09/2020 08:40:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79563 Keywords=Classic Message=The sppsvc service entered the running state. 10/09/2020 08:40:24 AM LogName=System SourceName=vxn EventCode=31 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=None RecordNumber=79562 Keywords=Classic Message=Intel(R) 82599 Virtual Function Network link has been established at 10Gbps full duplex. 10/09/2020 08:40:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79561 Keywords=Classic Message=The LSM service entered the running state. 10/09/2020 08:40:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79560 Keywords=Classic Message=The RpcSs service entered the running state. 10/09/2020 08:40:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79559 Keywords=Classic Message=The RpcEptMapper service entered the running state. 10/09/2020 08:40:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79558 Keywords=Classic Message=The DcomLaunch service entered the running state. 10/09/2020 08:40:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79557 Keywords=Classic Message=The Power service entered the running state. 10/09/2020 08:40:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79556 Keywords=Classic Message=The PlugPlay service entered the running state. 10/09/2020 08:40:24 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79555 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 10/09/2020 08:40:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79574 Keywords=Classic Message=The CryptSvc service entered the running state. 10/09/2020 08:40:30 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=79573 Keywords=Time Message=The system time has changed to ‎2020‎-‎10‎-‎09T08:40:30.031000000Z from ‎2020‎-‎10‎-‎09T08:40:30.046116000Z. Change Reason: An application or system component changed the time. 10/09/2020 08:40:30 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=79572 Keywords=Time Message=The system time has changed to ‎2020‎-‎10‎-‎09T08:40:30.031639800Z from ‎2020‎-‎10‎-‎09T08:40:30.031639800Z. Change Reason: System time adjusted to the new time zone. 10/09/2020 08:40:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79587 Keywords=Classic Message=The DsmSvc service entered the running state. 10/09/2020 08:40:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79586 Keywords=Classic Message=The Dnscache service entered the running state. 10/09/2020 08:40:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79585 Keywords=Classic Message=The netprofm service entered the running state. 10/09/2020 08:40:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79584 Keywords=Classic Message=The Themes service entered the running state. 10/09/2020 08:40:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79583 Keywords=Classic Message=The lmhosts service entered the running state. 10/09/2020 08:40:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79582 Keywords=Classic Message=The NlaSvc service entered the running state. 10/09/2020 08:40:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79581 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 10/09/2020 08:40:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79580 Keywords=Classic Message=The Dhcp service entered the running state. 10/09/2020 08:40:31 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=79579 Keywords=None Message=DHCPv6 client service is started 10/09/2020 08:40:31 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=79578 Keywords=None Message=DHCPv4 client service is started 10/09/2020 08:40:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79577 Keywords=Classic Message=The nsi service entered the running state. 10/09/2020 08:40:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79576 Keywords=Classic Message=The EventLog service entered the running state. 10/09/2020 08:40:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79575 Keywords=Classic Message=The W32Time service entered the running state. 10/09/2020 08:40:31 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=None RecordNumber=79530 Keywords=Classic Message=The system uptime is 14 seconds. 10/09/2020 08:40:31 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=None RecordNumber=79529 Keywords=Classic Message=The Event log service was started. 10/09/2020 08:40:31 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=None RecordNumber=79528 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 10/09/2020 08:40:31 AM LogName=System SourceName=EventLog EventCode=6011 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=None RecordNumber=79527 Keywords=Classic Message=The NetBIOS name and DNS host name of this machine have been changed from WIN-5BE09859FGA to EC2AMAZ-I44GJRK. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79614 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79613 Keywords=Classic Message=The RemoteRegistry service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79612 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79611 Keywords=Classic Message=The TrkWks service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79610 Keywords=Classic Message=The PcaSvc service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79609 Keywords=Classic Message=The Winmgmt service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79608 Keywords=Classic Message=The Spooler service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79607 Keywords=Classic Message=The SamSs service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79606 Keywords=Classic Message=The MpsSvc service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79605 Keywords=Classic Message=The BFE service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79604 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79603 Keywords=Classic Message=The UserManager service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79602 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79601 Keywords=Classic Message=The FontCache service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79600 Keywords=Classic Message=The Wcmsvc service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79599 Keywords=Classic Message=The ShellHWDetection service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79598 Keywords=Classic Message=The ProfSvc service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79597 Keywords=Classic Message=The SENS service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79596 Keywords=Classic Message=The gpsvc service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79595 Keywords=Classic Message=The WPDBusEnum service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79594 Keywords=Classic Message=The NcbService service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79593 Keywords=Classic Message=The EventSystem service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79592 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79591 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79590 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79589 Keywords=Classic Message=The Schedule service entered the running state. 10/09/2020 08:40:32 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79588 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2019‎-‎04‎-‎02T04:23:00.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:40:33 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=79624 Keywords=Time Message=The system time has changed to ‎2020‎-‎10‎-‎09T08:40:33.892678200Z from ‎2020‎-‎10‎-‎09T08:40:33.892678200Z. Change Reason: System time adjusted to the new time zone. 10/09/2020 08:40:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79623 Keywords=Classic Message=The AppReadiness service entered the running state. 10/09/2020 08:40:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79622 Keywords=Classic Message=The iphlpsvc service entered the running state. 10/09/2020 08:40:33 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=35 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79621 Keywords=None Message=The time service is now synchronizing the system time with the time source 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 10/09/2020 08:40:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79620 Keywords=Classic Message=The WinRM service entered the running state. 10/09/2020 08:40:33 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79619 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 10/09/2020 08:40:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79618 Keywords=Classic Message=The WinDefend service entered the running state. 10/09/2020 08:40:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79617 Keywords=Classic Message=The WpnService service entered the running state. 10/09/2020 08:40:33 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=Info RecordNumber=79616 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 10/09/2020 08:40:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79615 Keywords=Classic Message=The LanmanServer service entered the running state. 10/09/2020 08:40:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79628 Keywords=Classic Message=The TermService service entered the running state. 10/09/2020 08:40:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79627 Keywords=Classic Message=The DmEnrollmentSvc service entered the stopped state. 10/09/2020 08:40:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79626 Keywords=Classic Message=The DmEnrollmentSvc service entered the running state. 10/09/2020 08:40:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79625 Keywords=Classic Message=The wlidsvc service entered the running state. 10/09/2020 08:40:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79634 Keywords=Classic Message=The WdNisSvc service entered the running state. 10/09/2020 08:40:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79633 Keywords=Classic Message=The KeyIso service entered the running state. 10/09/2020 08:40:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79632 Keywords=Classic Message=The SessionEnv service entered the running state. 10/09/2020 08:40:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79631 Keywords=Classic Message=The CertPropSvc service entered the running state. 10/09/2020 08:40:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79630 Keywords=Classic Message=The UmRdpService service entered the running state. 10/09/2020 08:40:35 AM LogName=System SourceName=Microsoft-Windows-TerminalServices-RemoteConnectionManager EventCode=1056 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79629 Keywords=Classic Message=A new self signed certificate to be used for RD Session Host Server authentication on SSL connections was generated. The name on this certificate is EC2AMAZ-I44GJRK. The SHA1 hash of the certificate is in the event data. 10/09/2020 08:40:36 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79635 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:172.31.46.46 has been brought up. 10/09/2020 08:40:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79636 Keywords=Classic Message=The wuauserv service entered the running state. 10/09/2020 08:40:39 AM LogName=System SourceName=Microsoft-Windows-TPM-WMI EventCode=1282 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79638 Keywords=None Message=The TBS device identifier has been generated. 10/09/2020 08:40:39 AM LogName=System SourceName=Microsoft-Windows-TPM-WMI EventCode=1281 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79637 Keywords=None Message=This event triggers the TBS device identifier generation. 10/09/2020 08:40:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79639 Keywords=Classic Message=The TrustedInstaller service entered the running state. 10/09/2020 08:40:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79641 Keywords=Classic Message=The vds service entered the running state. 10/09/2020 08:40:54 AM LogName=System SourceName=Virtual Disk Service EventCode=3 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=None RecordNumber=79640 Keywords=Classic Message=Service started. 10/09/2020 08:40:57 AM LogName=System SourceName=Microsoft-Windows-UserModePowerService EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=10 OpCode=Info RecordNumber=79642 Keywords=None Message=Process C:\Windows\System32\powercfg.exe (process ID:3200) reset policy scheme from {8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C} to {8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C} 10/09/2020 08:40:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79643 Keywords=Classic Message=The start type of the Amazon SSM Agent service was changed from disabled to auto start. 10/09/2020 08:41:06 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79644 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-I44GJRK\Administrator SID (S-1-5-21-409845233-1799753065-1382401640-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 10/09/2020 08:41:10 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79646 Keywords=Classic Message=The process C:\Windows\system32\shutdown.exe (EC2AMAZ-I44GJRK) has initiated the shutdown of computer EC2AMAZ-I44GJRK on behalf of user EC2AMAZ-I44GJRK\Administrator for the following reason: No title for this reason could be found Reason Code: 0x800000ff Shutdown Type: shutdown Comment: 10/09/2020 08:41:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79645 Keywords=Classic Message=The start type of the Amazon SSM Agent service was changed from auto start to disabled. 10/09/2020 08:41:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79647 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79678 Keywords=Classic Message=The Windows Defender Service service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79674 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79673 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79672 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79671 Keywords=Classic Message=The Remote Desktop Services service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79670 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79669 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79668 Keywords=Classic Message=The DHCP Client service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=79667 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79666 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79665 Keywords=Classic Message=The Software Protection service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79664 Keywords=Classic Message=The State Repository Service service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79663 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79662 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79661 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79660 Keywords=Classic Message=The Windows Time service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79659 Keywords=Classic Message=The Distributed Link Tracking Client service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79658 Keywords=Classic Message=The Device Install Service service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79657 Keywords=Classic Message=The Remote Desktop Services UserMode Port Redirector service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=79656 Keywords=Time Message=The system time has changed to ‎2020‎-‎10‎-‎09T08:41:12.631000000Z from ‎2020‎-‎10‎-‎09T08:41:12.640362600Z. Change Reason: An application or system component changed the time. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79655 Keywords=Classic Message=The Plug and Play service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79654 Keywords=Classic Message=The Certificate Propagation service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79653 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=79652 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79651 Keywords=Classic Message=The App Readiness service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79650 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79649 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 10/09/2020 08:41:12 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=None RecordNumber=79648 Keywords=Classic Message=The Event log service was stopped. 10/09/2020 08:41:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79679 Keywords=Classic Message=The Windows Update service entered the stopped state. 10/09/2020 08:41:17 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=103 OpCode=Info RecordNumber=79680 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 10/09/2020 08:41:18 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=2 OpCode=Info RecordNumber=79682 Keywords=None Message=The operating system is shutting down at system time ‎2020‎-‎10‎-‎09T08:41:18.043009000Z. 10/09/2020 08:57:32 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79689 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 10/09/2020 08:57:32 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79688 Keywords=None Message=There are 0x1 boot options on this system. 10/09/2020 08:57:32 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=79687 Keywords=None Message=The boot menu policy was 0x0. 10/09/2020 08:57:32 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=79686 Keywords=None Message=The boot type was 0x0. 10/09/2020 08:57:32 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=79685 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 10/09/2020 08:57:32 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79684 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 10/09/2020 08:57:32 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=79683 Keywords=None Message=The operating system started at system time ‎2020‎-‎10‎-‎09T08:57:32.488157000Z. 10/09/2020 08:57:36 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79691 Keywords=None Message=File System Filter 'WdFilter' (10.0, ‎2012‎-‎07‎-‎05T22:48:10.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:57:36 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79690 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:57:37 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79693 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:57:37 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79692 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 10/09/2020 08:57:38 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=79703 Keywords=None Message=Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2299 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 08:57:38 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=79702 Keywords=None Message=Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2299 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 08:57:38 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=79701 Keywords=None Message=Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2299 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 08:57:38 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=79700 Keywords=None Message=Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2299 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 08:57:38 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=79699 Keywords=None Message=Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2299 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 08:57:38 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=79698 Keywords=None Message=Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2299 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 08:57:38 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=79697 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2299 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 08:57:38 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=79696 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2299 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 08:57:38 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=79695 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 10/09/2020 08:57:38 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79694 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:57:43 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79705 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 10/09/2020 08:57:43 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79704 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79731 Keywords=Classic Message=The ProfSvc service entered the running state. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79730 Keywords=Classic Message=The Wcmsvc service entered the running state. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79729 Keywords=Classic Message=The Dnscache service entered the running state. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79728 Keywords=Classic Message=The NlaSvc service entered the running state. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79727 Keywords=Classic Message=The Dhcp service entered the running state. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=79726 Keywords=None Message=DHCPv6 client service is started 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=79725 Keywords=None Message=DHCPv4 client service is started 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79724 Keywords=Classic Message=The gpsvc service entered the running state. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79723 Keywords=Classic Message=The Themes service entered the running state. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79722 Keywords=Classic Message=The nsi service entered the running state. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79721 Keywords=Classic Message=The EventLog service entered the running state. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79720 Keywords=Classic Message=The EventSystem service entered the running state. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79719 Keywords=Classic Message=The WPDBusEnum service entered the running state. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79718 Keywords=Classic Message=The lmhosts service entered the running state. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79717 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79716 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79715 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2019‎-‎04‎-‎02T04:23:00.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79714 Keywords=Classic Message=The TermService service entered the running state. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79713 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79712 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79711 Keywords=Classic Message=The LSM service entered the running state. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79710 Keywords=Classic Message=The RpcSs service entered the running state. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79709 Keywords=Classic Message=The RpcEptMapper service entered the running state. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79708 Keywords=Classic Message=The DcomLaunch service entered the running state. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79707 Keywords=Classic Message=The Power service entered the running state. 10/09/2020 08:57:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79706 Keywords=Classic Message=The PlugPlay service entered the running state. 10/09/2020 08:57:44 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=None RecordNumber=79677 Keywords=Classic Message=The system uptime is 12 seconds. 10/09/2020 08:57:44 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=None RecordNumber=79676 Keywords=Classic Message=The Event log service was started. 10/09/2020 08:57:44 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=None RecordNumber=79675 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79767 Keywords=Classic Message=The NetSetupSvc service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79766 Keywords=Classic Message=The SessionEnv service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79765 Keywords=Classic Message=The iphlpsvc service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79764 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79763 Keywords=Classic Message=The WpnService service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79762 Keywords=Classic Message=The WinDefend service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79761 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79760 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79759 Keywords=Classic Message=The StateRepository service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79758 Keywords=Classic Message=The Winmgmt service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79757 Keywords=Classic Message=The WinRM service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79756 Keywords=Classic Message=The LanmanServer service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79755 Keywords=Classic Message=The UserManager service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79754 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79753 Keywords=Classic Message=The PcaSvc service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79752 Keywords=Classic Message=The W32Time service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79751 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79750 Keywords=Classic Message=The RemoteRegistry service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79749 Keywords=Classic Message=The CertPropSvc service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79748 Keywords=Classic Message=The Spooler service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79747 Keywords=Classic Message=The TrkWks service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79746 Keywords=Classic Message=The MpsSvc service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79745 Keywords=Classic Message=The CryptSvc service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79744 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79743 Keywords=Classic Message=The Schedule service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79742 Keywords=Classic Message=The SamSs service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79741 Keywords=Classic Message=The UmRdpService service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79740 Keywords=Classic Message=The BFE service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79739 Keywords=Classic Message=The DsmSvc service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79738 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79737 Keywords=Classic Message=The NcbService service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79736 Keywords=Classic Message=The ShellHWDetection service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79735 Keywords=Classic Message=The netprofm service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79734 Keywords=Classic Message=The SENS service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79733 Keywords=Classic Message=The FontCache service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79732 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 10/09/2020 08:57:45 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=Info RecordNumber=79681 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 10/09/2020 08:57:46 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79768 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:10.0.1.14 has been brought up. 10/09/2020 08:57:49 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79770 Keywords=Classic Message=The WdNisSvc service entered the running state. 10/09/2020 08:57:49 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79769 Keywords=Classic Message=The DeviceInstall service entered the running state. 10/09/2020 08:57:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79771 Keywords=Classic Message=The wuauserv service entered the running state. 10/09/2020 08:57:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79772 Keywords=Classic Message=The TrustedInstaller service entered the running state. 10/09/2020 08:58:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79774 Keywords=Classic Message=The vds service entered the running state. 10/09/2020 08:58:12 AM LogName=System SourceName=Virtual Disk Service EventCode=3 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=None RecordNumber=79773 Keywords=Classic Message=Service started. 10/09/2020 08:58:14 AM LogName=System SourceName=Microsoft-Windows-UserModePowerService EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=10 OpCode=Info RecordNumber=79775 Keywords=None Message=Process C:\Windows\System32\powercfg.exe (process ID:4044) reset policy scheme from {8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C} to {8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C} 10/09/2020 08:58:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79776 Keywords=Classic Message=The start type of the Amazon SSM Agent service was changed from disabled to auto start. 10/09/2020 08:58:19 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79777 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-I44GJRK\Administrator SID (S-1-5-21-409845233-1799753065-1382401640-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 10/09/2020 08:58:22 AM LogName=System SourceName=Microsoft-Windows-HttpEvent EventCode=15301 EventType=3 Type=Warning ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79782 Keywords=Classic Message=SSL Certificate Settings created by an admin process for endpoint : 0.0.0.0:5986 . 10/09/2020 08:58:22 AM LogName=System SourceName=Microsoft-Windows-HttpEvent EventCode=15007 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79781 Keywords=Classic Message=Reservation for namespace identified by URL prefix https://+:5986/wsman/ was successfully added. 10/09/2020 08:58:22 AM LogName=System SourceName=Microsoft-Windows-HttpEvent EventCode=15008 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79780 Keywords=Classic Message=Reservation for namespace identified by URL prefix https://+:5986/wsman/ was successfully deleted. 10/09/2020 08:58:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79779 Keywords=Classic Message=The Microsoft Passport service entered the running state. 10/09/2020 08:58:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79778 Keywords=Classic Message=The CNG Key Isolation service entered the running state. 10/09/2020 08:58:23 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79784 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-I44GJRK\Administrator SID (S-1-5-21-409845233-1799753065-1382401640-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 10/09/2020 08:58:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79783 Keywords=Classic Message=The IPsec Policy Agent service entered the running state. 10/09/2020 08:58:25 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79787 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-I44GJRK\Administrator SID (S-1-5-21-409845233-1799753065-1382401640-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 10/09/2020 08:58:25 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79786 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-I44GJRK\Administrator SID (S-1-5-21-409845233-1799753065-1382401640-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 10/09/2020 08:58:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79785 Keywords=Classic Message=The Amazon SSM Agent service entered the running state. 10/09/2020 08:58:26 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79792 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-I44GJRK\Administrator SID (S-1-5-21-409845233-1799753065-1382401640-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 10/09/2020 08:58:26 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79791 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-I44GJRK\Administrator SID (S-1-5-21-409845233-1799753065-1382401640-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 10/09/2020 08:58:26 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79790 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-I44GJRK\Administrator SID (S-1-5-21-409845233-1799753065-1382401640-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 10/09/2020 08:58:26 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79789 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-I44GJRK\Administrator SID (S-1-5-21-409845233-1799753065-1382401640-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 10/09/2020 08:58:26 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79788 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-I44GJRK\Administrator SID (S-1-5-21-409845233-1799753065-1382401640-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 10/09/2020 08:58:27 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79793 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-I44GJRK\Administrator SID (S-1-5-21-409845233-1799753065-1382401640-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 10/09/2020 08:58:28 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79794 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-I44GJRK\Administrator SID (S-1-5-21-409845233-1799753065-1382401640-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 10/09/2020 08:58:43 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79795 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-I44GJRK\Administrator SID (S-1-5-21-409845233-1799753065-1382401640-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 10/09/2020 08:58:44 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79796 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-I44GJRK\Administrator SID (S-1-5-21-409845233-1799753065-1382401640-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 10/09/2020 08:59:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79797 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from demand start to auto start. 10/09/2020 08:59:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79799 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the running state. 10/09/2020 08:59:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79798 Keywords=Classic Message=The Volume Shadow Copy service entered the running state. 10/09/2020 08:59:11 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79800 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-I44GJRK\Administrator SID (S-1-5-21-409845233-1799753065-1382401640-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 10/09/2020 08:59:12 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79801 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-I44GJRK\Administrator SID (S-1-5-21-409845233-1799753065-1382401640-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 10/09/2020 08:59:13 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79802 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-I44GJRK\Administrator SID (S-1-5-21-409845233-1799753065-1382401640-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 10/09/2020 08:59:14 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79803 Keywords=Classic Message=The process C:\Windows\system32\shutdown.exe (EC2AMAZ-I44GJRK) has initiated the restart of computer EC2AMAZ-I44GJRK on behalf of user EC2AMAZ-I44GJRK\Administrator for the following reason: No title for this reason could be found Reason Code: 0x800000ff Shutdown Type: restart Comment: Reboot initiated by Ansible 10/09/2020 08:59:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79804 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=103 OpCode=Info RecordNumber=79840 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79839 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79838 Keywords=Classic Message=The Windows Update service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79837 Keywords=Classic Message=The Windows Defender Service service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79836 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79835 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79834 Keywords=Classic Message=The User Profile Service service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79833 Keywords=Classic Message=The Remote Desktop Services service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79832 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79827 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79826 Keywords=Classic Message=The Volume Shadow Copy service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79825 Keywords=Classic Message=The State Repository Service service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79824 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79823 Keywords=Classic Message=The DHCP Client service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=79822 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79821 Keywords=Classic Message=The Certificate Propagation service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79820 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=79819 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79818 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79817 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79816 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79815 Keywords=Classic Message=The IPsec Policy Agent service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79814 Keywords=Classic Message=The Amazon SSM Agent service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79813 Keywords=Classic Message=The Distributed Link Tracking Client service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79812 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79811 Keywords=Classic Message=The Device Install Service service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79810 Keywords=Classic Message=The Remote Desktop Services UserMode Port Redirector service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79809 Keywords=Classic Message=The Windows Time service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79808 Keywords=Classic Message=The Plug and Play service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79807 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79806 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 10/09/2020 08:59:18 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=EC2AMAZ-I44GJRK TaskCategory=None OpCode=None RecordNumber=79805 Keywords=Classic Message=The Event log service was stopped. 10/09/2020 08:59:19 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=2 OpCode=Info RecordNumber=79841 Keywords=None Message=The operating system is shutting down at system time ‎2020‎-‎10‎-‎09T08:59:19.179870900Z. 10/09/2020 08:59:40 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79848 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 10/09/2020 08:59:40 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79847 Keywords=None Message=There are 0x1 boot options on this system. 10/09/2020 08:59:40 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=79846 Keywords=None Message=The boot menu policy was 0x0. 10/09/2020 08:59:40 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=79845 Keywords=None Message=The boot type was 0x0. 10/09/2020 08:59:40 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=79844 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 10/09/2020 08:59:40 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79843 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 10/09/2020 08:59:40 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=79842 Keywords=None Message=The operating system started at system time ‎2020‎-‎10‎-‎09T08:59:40.485652100Z. 10/09/2020 08:59:43 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=79853 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 10/09/2020 08:59:43 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79852 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:59:43 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79851 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:59:43 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79850 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 10/09/2020 08:59:43 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79849 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:59:44 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79863 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 10/09/2020 08:59:44 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=79861 Keywords=None Message=Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 08:59:44 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=79860 Keywords=None Message=Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 08:59:44 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=79859 Keywords=None Message=Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 08:59:44 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=79858 Keywords=None Message=Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 08:59:44 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=79857 Keywords=None Message=Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 08:59:44 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=79856 Keywords=None Message=Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 08:59:44 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=79855 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 08:59:44 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=79854 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79924 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79922 Keywords=Classic Message=The iphlpsvc service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79921 Keywords=Classic Message=The StateRepository service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79920 Keywords=Classic Message=The WinRM service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79919 Keywords=Classic Message=The LanmanServer service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79918 Keywords=Classic Message=The WpnService service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79917 Keywords=Classic Message=The MpsSvc service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79916 Keywords=Classic Message=The Spooler service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79915 Keywords=Classic Message=The W32Time service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79914 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79913 Keywords=Classic Message=The RemoteRegistry service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79912 Keywords=Classic Message=The Winmgmt service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79911 Keywords=Classic Message=The TrkWks service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79910 Keywords=Classic Message=The PcaSvc service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79909 Keywords=Classic Message=The CryptSvc service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79908 Keywords=Classic Message=The UserManager service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79907 Keywords=Classic Message=The SamSs service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79906 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79905 Keywords=Classic Message=The BFE service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79904 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79903 Keywords=Classic Message=The SessionEnv service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79902 Keywords=Classic Message=The NcbService service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79901 Keywords=Classic Message=The DsmSvc service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79900 Keywords=Classic Message=The Schedule service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79899 Keywords=Classic Message=The CertPropSvc service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79898 Keywords=Classic Message=The netprofm service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79897 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79896 Keywords=Classic Message=The Dnscache service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79895 Keywords=Classic Message=The NlaSvc service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79894 Keywords=Classic Message=The FontCache service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79893 Keywords=Classic Message=The UmRdpService service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79892 Keywords=Classic Message=The Wcmsvc service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79891 Keywords=Classic Message=The ShellHWDetection service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79890 Keywords=Classic Message=The TrustedInstaller service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79889 Keywords=Classic Message=The SENS service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79888 Keywords=Classic Message=The ProfSvc service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79887 Keywords=Classic Message=The gpsvc service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79886 Keywords=Classic Message=The Dhcp service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=79885 Keywords=None Message=DHCPv6 client service is started 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79884 Keywords=Classic Message=The EventSystem service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79883 Keywords=Classic Message=The WPDBusEnum service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79882 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=79881 Keywords=None Message=DHCPv4 client service is started 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79880 Keywords=Classic Message=The Themes service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79879 Keywords=Classic Message=The nsi service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79878 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79877 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79876 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2019‎-‎04‎-‎02T04:23:00.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79875 Keywords=Classic Message=The EventLog service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79874 Keywords=Classic Message=The lmhosts service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79873 Keywords=Classic Message=The TermService service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79872 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79871 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79870 Keywords=Classic Message=The LSM service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79869 Keywords=Classic Message=The RpcSs service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79868 Keywords=Classic Message=The RpcEptMapper service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79867 Keywords=Classic Message=The DcomLaunch service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79866 Keywords=Classic Message=The Power service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79865 Keywords=Classic Message=The PlugPlay service entered the running state. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79864 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 10/09/2020 08:59:45 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=Info RecordNumber=79862 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 10/09/2020 08:59:45 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=None RecordNumber=79831 Keywords=Classic Message=The system uptime is 5 seconds. 10/09/2020 08:59:45 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=None RecordNumber=79830 Keywords=Classic Message=The Event log service was started. 10/09/2020 08:59:45 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=None RecordNumber=79829 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 10/09/2020 08:59:45 AM LogName=System SourceName=EventLog EventCode=6011 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=None RecordNumber=79828 Keywords=Classic Message=The NetBIOS name and DNS host name of this machine have been changed from EC2AMAZ-I44GJRK to WIN-DC-1796611. 10/09/2020 08:59:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79930 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 10/09/2020 08:59:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79929 Keywords=Classic Message=The AmazonSSMAgent service entered the running state. 10/09/2020 08:59:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79928 Keywords=Classic Message=The PolicyAgent service entered the running state. 10/09/2020 08:59:46 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79927 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:10.0.1.14 has been brought up. 10/09/2020 08:59:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79926 Keywords=Classic Message=The KeyIso service entered the running state. 10/09/2020 08:59:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79925 Keywords=Classic Message=The NetSetupSvc service entered the running state. 10/09/2020 08:59:46 AM LogName=System SourceName=Microsoft-Windows-TerminalServices-RemoteConnectionManager EventCode=1056 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79923 Keywords=Classic Message=A new self signed certificate to be used for RD Session Host Server authentication on SSL connections was generated. The name on this certificate is win-dc-1796611. The SHA1 hash of the certificate is in the event data. 10/09/2020 08:59:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79931 Keywords=Classic Message=The wuauserv service entered the running state. 10/09/2020 08:59:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79932 Keywords=Classic Message=The NetSetupSvc service entered the stopped state. 10/09/2020 08:59:54 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79933 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user WIN-DC-1796611\Administrator SID (S-1-5-21-409845233-1799753065-1382401640-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 10/09/2020 08:59:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79935 Keywords=Classic Message=The NetSetupSvc service entered the running state. 10/09/2020 08:59:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79934 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from auto start to demand start. 10/09/2020 09:00:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79936 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from demand start to auto start. 10/09/2020 09:00:17 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79937 Keywords=Classic Message=A service was installed in the system. Service Name: DNS Server Service File Name: %systemroot%\system32\dns.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 10/09/2020 09:00:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79938 Keywords=Classic Message=The DNS Server service entered the running state. 10/09/2020 09:00:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79941 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the running state. 10/09/2020 09:00:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79940 Keywords=Classic Message=The Volume Shadow Copy service entered the running state. 10/09/2020 09:00:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79939 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from auto start to demand start. 10/09/2020 09:00:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79945 Keywords=Classic Message=The Client License Service (ClipSVC) service entered the running state. 10/09/2020 09:00:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79944 Keywords=Classic Message=The Microsoft Account Sign-in Assistant service entered the running state. 10/09/2020 09:00:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79943 Keywords=Classic Message=The Windows Insider Service service entered the running state. 10/09/2020 09:00:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79942 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the running state. 10/09/2020 09:00:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79946 Keywords=Classic Message=The Windows License Manager Service service entered the running state. 10/09/2020 09:00:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79947 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from demand start to auto start. 10/09/2020 09:00:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79948 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from auto start to demand start. 10/09/2020 09:00:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79949 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from demand start to auto start. 10/09/2020 09:01:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79954 Keywords=Classic Message=A service was installed in the system. Service Name: Kerberos Key Distribution Center Service File Name: %SystemRoot%\System32\lsass.exe Service Type: user mode service Service Start Type: disabled Service Account: LocalSystem 10/09/2020 09:01:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79953 Keywords=Classic Message=A service was installed in the system. Service Name: Intersite Messaging Service File Name: %SystemRoot%\System32\ismserv.exe Service Type: user mode service Service Start Type: disabled Service Account: LocalSystem 10/09/2020 09:01:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79968 Keywords=Classic Message=The Virtual Disk service entered the running state. 10/09/2020 09:01:02 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79967 Keywords=None Message=File System Filter 'DfsrRo' (10.0, ‎2016‎-‎07‎-‎16T02:20:37.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 09:01:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79966 Keywords=Classic Message=The DFS Namespace service entered the running state. 10/09/2020 09:01:02 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=79965 Keywords=None Message=File System Filter 'DfsDriver' (10.0, ‎2016‎-‎07‎-‎16T02:21:37.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 09:01:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79964 Keywords=Classic Message=The DFS Replication service entered the running state. 10/09/2020 09:01:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79963 Keywords=Classic Message=A service was installed in the system. Service Name: Microsoft Key Distribution Service Service File Name: %SystemRoot%\system32\lsass.exe Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem 10/09/2020 09:01:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79962 Keywords=Classic Message=A service was installed in the system. Service Name: Active Directory Web Services Service File Name: %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe Service Type: user mode service Service Start Type: disabled Service Account: LocalSystem 10/09/2020 09:01:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79961 Keywords=Classic Message=A service was installed in the system. Service Name: DFS Namespace Server Filter Driver Service File Name: system32\drivers\dfs.sys Service Type: kernel mode driver Service Start Type: system start Service Account: 10/09/2020 09:01:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79960 Keywords=Classic Message=A service was installed in the system. Service Name: File Replication Service File Name: %SystemRoot%\system32\ntfrs.exe Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem 10/09/2020 09:01:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79959 Keywords=Classic Message=A service was installed in the system. Service Name: DS Role Server Service File Name: %SystemRoot%\System32\lsass.exe Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem 10/09/2020 09:01:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79958 Keywords=Classic Message=A service was installed in the system. Service Name: DFS Replication ReadOnly Driver Service File Name: system32\drivers\dfsrro.sys Service Type: kernel mode driver Service Start Type: boot start Service Account: 10/09/2020 09:01:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79957 Keywords=Classic Message=A service was installed in the system. Service Name: DFS Namespace Service File Name: %SystemRoot%\system32\dfssvc.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 10/09/2020 09:01:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79956 Keywords=Classic Message=A service was installed in the system. Service Name: DFS Replication Service File Name: %SystemRoot%\system32\DFSRs.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 10/09/2020 09:01:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79955 Keywords=Classic Message=A service was installed in the system. Service Name: Active Directory Domain Services Service File Name: %SystemRoot%\System32\lsass.exe Service Type: user mode service Service Start Type: disabled Service Account: LocalSystem 10/09/2020 09:01:02 AM LogName=System SourceName=Virtual Disk Service EventCode=3 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=None RecordNumber=79952 Keywords=Classic Message=Service started. 10/09/2020 09:01:02 AM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14531 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79951 Keywords=Classic Message=DFS server has finished initializing. 10/09/2020 09:01:02 AM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14533 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79950 Keywords=Classic Message=DFS has finished building all namespaces. 10/09/2020 09:01:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79969 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from auto start to demand start. 10/09/2020 09:01:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79970 Keywords=Classic Message=The DS Role Server service entered the running state. 10/09/2020 09:01:36 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79971 Keywords=Classic Message=The Network Connectivity Assistant service entered the stopped state. 10/09/2020 09:01:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79973 Keywords=Classic Message=The Portable Device Enumerator Service service entered the stopped state. 10/09/2020 09:01:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79981 Keywords=Classic Message=The DFS Replication service entered the stopped state. 10/09/2020 09:01:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79980 Keywords=Classic Message=The Virtual Disk service entered the stopped state. 10/09/2020 09:01:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79979 Keywords=Classic Message=The Network Connectivity Assistant service entered the stopped state. 10/09/2020 09:01:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79978 Keywords=Classic Message=The start type of the Distributed Link Tracking Client service was changed from auto start to demand start. 10/09/2020 09:01:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79977 Keywords=Classic Message=The start type of the Kerberos Key Distribution Center service was changed from disabled to auto start. 10/09/2020 09:01:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79976 Keywords=Classic Message=The start type of the Intersite Messaging service was changed from disabled to auto start. 10/09/2020 09:01:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79975 Keywords=Classic Message=The start type of the Active Directory Domain Services service was changed from disabled to auto start. 10/09/2020 09:01:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79974 Keywords=Classic Message=The start type of the Netlogon service was changed from demand start to auto start. 10/09/2020 09:01:46 AM LogName=System SourceName=Virtual Disk Service EventCode=4 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=None RecordNumber=79972 Keywords=Classic Message=Service stopped. 10/09/2020 09:01:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79982 Keywords=Classic Message=The start type of the File Replication service was changed from demand start to disabled. 10/09/2020 09:01:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79987 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the running state. 10/09/2020 09:01:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79986 Keywords=Classic Message=The Downloaded Maps Manager service entered the running state. 10/09/2020 09:01:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79985 Keywords=Classic Message=The Diagnostic System Host service entered the running state. 10/09/2020 09:01:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79984 Keywords=Classic Message=The Diagnostic Policy Service service entered the running state. 10/09/2020 09:01:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79983 Keywords=Classic Message=The Connected Devices Platform Service service entered the stopped state. 10/09/2020 09:01:49 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79988 Keywords=Classic Message=The Software Protection service entered the running state. 10/09/2020 09:01:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79990 Keywords=Classic Message=The start type of the SSDP Discovery service was changed from demand start to disabled. 10/09/2020 09:01:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79989 Keywords=Classic Message=The start type of the UPnP Device Host service was changed from demand start to disabled. 10/09/2020 09:01:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79991 Keywords=Classic Message=The User Access Logging Service service entered the running state. 10/09/2020 09:01:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79996 Keywords=Classic Message=The Netlogon service entered the running state. 10/09/2020 09:01:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79995 Keywords=Classic Message=The start type of the Encrypting File System (EFS) service was changed from demand start to auto start. 10/09/2020 09:01:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79994 Keywords=Classic Message=The start type of the Active Directory Web Services service was changed from disabled to auto start. 10/09/2020 09:01:52 AM LogName=System SourceName=NETLOGON EventCode=5719 EventType=2 Type=Error ComputerName=win-dc-1796611 TaskCategory=None OpCode=Info RecordNumber=79993 Keywords=Classic Message=This computer was not able to set up a secure session with a domain controller in domain ATTACKRANGE due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. 10/09/2020 09:01:52 AM LogName=System SourceName=NETLOGON EventCode=5516 EventType=2 Type=Error ComputerName=win-dc-1796611 TaskCategory=None OpCode=Info RecordNumber=79992 Keywords=Classic Message=The computer or domain WIN-DC-1796611 trusts domain ATTACKRANGE. (This may be an indirect trust.) However, WIN-DC-1796611 and ATTACKRANGE have the same machine security identifier (SID). NT should be re-installed on either WIN-DC-1796611 or ATTACKRANGE. 10/09/2020 09:01:55 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=79997 Keywords=Classic Message=The process C:\Windows\system32\shutdown.exe (WIN-DC-1796611) has initiated the restart of computer WIN-DC-1796611 on behalf of user WIN-DC-1796611\Administrator for the following reason: No title for this reason could be found Reason Code: 0x800000ff Shutdown Type: restart Comment: Reboot initiated by Ansible 10/09/2020 09:01:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80000 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80035 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80034 Keywords=Classic Message=The DNS Server service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80033 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80032 Keywords=Classic Message=The User Profile Service service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80031 Keywords=Classic Message=The Remote Desktop Services service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80030 Keywords=Classic Message=The Software Protection service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80029 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80028 Keywords=Classic Message=The Volume Shadow Copy service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80027 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80026 Keywords=Classic Message=The State Repository Service service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80025 Keywords=Classic Message=The Certificate Propagation service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80024 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80023 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80022 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80021 Keywords=Classic Message=The Windows Insider Service service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80020 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80019 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80018 Keywords=Classic Message=The DHCP Client service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80017 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=80016 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80015 Keywords=Classic Message=The Diagnostic System Host service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80014 Keywords=Classic Message=The Diagnostic Policy Service service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80013 Keywords=Classic Message=The Remote Desktop Services UserMode Port Redirector service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80012 Keywords=Classic Message=The IPsec Policy Agent service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80011 Keywords=Classic Message=The Distributed Link Tracking Client service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80010 Keywords=Classic Message=The Windows Time service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80009 Keywords=Classic Message=The Client License Service (ClipSVC) service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80008 Keywords=Classic Message=The Amazon SSM Agent service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80007 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=win-dc-1796611 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=80006 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80005 Keywords=Classic Message=The Plug and Play service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80004 Keywords=Classic Message=The Downloaded Maps Manager service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80003 Keywords=Classic Message=The User Access Logging Service service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80002 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80001 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 10/09/2020 09:01:58 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=win-dc-1796611 TaskCategory=None OpCode=None RecordNumber=79999 Keywords=Classic Message=The Event log service was stopped. 10/09/2020 09:01:58 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10149 EventType=3 Type=Warning ComputerName=win-dc-1796611 TaskCategory=None OpCode=Info RecordNumber=79998 Keywords=Classic Message=The WinRM service is not listening for WS-Management requests. User Action If you did not intentionally stop the service, use the following command to see the WinRM configuration: winrm enumerate winrm/config/listener 10/09/2020 09:02:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=2 OpCode=Info RecordNumber=80042 Keywords=None Message=The operating system is shutting down at system time ‎2020‎-‎10‎-‎09T09:02:03.445577500Z. 10/09/2020 09:02:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=103 OpCode=Info RecordNumber=80041 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 10/09/2020 09:02:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80040 Keywords=Classic Message=The Windows Update service entered the stopped state. 10/09/2020 09:02:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80039 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 10/09/2020 09:02:24 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80049 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 10/09/2020 09:02:24 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80048 Keywords=None Message=There are 0x1 boot options on this system. 10/09/2020 09:02:24 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=80047 Keywords=None Message=The boot menu policy was 0x0. 10/09/2020 09:02:24 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=80046 Keywords=None Message=The boot type was 0x0. 10/09/2020 09:02:24 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=80045 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 10/09/2020 09:02:24 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80044 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 10/09/2020 09:02:24 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=80043 Keywords=None Message=The operating system started at system time ‎2020‎-‎10‎-‎09T09:02:24.491144500Z. 10/09/2020 09:02:27 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80054 Keywords=None Message=File System Filter 'DfsDriver' (10.0, ‎2016‎-‎07‎-‎16T02:21:37.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 09:02:27 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80053 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 09:02:27 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80052 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 10/09/2020 09:02:27 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80051 Keywords=None Message=File System Filter 'DfsrRo' (10.0, ‎2016‎-‎07‎-‎16T02:20:37.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 09:02:27 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80050 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 09:02:28 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=80064 Keywords=None Message=Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 09:02:28 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=80063 Keywords=None Message=Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 09:02:28 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=80062 Keywords=None Message=Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 09:02:28 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=80061 Keywords=None Message=Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 09:02:28 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=80060 Keywords=None Message=Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 09:02:28 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=80059 Keywords=None Message=Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 09:02:28 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=80058 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 09:02:28 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=80057 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 09:02:28 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=80056 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 10/09/2020 09:02:28 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80055 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 09:02:35 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80065 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 10/09/2020 09:02:36 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80066 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: . For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 10/09/2020 09:02:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80084 Keywords=Classic Message=The DcomLaunch service entered the running state. 10/09/2020 09:02:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80083 Keywords=Classic Message=The Power service entered the running state. 10/09/2020 09:02:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80082 Keywords=Classic Message=The PlugPlay service entered the running state. 10/09/2020 09:02:37 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16413 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80081 Keywords=None Message=An error occurred when trying to remove the account Network Service from the group Performance Log Users. The problem, "The system cannot find the file specified. ", occurred when trying to remove the account from the group. Please remove the member manually. 10/09/2020 09:02:37 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80080 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Storage Replica Administrators. Please contact PSS to recover. 10/09/2020 09:02:37 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80079 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Remote Management Users. Please contact PSS to recover. 10/09/2020 09:02:37 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80078 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Access Control Assistance Operators. Please contact PSS to recover. 10/09/2020 09:02:37 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80077 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Hyper-V Administrators. Please contact PSS to recover. 10/09/2020 09:02:37 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80076 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account RDS Management Servers. Please contact PSS to recover. 10/09/2020 09:02:37 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80075 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account RDS Endpoint Servers. Please contact PSS to recover. 10/09/2020 09:02:37 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80074 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account RDS Remote Access Servers. Please contact PSS to recover. 10/09/2020 09:02:37 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80073 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Certificate Service DCOM Access. Please contact PSS to recover. 10/09/2020 09:02:37 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80072 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Event Log Readers. Please contact PSS to recover. 10/09/2020 09:02:37 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16401 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80071 Keywords=None Message=An error occurred when trying to add the account INTERNET USER to the group IIS_IUSRS. The problem, "The specified local group does not exist. ", occurred when trying to open the group. Please add the account manually. 10/09/2020 09:02:37 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80070 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Cryptographic Operators. Please contact PSS to recover. 10/09/2020 09:02:37 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80069 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account IIS_IUSRS. Please contact PSS to recover. 10/09/2020 09:02:37 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80068 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Distributed COM Users. Please contact PSS to recover. 10/09/2020 09:02:37 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16937 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80067 Keywords=None Message=Secured the machine account . The builtin\account operators full control Access Control Entry was removed from the security descriptor on this object. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80136 Keywords=Classic Message=The PolicyAgent service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80135 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:10.0.1.14 has been brought up. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80134 Keywords=Classic Message=The KeyIso service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80133 Keywords=Classic Message=The NetSetupSvc service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80132 Keywords=Classic Message=The UserManager service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80131 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80130 Keywords=Classic Message=The MpsSvc service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80129 Keywords=Classic Message=The NcaSvc service entered the stopped state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80128 Keywords=Classic Message=The iphlpsvc service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80127 Keywords=Classic Message=The Schedule service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80126 Keywords=Classic Message=The SessionEnv service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80125 Keywords=Classic Message=The Kdc service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80124 Keywords=Classic Message=The Winmgmt service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=80123 Keywords=None Message=Name resolution for the name _ldap._tcp.dc._msdcs.attackrange.local. timed out after none of the configured DNS servers responded. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80122 Keywords=Classic Message=The BFE service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80121 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80120 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80119 Keywords=Classic Message=The Wcmsvc service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80118 Keywords=Classic Message=The FontCache service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80117 Keywords=Classic Message=The ShellHWDetection service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80116 Keywords=Classic Message=The NcbService service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80115 Keywords=Classic Message=The CertPropSvc service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80114 Keywords=Classic Message=The UmRdpService service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80113 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80112 Keywords=Classic Message=The DsmSvc service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80111 Keywords=Classic Message=The netprofm service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80110 Keywords=Classic Message=The gpsvc service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=80109 Keywords=None Message=Name resolution for the name _ldap._tcp.dc._msdcs.attackrange.local. timed out after none of the configured DNS servers responded. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80108 Keywords=Classic Message=The SENS service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80107 Keywords=Classic Message=The ProfSvc service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80106 Keywords=Classic Message=The NlaSvc service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80105 Keywords=Classic Message=The EventSystem service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80104 Keywords=Classic Message=The Themes service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80103 Keywords=Classic Message=The WPDBusEnum service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80102 Keywords=Classic Message=The NTDS service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80101 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80100 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80099 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2019‎-‎04‎-‎02T04:23:00.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-TerminalServices-RemoteConnectionManager EventCode=1056 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80098 Keywords=Classic Message=A new self signed certificate to be used for RD Session Host Server authentication on SSL connections was generated. The name on this certificate is win-dc-1796611.attackrange.local. The SHA1 hash of the certificate is in the event data. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80097 Keywords=Classic Message=The Dnscache service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80096 Keywords=Classic Message=The Dhcp service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=80095 Keywords=None Message=DHCPv6 client service is started 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=80094 Keywords=None Message=DHCPv4 client service is started 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80093 Keywords=Classic Message=The EventLog service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80092 Keywords=Classic Message=The nsi service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80091 Keywords=Classic Message=The lmhosts service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80090 Keywords=Classic Message=The TermService service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80089 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80088 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80087 Keywords=Classic Message=The LSM service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80086 Keywords=Classic Message=The RpcSs service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80085 Keywords=Classic Message=The RpcEptMapper service entered the running state. 10/09/2020 09:02:38 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=None RecordNumber=80038 Keywords=Classic Message=The system uptime is 13 seconds. 10/09/2020 09:02:38 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=None RecordNumber=80037 Keywords=Classic Message=The Event log service was started. 10/09/2020 09:02:38 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=None RecordNumber=80036 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 10/09/2020 09:02:39 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=80137 Keywords=None Message=Name resolution for the name _ldap._tcp.dc._msdcs.attackrange.local. timed out after none of the configured DNS servers responded. 10/09/2020 09:02:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80138 Keywords=Classic Message=The CryptSvc service entered the running state. 10/09/2020 09:02:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80139 Keywords=Classic Message=The wuauserv service entered the running state. 10/09/2020 09:02:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80140 Keywords=Classic Message=The TrustedInstaller service entered the running state. 10/09/2020 09:02:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80144 Keywords=Classic Message=The LanmanServer service entered the running state. 10/09/2020 09:02:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80143 Keywords=Classic Message=The SamSs service entered the running state. 10/09/2020 09:02:47 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16648 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80142 Keywords=None Message=The request for a new account-identifier pool has completed successfully. 10/09/2020 09:02:47 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16647 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80141 Keywords=None Message=The domain controller is starting a request for a new account-identifier pool. 10/09/2020 09:02:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80166 Keywords=Classic Message=The WMI Performance Adapter service entered the running state. 10/09/2020 09:02:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80165 Keywords=Classic Message=The vds service entered the running state. 10/09/2020 09:02:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80164 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 10/09/2020 09:02:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80163 Keywords=Classic Message=The AmazonSSMAgent service entered the running state. 10/09/2020 09:02:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80162 Keywords=Classic Message=The ADWS service entered the running state. 10/09/2020 09:02:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80161 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 10/09/2020 09:02:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80160 Keywords=Classic Message=The StateRepository service entered the running state. 10/09/2020 09:02:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80159 Keywords=Classic Message=The WinRM service entered the running state. 10/09/2020 09:02:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80158 Keywords=Classic Message=The DFSR service entered the running state. 10/09/2020 09:02:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80157 Keywords=Classic Message=The Dfs service entered the running state. 10/09/2020 09:02:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80156 Keywords=Classic Message=The IsmServ service entered the running state. 10/09/2020 09:02:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80155 Keywords=Classic Message=The WpnService service entered the running state. 10/09/2020 09:02:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80154 Keywords=Classic Message=The EFS service entered the running state. 10/09/2020 09:02:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80153 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 10/09/2020 09:02:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80152 Keywords=Classic Message=The PcaSvc service entered the running state. 10/09/2020 09:02:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80151 Keywords=Classic Message=The RemoteRegistry service entered the running state. 10/09/2020 09:02:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80150 Keywords=Classic Message=The Spooler service entered the running state. 10/09/2020 09:02:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80149 Keywords=Classic Message=The WerSvc service entered the running state. 10/09/2020 09:02:53 AM LogName=System SourceName=Virtual Disk Service EventCode=3 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=None RecordNumber=80148 Keywords=Classic Message=Service started. 10/09/2020 09:02:53 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=Info RecordNumber=80147 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 10/09/2020 09:02:53 AM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14531 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80146 Keywords=Classic Message=DFS server has finished initializing. 10/09/2020 09:02:53 AM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14533 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80145 Keywords=Classic Message=DFS has finished building all namespaces. 10/09/2020 09:02:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80167 Keywords=Classic Message=The WMI Performance Adapter service entered the stopped state. 10/09/2020 09:03:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80170 Keywords=Classic Message=The Netlogon service entered the running state. 10/09/2020 09:03:05 AM LogName=System SourceName=NETLOGON EventCode=5823 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=Info RecordNumber=80169 Keywords=Classic Message= The system successfully changed its password on the domain controller . This event is logged when the password for the computer account is changed by the system. It is logged on the computer that changed the password. 10/09/2020 09:03:05 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10154 EventType=3 Type=Warning ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=Info RecordNumber=80168 Keywords=Classic Message=The WinRM service failed to create the following SPNs: WSMAN/win-dc-1796611.attackrange.local; WSMAN/win-dc-1796611. Additional Data The error received was 1355: %%1355. User Action The SPNs can be created by an administrator using setspn.exe utility. 10/09/2020 09:03:08 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=143 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80172 Keywords=None Message=The time service has started advertising as a good time source. 10/09/2020 09:03:08 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=139 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80171 Keywords=None Message=The time service has started advertising as a time source. 10/09/2020 09:03:17 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=12 EventType=3 Type=Warning ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80174 Keywords=None Message=Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient. 10/09/2020 09:03:17 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80173 Keywords=Classic Message=The DNS service entered the running state. 10/09/2020 09:03:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80175 Keywords=Classic Message=The W32Time service entered the running state. 10/09/2020 09:03:19 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80176 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 10/09/2020 09:03:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80177 Keywords=Classic Message=The NetSetupSvc service entered the stopped state. 10/09/2020 09:03:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80181 Keywords=Classic Message=The swprv service entered the running state. 10/09/2020 09:03:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80180 Keywords=Classic Message=The VSS service entered the running state. 10/09/2020 09:03:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80179 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from auto start to demand start. 10/09/2020 09:03:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80178 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from demand start to auto start. 10/09/2020 09:03:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80182 Keywords=Classic Message=The NetSetupSvc service entered the running state. 10/09/2020 09:03:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80184 Keywords=Classic Message=The NcaSvc service entered the stopped state. 10/09/2020 09:03:25 AM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1502 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Start RecordNumber=80183 Keywords=None Message=The Group Policy settings for the computer were processed successfully. New settings from 2 Group Policy objects were detected and applied. 10/09/2020 09:03:26 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80186 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 10/09/2020 09:03:26 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=12 EventType=3 Type=Warning ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80185 Keywords=None Message=Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient. 10/09/2020 09:03:29 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80187 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 10/09/2020 09:03:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80188 Keywords=Classic Message=The DsmSvc service entered the stopped state. 10/09/2020 09:03:34 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=35 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80190 Keywords=None Message=The time service is now synchronizing the system time with the time source time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 10/09/2020 09:03:34 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=144 EventType=3 Type=Warning ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80189 Keywords=None Message=The time service has stopped advertising as a good time source. 10/09/2020 09:04:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80194 Keywords=Classic Message=The MapsBroker service entered the running state. 10/09/2020 09:04:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80193 Keywords=Classic Message=The DPS service entered the running state. 10/09/2020 09:04:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80192 Keywords=Classic Message=The Connected Devices Platform Service service entered the stopped state. 10/09/2020 09:04:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80191 Keywords=Classic Message=The WerSvc service entered the stopped state. 10/09/2020 09:04:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80196 Keywords=Classic Message=The sppsvc service entered the running state. 10/09/2020 09:04:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80195 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the running state. 10/09/2020 09:04:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80197 Keywords=Classic Message=The UALSVC service entered the running state. 10/09/2020 09:05:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80198 Keywords=Classic Message=The MapsBroker service entered the stopped state. 10/09/2020 09:05:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80200 Keywords=Classic Message=The Portable Device Enumerator Service service entered the stopped state. 10/09/2020 09:05:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80199 Keywords=Classic Message=The sppsvc service entered the stopped state. 10/09/2020 09:05:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80201 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 10/09/2020 09:05:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80203 Keywords=Classic Message=The wisvc service entered the running state. 10/09/2020 09:05:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80202 Keywords=Classic Message=The UsoSvc service entered the running state. 10/09/2020 09:05:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80204 Keywords=Classic Message=The NetSetupSvc service entered the stopped state. 10/09/2020 09:06:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80205 Keywords=Classic Message=The VSS service entered the stopped state. 10/09/2020 09:06:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80206 Keywords=Classic Message=The wisvc service entered the stopped state. 10/09/2020 09:06:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80207 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the stopped state. 10/09/2020 09:06:55 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80208 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user ATTACKRANGE\Administrator SID (S-1-5-21-409845233-1799753065-1382401640-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 10/09/2020 09:06:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80209 Keywords=Classic Message=The Windows Modules Installer service entered the running state. 10/09/2020 09:07:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80210 Keywords=Classic Message=The msiserver service entered the running state. 10/09/2020 09:07:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80211 Keywords=Classic Message=The WdiSystemHost service entered the running state. 10/09/2020 09:07:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80214 Keywords=Classic Message=A service was installed in the system. Service Name: SplunkMonitorNoHandle Service File Name: system32\DRIVERS\SplunkMonitorNoHandleDrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 10/09/2020 09:07:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80213 Keywords=Classic Message=A service was installed in the system. Service Name: splknetdrv Service File Name: \SystemRoot\system32\DRIVERS\splknetdrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 10/09/2020 09:07:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80212 Keywords=Classic Message=A service was installed in the system. Service Name: Splunk Trace Kernel Mode Driver Service File Name: \SystemRoot\system32\DRIVERS\splunkdrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 10/09/2020 09:07:13 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80215 Keywords=Classic Message=A service was installed in the system. Service Name: SplunkForwarder Service Service File Name: "C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 10/09/2020 09:07:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80216 Keywords=Classic Message=The SplunkForwarder Service service entered the running state. 10/09/2020 09:07:56 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80217 Keywords=Classic Message=A service was installed in the system. Service Name: nxlog Service File Name: "C:\Program Files (x86)\nxlog\nxlog.exe" -c "C:\Program Files (x86)\nxlog\conf\nxlog.conf" Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 10/09/2020 09:08:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80218 Keywords=Classic Message=The nxlog service entered the running state. 10/09/2020 09:08:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80220 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 10/09/2020 09:08:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80219 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 10/09/2020 09:08:13 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80221 Keywords=Classic Message=The SplunkForwarder Service service entered the running state. 10/09/2020 09:08:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80222 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the running state. 10/09/2020 09:08:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80226 Keywords=Classic Message=The sysmon64 service entered the running state. 10/09/2020 09:08:38 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80225 Keywords=None Message=File System Filter 'SysmonDrv' (0.0, ‎2020‎-‎09‎-‎09T21:23:49.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 09:08:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80224 Keywords=Classic Message=A service was installed in the system. Service Name: SysmonDrv Service File Name: C:\Windows\SysmonDrv.sys Service Type: kernel mode driver Service Start Type: boot start Service Account: 10/09/2020 09:08:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80223 Keywords=Classic Message=A service was installed in the system. Service Name: sysmon64 Service File Name: C:\Windows\sysmon64.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 10/09/2020 09:08:44 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80227 Keywords=Classic Message=The process C:\Windows\system32\shutdown.exe (WIN-DC-1796611) has initiated the restart of computer WIN-DC-1796611 on behalf of user ATTACKRANGE\Administrator for the following reason: No title for this reason could be found Reason Code: 0x800000ff Shutdown Type: restart Comment: Reboot initiated by Ansible 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80263 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80262 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80261 Keywords=Classic Message=The Remote Desktop Services service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80260 Keywords=Classic Message=The Windows Update service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80259 Keywords=Classic Message=The State Repository Service service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80258 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80257 Keywords=Classic Message=The DHCP Client service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=80256 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=80255 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80254 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80253 Keywords=Classic Message=The Virtual Disk service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80252 Keywords=Classic Message=The Certificate Propagation service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80251 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80250 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80249 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80248 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80247 Keywords=Classic Message=The Windows Installer service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80246 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80245 Keywords=Classic Message=The Diagnostic Policy Service service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80244 Keywords=Classic Message=The Windows Time service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80243 Keywords=Classic Message=The IPsec Policy Agent service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80242 Keywords=Classic Message=The Amazon SSM Agent service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80241 Keywords=Classic Message=The Active Directory Web Services service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80240 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80239 Keywords=Classic Message=The Intersite Messaging service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80238 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80237 Keywords=Classic Message=The Diagnostic System Host service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80236 Keywords=Classic Message=The Remote Desktop Services UserMode Port Redirector service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80235 Keywords=Classic Message=The Plug and Play service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=80234 Keywords=Time Message=The system time has changed to ‎2020‎-‎10‎-‎09T09:08:46.877000000Z from ‎2020‎-‎10‎-‎09T09:08:46.892070000Z. Change Reason: An application or system component changed the time. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80233 Keywords=Classic Message=The User Access Logging Service service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80232 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80231 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80230 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 10/09/2020 09:08:46 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=None RecordNumber=80229 Keywords=Classic Message=The Event log service was stopped. 10/09/2020 09:08:46 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10149 EventType=3 Type=Warning ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=Info RecordNumber=80228 Keywords=Classic Message=The WinRM service is not listening for WS-Management requests. User Action If you did not intentionally stop the service, use the following command to see the WinRM configuration: winrm enumerate winrm/config/listener 10/09/2020 09:08:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80268 Keywords=Classic Message=The nxlog service entered the stopped state. 10/09/2020 09:08:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80267 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 10/09/2020 09:08:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80266 Keywords=Classic Message=The DNS Server service entered the stopped state. 10/09/2020 09:08:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80265 Keywords=Classic Message=The DFS Replication service entered the stopped state. 10/09/2020 09:08:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80264 Keywords=Classic Message=The User Profile Service service entered the stopped state. 10/09/2020 09:08:49 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80275 Keywords=Classic Message=The Active Directory Domain Services service entered the stopped state. 10/09/2020 09:08:49 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=80274 Keywords=None Message=Name resolution for the name 255.1.0.10.in-addr.arpa. timed out after none of the configured DNS servers responded. 10/09/2020 09:08:49 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80273 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 10/09/2020 09:08:49 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80272 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 10/09/2020 09:08:51 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=103 OpCode=Info RecordNumber=80276 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 10/09/2020 09:08:52 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=2 OpCode=Info RecordNumber=80277 Keywords=None Message=The operating system is shutting down at system time ‎2020‎-‎10‎-‎09T09:08:52.078395300Z. 10/09/2020 09:09:12 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80284 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 10/09/2020 09:09:12 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80283 Keywords=None Message=There are 0x1 boot options on this system. 10/09/2020 09:09:12 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=80282 Keywords=None Message=The boot menu policy was 0x0. 10/09/2020 09:09:12 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=80281 Keywords=None Message=The boot type was 0x0. 10/09/2020 09:09:12 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=80280 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 10/09/2020 09:09:12 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80279 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 10/09/2020 09:09:12 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=80278 Keywords=None Message=The operating system started at system time ‎2020‎-‎10‎-‎09T09:09:12.491011900Z. 10/09/2020 09:09:15 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80290 Keywords=None Message=File System Filter 'DfsDriver' (10.0, ‎2016‎-‎07‎-‎16T02:21:37.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 09:09:15 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80289 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 09:09:15 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80288 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 10/09/2020 09:09:15 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80287 Keywords=None Message=File System Filter 'SysmonDrv' (0.0, ‎2020‎-‎09‎-‎09T21:23:49.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 09:09:15 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80286 Keywords=None Message=File System Filter 'DfsrRo' (10.0, ‎2016‎-‎07‎-‎16T02:20:37.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 09:09:15 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80285 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 09:09:16 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=80300 Keywords=None Message=Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 09:09:16 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=80299 Keywords=None Message=Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 09:09:16 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=80298 Keywords=None Message=Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 09:09:16 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=80297 Keywords=None Message=Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 09:09:16 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=80296 Keywords=None Message=Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 09:09:16 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=80295 Keywords=None Message=Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 09:09:16 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=80294 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 09:09:16 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=80293 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 10/09/2020 09:09:16 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=80292 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 10/09/2020 09:09:16 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80291 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 09:09:17 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80302 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: . For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 10/09/2020 09:09:17 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80301 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 10/09/2020 09:09:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80303 Keywords=Classic Message=The PlugPlay service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80355 Keywords=Classic Message=The PolicyAgent service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80354 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:10.0.1.14 has been brought up. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80353 Keywords=Classic Message=The NetSetupSvc service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80352 Keywords=Classic Message=The UserManager service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80351 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80350 Keywords=Classic Message=The MpsSvc service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80349 Keywords=Classic Message=The NcaSvc service entered the stopped state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80348 Keywords=Classic Message=The iphlpsvc service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80347 Keywords=Classic Message=The Schedule service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80346 Keywords=Classic Message=The SessionEnv service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80345 Keywords=Classic Message=The Kdc service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80344 Keywords=Classic Message=The Winmgmt service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=80343 Keywords=None Message=Name resolution for the name _ldap._tcp.dc._msdcs.attackrange.local. timed out after none of the configured DNS servers responded. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80342 Keywords=Classic Message=The ShellHWDetection service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80341 Keywords=Classic Message=The FontCache service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80340 Keywords=Classic Message=The Wcmsvc service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80339 Keywords=Classic Message=The BFE service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80338 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80337 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80336 Keywords=Classic Message=The NcbService service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80335 Keywords=Classic Message=The DsmSvc service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80334 Keywords=Classic Message=The SENS service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80333 Keywords=Classic Message=The gpsvc service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80332 Keywords=Classic Message=The CertPropSvc service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80331 Keywords=Classic Message=The netprofm service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=80330 Keywords=None Message=Name resolution for the name _ldap._tcp.dc._msdcs.attackrange.local. timed out after none of the configured DNS servers responded. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80329 Keywords=Classic Message=The ProfSvc service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80328 Keywords=Classic Message=The EventSystem service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80327 Keywords=Classic Message=The UmRdpService service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80326 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80325 Keywords=Classic Message=The NlaSvc service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80324 Keywords=Classic Message=The Themes service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80323 Keywords=Classic Message=The NTDS service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80322 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80321 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80320 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2019‎-‎04‎-‎02T04:23:00.000000000Z) has successfully loaded and registered with Filter Manager. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80319 Keywords=Classic Message=The WPDBusEnum service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80318 Keywords=Classic Message=The Dhcp service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=80317 Keywords=None Message=DHCPv6 client service is started 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80316 Keywords=Classic Message=The Dnscache service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=80315 Keywords=None Message=DHCPv4 client service is started 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80314 Keywords=Classic Message=The EventLog service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80313 Keywords=Classic Message=The lmhosts service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80312 Keywords=Classic Message=The nsi service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80311 Keywords=Classic Message=The TermService service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80310 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80309 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80308 Keywords=Classic Message=The LSM service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80307 Keywords=Classic Message=The RpcSs service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80306 Keywords=Classic Message=The RpcEptMapper service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80305 Keywords=Classic Message=The DcomLaunch service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80304 Keywords=Classic Message=The Power service entered the running state. 10/09/2020 09:09:19 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=None RecordNumber=80271 Keywords=Classic Message=The system uptime is 6 seconds. 10/09/2020 09:09:19 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=None RecordNumber=80270 Keywords=Classic Message=The Event log service was started. 10/09/2020 09:09:19 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=None RecordNumber=80269 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 10/09/2020 09:09:20 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=80356 Keywords=None Message=Name resolution for the name _ldap._tcp.dc._msdcs.attackrange.local. timed out after none of the configured DNS servers responded. 10/09/2020 09:09:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80357 Keywords=Classic Message=The CryptSvc service entered the running state. 10/09/2020 09:09:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80358 Keywords=Classic Message=The wuauserv service entered the running state. 10/09/2020 09:09:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80359 Keywords=Classic Message=The TrustedInstaller service entered the running state. 10/09/2020 09:09:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80361 Keywords=Classic Message=The LanmanServer service entered the running state. 10/09/2020 09:09:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80360 Keywords=Classic Message=The SamSs service entered the running state. 10/09/2020 09:09:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80383 Keywords=Classic Message=The AmazonSSMAgent service entered the running state. 10/09/2020 09:09:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80382 Keywords=Classic Message=The nxlog service entered the running state. 10/09/2020 09:09:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80381 Keywords=Classic Message=The vds service entered the running state. 10/09/2020 09:09:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80380 Keywords=Classic Message=The ADWS service entered the running state. 10/09/2020 09:09:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80379 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 10/09/2020 09:09:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80378 Keywords=Classic Message=The sysmon64 service entered the running state. 10/09/2020 09:09:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80377 Keywords=Classic Message=The StateRepository service entered the running state. 10/09/2020 09:09:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80376 Keywords=Classic Message=The WinRM service entered the running state. 10/09/2020 09:09:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80375 Keywords=Classic Message=The DFSR service entered the running state. 10/09/2020 09:09:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80374 Keywords=Classic Message=The WpnService service entered the running state. 10/09/2020 09:09:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80373 Keywords=Classic Message=The Dfs service entered the running state. 10/09/2020 09:09:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80372 Keywords=Classic Message=The IsmServ service entered the running state. 10/09/2020 09:09:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80371 Keywords=Classic Message=The RemoteRegistry service entered the running state. 10/09/2020 09:09:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80370 Keywords=Classic Message=The EFS service entered the running state. 10/09/2020 09:09:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80369 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 10/09/2020 09:09:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80368 Keywords=Classic Message=The PcaSvc service entered the running state. 10/09/2020 09:09:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80367 Keywords=Classic Message=The Spooler service entered the running state. 10/09/2020 09:09:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80366 Keywords=Classic Message=The Netlogon service entered the running state. 10/09/2020 09:09:35 AM LogName=System SourceName=Virtual Disk Service EventCode=3 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=None RecordNumber=80365 Keywords=Classic Message=Service started. 10/09/2020 09:09:35 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=Info RecordNumber=80364 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 10/09/2020 09:09:35 AM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14531 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80363 Keywords=Classic Message=DFS server has finished initializing. 10/09/2020 09:09:35 AM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14533 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80362 Keywords=Classic Message=DFS has finished building all namespaces. 10/09/2020 09:09:39 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=143 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80385 Keywords=None Message=The time service has started advertising as a good time source. 10/09/2020 09:09:39 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=139 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80384 Keywords=None Message=The time service has started advertising as a time source. 10/09/2020 09:09:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80387 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 10/09/2020 09:09:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80386 Keywords=Classic Message=The SplunkForwarder service entered the running state. 10/09/2020 09:09:47 AM LogName=System SourceName=Microsoft-Windows-LSA EventCode=6038 EventType=3 Type=Warning ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=Info RecordNumber=80389 Keywords=Classic Message=Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server. NTLM is a weaker authentication mechanism. Please check: Which applications are using NTLM authentication? Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication? If NTLM must be supported, is Extended Protection configured? Details on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699. 10/09/2020 09:09:47 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10154 EventType=3 Type=Warning ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=Info RecordNumber=80388 Keywords=Classic Message=The WinRM service failed to create the following SPNs: WSMAN/win-dc-1796611.attackrange.local; WSMAN/win-dc-1796611. Additional Data The error received was 1355: %%1355. User Action The SPNs can be created by an administrator using setspn.exe utility. 10/09/2020 09:09:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80390 Keywords=Classic Message=The NetSetupSvc service entered the stopped state. 10/09/2020 09:09:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80393 Keywords=Classic Message=The W32Time service entered the running state. 10/09/2020 09:09:51 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=134 EventType=3 Type=Warning ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80392 Keywords=None Message=NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x8'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9) 10/09/2020 09:09:51 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=12 EventType=3 Type=Warning ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80391 Keywords=None Message=Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient. 10/09/2020 09:09:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80394 Keywords=Classic Message=The DNS service entered the running state. 10/09/2020 09:09:59 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80397 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user ATTACKRANGE\Administrator SID (S-1-5-21-409845233-1799753065-1382401640-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 10/09/2020 09:09:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80396 Keywords=Classic Message=The NetSetupSvc service entered the running state. 10/09/2020 09:09:59 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80395 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 10/09/2020 09:10:01 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=80399 Keywords=None Message=Name resolution for the name attackrange.local timed out after none of the configured DNS servers responded. 10/09/2020 09:10:01 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80398 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 10/09/2020 09:10:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80401 Keywords=Classic Message=The NcaSvc service entered the stopped state. 10/09/2020 09:10:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80400 Keywords=Classic Message=The NetSetupSvc service entered the stopped state. 10/09/2020 09:10:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80402 Keywords=Classic Message=The NetSetupSvc service entered the running state. 10/09/2020 09:10:04 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80403 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 10/09/2020 09:10:07 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=35 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80405 Keywords=None Message=The time service is now synchronizing the system time with the time source time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 10/09/2020 09:10:07 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=144 EventType=3 Type=Warning ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=80404 Keywords=None Message=The time service has stopped advertising as a good time source. 10/09/2020 09:10:13 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80406 Keywords=Classic Message=The DsmSvc service entered the stopped state. 10/09/2020 09:10:56 AM LogName=System SourceName=Microsoft-Windows-Eventlog EventCode=104 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=Log clear OpCode=Info RecordNumber=80417 Keywords=None Message=The Windows PowerShell log file was cleared. 10/09/2020 09:10:56 AM LogName=System SourceName=Microsoft-Windows-Eventlog EventCode=104 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=Log clear OpCode=Info RecordNumber=80416 Keywords=None Message=The System log file was cleared. 10/09/2020 09:10:56 AM LogName=System SourceName=Microsoft-Windows-Eventlog EventCode=104 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=Log clear OpCode=Info RecordNumber=80408 Keywords=None Message=The Active Directory Web Services log file was cleared. 10/09/2020 09:10:56 AM LogName=System SourceName=Microsoft-Windows-Eventlog EventCode=104 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-409845233-1799753065-1382401640-500 SidType=0 TaskCategory=Log clear OpCode=Info RecordNumber=80407 Keywords=None Message=The System log file was cleared. 10/09/2020 09:11:26 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80418 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 10/09/2020 09:11:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80419 Keywords=Classic Message=The Connected Devices Platform Service service entered the stopped state. 10/09/2020 09:11:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80425 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 10/09/2020 09:11:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80424 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 10/09/2020 09:11:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80423 Keywords=Classic Message=The Software Protection service entered the running state. 10/09/2020 09:11:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80422 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the running state. 10/09/2020 09:11:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80421 Keywords=Classic Message=The Downloaded Maps Manager service entered the running state. 10/09/2020 09:11:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80420 Keywords=Classic Message=The Diagnostic Policy Service service entered the running state. 10/09/2020 09:11:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80426 Keywords=Classic Message=The User Access Logging Service service entered the running state. 10/09/2020 09:11:49 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80427 Keywords=Classic Message=The SplunkForwarder Service service entered the running state. 10/09/2020 09:11:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80429 Keywords=Classic Message=The Downloaded Maps Manager service entered the stopped state. 10/09/2020 09:11:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80428 Keywords=Classic Message=A service was installed in the system. Service Name: npf Service File Name: C:/Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\npf.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 10/09/2020 09:12:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80430 Keywords=Classic Message=The Portable Device Enumerator Service service entered the stopped state. 10/09/2020 09:12:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80431 Keywords=Classic Message=The Software Protection service entered the stopped state. 10/09/2020 09:12:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80432 Keywords=Classic Message=The Network Setup Service service entered the stopped state. 10/09/2020 09:14:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80434 Keywords=Classic Message=The Windows Insider Service service entered the running state. 10/09/2020 09:14:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80433 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the running state. 10/09/2020 09:15:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80435 Keywords=Classic Message=The Windows Insider Service service entered the stopped state. 10/09/2020 09:15:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-1796611.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=80436 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the stopped state.