11/09/2020 10:48:22 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81177 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 11/09/2020 10:48:22 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81176 Keywords=None Message=There are 0x1 boot options on this system. 11/09/2020 10:48:22 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=81175 Keywords=None Message=The boot menu policy was 0x0. 11/09/2020 10:48:22 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=81174 Keywords=None Message=The boot type was 0x0. 11/09/2020 10:48:22 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=81173 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 11/09/2020 10:48:22 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81172 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 11/09/2020 10:48:22 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=81171 Keywords=None Message=The operating system started at system time ‎2020‎-‎11‎-‎09T10:48:22.495524500Z. 11/09/2020 10:48:26 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=81183 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 11/09/2020 10:48:26 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81182 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:48:26 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81181 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:48:26 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81180 Keywords=None Message=Volume \\?\Volume{7eebd808-0000-0000-0000-100000000000} (\Device\HarddiskVolume1) is healthy. No action is needed. 11/09/2020 10:48:26 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81179 Keywords=None Message=File System Filter 'WdFilter' (10.0, ‎2098‎-‎06‎-‎20T11:58:38.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:48:26 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81178 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:48:27 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81187 Keywords=None Message=The access history in hive \Device\HarddiskVolume1\Boot\BCD was cleared updating 49 keys and creating 4 modified pages. 11/09/2020 10:48:27 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=15 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81186 Keywords=None Message=Hive \SystemRoot\System32\config\DRIVERS was reorganized with a starting size of 5181440 bytes and an ending size of 5165056 bytes. 11/09/2020 10:48:27 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81185 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 10:48:27 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81184 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 10:48:29 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81191 Keywords=None Message=The access history in hive \SystemRoot\System32\Config\SAM was cleared updating 85 keys and creating 8 modified pages. 11/09/2020 10:48:29 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81190 Keywords=None Message=The access history in hive \SystemRoot\System32\Config\SECURITY was cleared updating 83 keys and creating 4 modified pages. 11/09/2020 10:48:29 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81189 Keywords=None Message=The access history in hive \SystemRoot\System32\Config\DEFAULT was cleared updating 282 keys and creating 42 modified pages. 11/09/2020 10:48:29 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=15 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81188 Keywords=None Message=Hive \SystemRoot\System32\Config\SOFTWARE was reorganized with a starting size of 88416256 bytes and an ending size of 78041088 bytes. 11/09/2020 10:48:29 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81177 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 11/09/2020 10:48:29 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81176 Keywords=None Message=There are 0x1 boot options on this system. 11/09/2020 10:48:29 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=81175 Keywords=None Message=The boot menu policy was 0x0. 11/09/2020 10:48:29 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=81174 Keywords=None Message=The boot type was 0x0. 11/09/2020 10:48:29 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=81173 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 11/09/2020 10:48:29 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81172 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 11/09/2020 10:48:29 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=81171 Keywords=None Message=The operating system started at system time ‎2020‎-‎11‎-‎09T10:48:29.497482200Z. 11/09/2020 10:48:33 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81179 Keywords=None Message=File System Filter 'WdFilter' (10.0, ‎2098‎-‎06‎-‎20T11:58:38.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:48:33 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81178 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:48:34 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81187 Keywords=None Message=The access history in hive \Device\HarddiskVolume1\Boot\BCD was cleared updating 49 keys and creating 4 modified pages. 11/09/2020 10:48:34 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=15 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81186 Keywords=None Message=Hive \SystemRoot\System32\config\DRIVERS was reorganized with a starting size of 5181440 bytes and an ending size of 5165056 bytes. 11/09/2020 10:48:34 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81185 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 10:48:34 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81184 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 10:48:34 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=81183 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 11/09/2020 10:48:34 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81182 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:48:34 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81181 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:48:34 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81180 Keywords=None Message=Volume \\?\Volume{7eebd808-0000-0000-0000-100000000000} (\Device\HarddiskVolume1) is healthy. No action is needed. 11/09/2020 10:48:36 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81192 Keywords=None Message=The access history in hive \??\C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT was cleared updating 621 keys and creating 34 modified pages. 11/09/2020 10:48:36 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81191 Keywords=None Message=The access history in hive \SystemRoot\System32\Config\SAM was cleared updating 85 keys and creating 8 modified pages. 11/09/2020 10:48:36 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81190 Keywords=None Message=The access history in hive \SystemRoot\System32\Config\SECURITY was cleared updating 83 keys and creating 4 modified pages. 11/09/2020 10:48:36 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81189 Keywords=None Message=The access history in hive \SystemRoot\System32\Config\DEFAULT was cleared updating 282 keys and creating 42 modified pages. 11/09/2020 10:48:36 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=15 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81188 Keywords=None Message=Hive \SystemRoot\System32\Config\SOFTWARE was reorganized with a starting size of 88416256 bytes and an ending size of 78041088 bytes. 11/09/2020 10:48:38 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81196 Keywords=None Message=The access history in hive \??\C:\Users\Default\NTUSER.DAT was cleared updating 1949 keys and creating 136 modified pages. 11/09/2020 10:48:38 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81195 Keywords=None Message=The access history in hive \??\C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat was cleared updating 842 keys and creating 113 modified pages. 11/09/2020 10:48:38 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81194 Keywords=None Message=The access history in hive \??\C:\Users\Administrator\NTUSER.DAT was cleared updating 1951 keys and creating 135 modified pages. 11/09/2020 10:48:38 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81193 Keywords=None Message=The access history in hive \??\C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT was cleared updating 627 keys and creating 36 modified pages. 11/09/2020 10:48:44 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81192 Keywords=None Message=The access history in hive \??\C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT was cleared updating 621 keys and creating 34 modified pages. 11/09/2020 10:48:45 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81193 Keywords=None Message=The access history in hive \??\C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT was cleared updating 627 keys and creating 36 modified pages. 11/09/2020 10:48:46 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81196 Keywords=None Message=The access history in hive \??\C:\Users\Default\NTUSER.DAT was cleared updating 1949 keys and creating 136 modified pages. 11/09/2020 10:48:46 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81195 Keywords=None Message=The access history in hive \??\C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat was cleared updating 842 keys and creating 113 modified pages. 11/09/2020 10:48:46 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81194 Keywords=None Message=The access history in hive \??\C:\Users\Administrator\NTUSER.DAT was cleared updating 1951 keys and creating 135 modified pages. 11/09/2020 10:48:51 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81197 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 11/09/2020 10:48:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81210 Keywords=Classic Message=The dmwappushservice service entered the running state. 11/09/2020 10:48:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81209 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 11/09/2020 10:48:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81208 Keywords=Classic Message=The NetSetupSvc service entered the running state. 11/09/2020 10:48:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81207 Keywords=Classic Message=The DeviceInstall service entered the running state. 11/09/2020 10:48:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81206 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 11/09/2020 10:48:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81205 Keywords=Classic Message=The sppsvc service entered the running state. 11/09/2020 10:48:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81204 Keywords=Classic Message=The LSM service entered the running state. 11/09/2020 10:48:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81203 Keywords=Classic Message=The RpcSs service entered the running state. 11/09/2020 10:48:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81202 Keywords=Classic Message=The RpcEptMapper service entered the running state. 11/09/2020 10:48:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81201 Keywords=Classic Message=The DcomLaunch service entered the running state. 11/09/2020 10:48:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81200 Keywords=Classic Message=The Power service entered the running state. 11/09/2020 10:48:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81199 Keywords=Classic Message=The PlugPlay service entered the running state. 11/09/2020 10:48:52 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81198 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 11/09/2020 10:48:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81213 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 11/09/2020 10:48:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81212 Keywords=Classic Message=The AppXSvc service entered the running state. 11/09/2020 10:48:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81211 Keywords=Classic Message=The StateRepository service entered the running state. 11/09/2020 10:48:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81204 Keywords=Classic Message=The LSM service entered the running state. 11/09/2020 10:48:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81203 Keywords=Classic Message=The RpcSs service entered the running state. 11/09/2020 10:48:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81202 Keywords=Classic Message=The DcomLaunch service entered the running state. 11/09/2020 10:48:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81201 Keywords=Classic Message=The RpcEptMapper service entered the running state. 11/09/2020 10:48:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81200 Keywords=Classic Message=The Power service entered the running state. 11/09/2020 10:48:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81199 Keywords=Classic Message=The PlugPlay service entered the running state. 11/09/2020 10:48:57 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81198 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 11/09/2020 10:48:57 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81197 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7023 EventType=2 Type=Error ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81239 Keywords=Classic Message=The netprofm service terminated with the following error: The device is not ready. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81238 Keywords=Classic Message=The netprofm service entered the stopped state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81237 Keywords=Classic Message=The FontCache service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81236 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81235 Keywords=Classic Message=The ShellHWDetection service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81234 Keywords=Classic Message=The SENS service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81233 Keywords=Classic Message=The NlaSvc service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81232 Keywords=Classic Message=The Dnscache service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81231 Keywords=Classic Message=The Wcmsvc service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81230 Keywords=Classic Message=The Dhcp service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=81229 Keywords=None Message=DHCPv6 client service is started 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=81228 Keywords=None Message=DHCPv4 client service is started 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81226 Keywords=Classic Message=The ProfSvc service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81225 Keywords=Classic Message=The gpsvc service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81224 Keywords=Classic Message=The Themes service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81223 Keywords=Classic Message=The nsi service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81222 Keywords=Classic Message=The EventLog service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81221 Keywords=Classic Message=The EventSystem service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81220 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81219 Keywords=Classic Message=The WPDBusEnum service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81218 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81217 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2019‎-‎04‎-‎02T04:23:00.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81216 Keywords=Classic Message=The DsmSvc service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81215 Keywords=None Message=The access history in hive \SystemRoot\System32\Config\BBI was cleared updating 52 keys and creating 13 modified pages. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81214 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=None RecordNumber=81160 Keywords=Classic Message=The Event log service was started. 11/09/2020 10:48:58 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=None RecordNumber=81159 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 11/09/2020 10:48:58 AM LogName=System SourceName=EventLog EventCode=6011 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=None RecordNumber=81158 Keywords=Classic Message=The NetBIOS name and DNS host name of this machine have been changed from EC2AMAZ-H0SHIJ3 to WIN-RQ05606RPN5. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81213 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81212 Keywords=Classic Message=The AppXSvc service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81211 Keywords=Classic Message=The StateRepository service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81210 Keywords=Classic Message=The dmwappushservice service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81209 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81208 Keywords=Classic Message=The NetSetupSvc service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81207 Keywords=Classic Message=The DeviceInstall service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81206 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 11/09/2020 10:48:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81205 Keywords=Classic Message=The sppsvc service entered the running state. 11/09/2020 10:48:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7023 EventType=2 Type=Error ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81260 Keywords=Classic Message=The IP Helper service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 11/09/2020 10:48:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81259 Keywords=Classic Message=The iphlpsvc service entered the stopped state. 11/09/2020 10:48:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81258 Keywords=Classic Message=The WinDefend service entered the running state. 11/09/2020 10:48:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81257 Keywords=Classic Message=The WpnService service entered the running state. 11/09/2020 10:48:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81256 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 11/09/2020 10:48:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81255 Keywords=Classic Message=The LanmanServer service entered the running state. 11/09/2020 10:48:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81254 Keywords=Classic Message=The Winmgmt service entered the running state. 11/09/2020 10:48:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81253 Keywords=Classic Message=The WinRM service entered the running state. 11/09/2020 10:48:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81252 Keywords=Classic Message=The CryptSvc service entered the running state. 11/09/2020 10:48:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81251 Keywords=Classic Message=The W32Time service entered the running state. 11/09/2020 10:48:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81250 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 11/09/2020 10:48:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81249 Keywords=Classic Message=The RemoteRegistry service entered the running state. 11/09/2020 10:48:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81248 Keywords=Classic Message=The UserManager service entered the running state. 11/09/2020 10:48:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81247 Keywords=Classic Message=The TrkWks service entered the running state. 11/09/2020 10:48:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81246 Keywords=Classic Message=The PcaSvc service entered the running state. 11/09/2020 10:48:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81245 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 11/09/2020 10:48:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81244 Keywords=Classic Message=The MpsSvc service entered the running state. 11/09/2020 10:48:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81243 Keywords=Classic Message=The Spooler service entered the running state. 11/09/2020 10:48:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81242 Keywords=Classic Message=The SamSs service entered the running state. 11/09/2020 10:48:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81241 Keywords=Classic Message=The Schedule service entered the running state. 11/09/2020 10:48:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81240 Keywords=Classic Message=The BFE service entered the running state. 11/09/2020 10:48:59 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=Info RecordNumber=81227 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 11/09/2020 10:49:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81261 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 11/09/2020 10:49:02 AM LogName=System SourceName=Microsoft-Windows-UserPnp EventCode=20003 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=7005 OpCode=Info RecordNumber=81262 Keywords=None Message=Driver Management has concluded the process to add Service vxn for Device Instance ID PCI\VEN_8086&DEV_10ED&SUBSYS_00000000&REV_01\3&267A616A&2&18 with the following status: 0. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-UserPnp EventCode=20001 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=7005 OpCode=Info RecordNumber=81263 Keywords=None Message=Driver Management concluded the process to install driver vxn65x64.inf_amd64_c69f09961e9fb531\vxn65x64.inf for Device Instance ID PCI\VEN_8086&DEV_10ED&SUBSYS_00000000&REV_01\3&267A616A&2&18 with the following status: 0x0. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81238 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7023 EventType=2 Type=Error ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81237 Keywords=Classic Message=The netprofm service terminated with the following error: The device is not ready. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81236 Keywords=Classic Message=The netprofm service entered the stopped state. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81235 Keywords=Classic Message=The NlaSvc service entered the running state. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81234 Keywords=Classic Message=The Dnscache service entered the running state. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81233 Keywords=Classic Message=The ShellHWDetection service entered the running state. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81232 Keywords=Classic Message=The Wcmsvc service entered the running state. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81231 Keywords=Classic Message=The SENS service entered the running state. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81230 Keywords=Classic Message=The FontCache service entered the running state. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81229 Keywords=Classic Message=The ProfSvc service entered the running state. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81228 Keywords=Classic Message=The gpsvc service entered the running state. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81227 Keywords=Classic Message=The Themes service entered the running state. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81226 Keywords=Classic Message=The Dhcp service entered the running state. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=81225 Keywords=None Message=DHCPv6 client service is started 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=81224 Keywords=None Message=DHCPv4 client service is started 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81223 Keywords=Classic Message=The EventSystem service entered the running state. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81222 Keywords=Classic Message=The nsi service entered the running state. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81221 Keywords=Classic Message=The EventLog service entered the running state. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81220 Keywords=Classic Message=The WPDBusEnum service entered the running state. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81219 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81218 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81217 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2019‎-‎04‎-‎02T04:23:00.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81216 Keywords=Classic Message=The DsmSvc service entered the running state. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81215 Keywords=None Message=The access history in hive \SystemRoot\System32\Config\BBI was cleared updating 52 keys and creating 13 modified pages. 11/09/2020 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81214 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 11/09/2020 10:49:03 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=None RecordNumber=81166 Keywords=Classic Message=The Event log service was started. 11/09/2020 10:49:03 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=None RecordNumber=81165 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 11/09/2020 10:49:03 AM LogName=System SourceName=EventLog EventCode=6011 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=None RecordNumber=81164 Keywords=Classic Message=The NetBIOS name and DNS host name of this machine have been changed from EC2AMAZ-H0SHIJ3 to WIN-BPQP221EQ94. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81269 Keywords=Classic Message=The TCP/IP NetBIOS Helper service entered the running state. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81268 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81267 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.BioEnrollment_10.0.14393.0_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:04 AM LogName=System SourceName=vxn EventCode=31 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=None RecordNumber=81266 Keywords=Classic Message=Intel(R) 82599 Virtual Function Network link has been established at 10Gbps full duplex. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81265 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.AccountsControl_10.0.14393.2068_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81264 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7023 EventType=2 Type=Error ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81260 Keywords=Classic Message=The IP Helper service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81259 Keywords=Classic Message=The iphlpsvc service entered the stopped state. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81258 Keywords=Classic Message=The WinDefend service entered the running state. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81257 Keywords=Classic Message=The WpnService service entered the running state. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81256 Keywords=Classic Message=The WinRM service entered the running state. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81255 Keywords=Classic Message=The LanmanServer service entered the running state. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81254 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81253 Keywords=Classic Message=The UserManager service entered the running state. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81252 Keywords=Classic Message=The CryptSvc service entered the running state. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81251 Keywords=Classic Message=The W32Time service entered the running state. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81250 Keywords=Classic Message=The PcaSvc service entered the running state. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81249 Keywords=Classic Message=The Winmgmt service entered the running state. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81248 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81247 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81246 Keywords=Classic Message=The TrkWks service entered the running state. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81245 Keywords=Classic Message=The RemoteRegistry service entered the running state. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81244 Keywords=Classic Message=The MpsSvc service entered the running state. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=Info RecordNumber=81243 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81242 Keywords=Classic Message=The Spooler service entered the running state. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81241 Keywords=Classic Message=The SamSs service entered the running state. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81240 Keywords=Classic Message=The Schedule service entered the running state. 11/09/2020 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81239 Keywords=Classic Message=The BFE service entered the running state. 11/09/2020 10:49:05 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81274 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:05 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81273 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:05 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81272 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.AssignedAccessLockApp_1000.14393.2068.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:05 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81271 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Apprep.ChxApp_1000.14393.2969.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:05 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81270 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.LockApp_10.0.14393.2068_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81280 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Windows.PrintDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81279 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Windows.MiracastView_6.3.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81278 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81277 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81276 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81275 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.SecondaryTileExperience_10.0.0.0_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:06 AM LogName=System SourceName=Microsoft-Windows-UserPnp EventCode=20003 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=7005 OpCode=Info RecordNumber=81262 Keywords=None Message=Driver Management has concluded the process to add Service vxn for Device Instance ID PCI\VEN_8086&DEV_10ED&SUBSYS_00000000&REV_01\3&267A616A&2&18 with the following status: 0. 11/09/2020 10:49:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81261 Keywords=Classic Message=The Time Broker service entered the running state. 11/09/2020 10:49:07 AM LogName=System SourceName=Microsoft-Windows-UserPnp EventCode=20001 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=7005 OpCode=Info RecordNumber=81263 Keywords=None Message=Driver Management concluded the process to install driver vxn65x64.inf_amd64_c69f09961e9fb531\vxn65x64.inf for Device Instance ID PCI\VEN_8086&DEV_10ED&SUBSYS_00000000&REV_01\3&267A616A&2&18 with the following status: 0x0. 11/09/2020 10:49:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81282 Keywords=Classic Message=The Windows Update service entered the running state. 11/09/2020 10:49:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81281 Keywords=Classic Message=The Windows Defender Network Inspection Service service entered the running state. 11/09/2020 10:49:08 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81265 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.AccountsControl_10.0.14393.2068_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:08 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81264 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:09 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81273 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:09 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81272 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.AssignedAccessLockApp_1000.14393.2068.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81271 Keywords=Classic Message=The TCP/IP NetBIOS Helper service entered the running state. 11/09/2020 10:49:09 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81270 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 11/09/2020 10:49:09 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81269 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Apprep.ChxApp_1000.14393.2969.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:09 AM LogName=System SourceName=vxn EventCode=31 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=None RecordNumber=81268 Keywords=Classic Message=Intel(R) 82599 Virtual Function Network link has been established at 10Gbps full duplex. 11/09/2020 10:49:09 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81267 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.LockApp_10.0.14393.2068_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:09 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81266 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.BioEnrollment_10.0.14393.0_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:10 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81280 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Windows.PrintDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:10 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81279 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Windows.MiracastView_6.3.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:10 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81278 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:10 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81277 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:10 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81276 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:10 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81275 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.SecondaryTileExperience_10.0.0.0_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:10 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81274 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 11/09/2020 10:49:13 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81282 Keywords=Classic Message=The Windows Update service entered the running state. 11/09/2020 10:49:13 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81281 Keywords=Classic Message=The Windows Defender Network Inspection Service service entered the running state. 11/09/2020 10:49:14 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=15 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81283 Keywords=None Message=Hive \??\C:\Windows\System32\config\COMPONENTS was reorganized with a starting size of 91103232 bytes and an ending size of 86089728 bytes. 11/09/2020 10:49:15 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=15 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81284 Keywords=None Message=Hive \??\C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT was reorganized with a starting size of 12173312 bytes and an ending size of 11698176 bytes. 11/09/2020 10:49:18 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=15 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81283 Keywords=None Message=Hive \??\C:\Windows\System32\config\COMPONENTS was reorganized with a starting size of 91103232 bytes and an ending size of 86089728 bytes. 11/09/2020 10:49:19 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=15 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81284 Keywords=None Message=Hive \??\C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT was reorganized with a starting size of 12173312 bytes and an ending size of 11698176 bytes. 11/09/2020 10:49:21 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=81286 Keywords=Time Message=The system time has changed to ‎2020‎-‎11‎-‎09T10:49:21.129000000Z from ‎2020‎-‎11‎-‎09T10:49:21.140151800Z. Change Reason: An application or system component changed the time. 11/09/2020 10:49:21 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=81285 Keywords=Time Message=The system time has changed to ‎2020‎-‎11‎-‎09T10:49:21.129520500Z from ‎2020‎-‎11‎-‎09T10:49:21.129520500Z. Change Reason: System time adjusted to the new time zone. 11/09/2020 10:49:24 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=81286 Keywords=Time Message=The system time has changed to ‎2020‎-‎11‎-‎09T10:49:24.041000000Z from ‎2020‎-‎11‎-‎09T10:49:24.055666500Z. Change Reason: An application or system component changed the time. 11/09/2020 10:49:24 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=81285 Keywords=Time Message=The system time has changed to ‎2020‎-‎11‎-‎09T10:49:24.041886400Z from ‎2020‎-‎11‎-‎09T10:49:24.041886400Z. Change Reason: System time adjusted to the new time zone. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7023 EventType=2 Type=Error ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81321 Keywords=Classic Message=The Network Connection Broker service terminated with the following error: A device attached to the system is not functioning. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81320 Keywords=Classic Message=The Network Connection Broker service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10010 EventType=2 Type=Error ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81319 Keywords=Classic Message=The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81318 Keywords=Classic Message=The Windows Defender Service service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81313 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81312 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81311 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81310 Keywords=Classic Message=The State Repository Service service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81309 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81308 Keywords=Classic Message=The DHCP Client service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=81307 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=81306 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81305 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81304 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81303 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81302 Keywords=Classic Message=The Software Protection service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81301 Keywords=Classic Message=The Windows Time service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81300 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81299 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81298 Keywords=Classic Message=The Distributed Link Tracking Client service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81297 Keywords=Classic Message=The Device Install Service service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81296 Keywords=Classic Message=The User Profile Service service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81295 Keywords=Classic Message=The Plug and Play service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81294 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81293 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81292 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81291 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 11/09/2020 10:49:28 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81290 Keywords=Classic Message=The process C:\Windows\system32\winlogon.exe (EC2AMAZ-H0SHIJ3) has initiated the restart of computer WIN-RQ05606RPN5 on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Upgrade (Planned) Reason Code: 0x80020003 Shutdown Type: restart Comment: 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Setup EventCode=2004 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=OS information OpCode=Info RecordNumber=81289 Keywords=None Message=Successfully logged OS information 11/09/2020 10:49:28 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=None RecordNumber=81288 Keywords=Classic Message=The Event log service was stopped. 11/09/2020 10:49:28 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10149 EventType=3 Type=Warning ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=Info RecordNumber=81287 Keywords=Classic Message=The WinRM service is not listening for WS-Management requests. User Action If you did not intentionally stop the service, use the following command to see the WinRM configuration: winrm enumerate winrm/config/listener 11/09/2020 10:49:29 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=103 OpCode=Info RecordNumber=81324 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 11/09/2020 10:49:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81323 Keywords=Classic Message=The Windows Update service entered the stopped state. 11/09/2020 10:49:29 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81322 Keywords=None Message=The access history in hive \??\C:\Windows\AppCompat\Programs\Amcache.hve was cleared updating 14 keys and creating 7 modified pages. 11/09/2020 10:49:30 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=2 OpCode=Info RecordNumber=81325 Keywords=None Message=The operating system is shutting down at system time ‎2020‎-‎11‎-‎09T10:49:30.024134500Z. 11/09/2020 10:49:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81292 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 11/09/2020 10:49:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81291 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 11/09/2020 10:49:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81290 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 11/09/2020 10:49:30 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81289 Keywords=Classic Message=The process C:\Windows\system32\winlogon.exe (EC2AMAZ-H0SHIJ3) has initiated the restart of computer WIN-BPQP221EQ94 on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Upgrade (Planned) Reason Code: 0x80020003 Shutdown Type: restart Comment: 11/09/2020 10:49:30 AM LogName=System SourceName=Microsoft-Windows-Setup EventCode=2004 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=OS information OpCode=Info RecordNumber=81288 Keywords=None Message=Successfully logged OS information 11/09/2020 10:49:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81317 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 11/09/2020 10:49:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81316 Keywords=Classic Message=The Windows Defender Service service entered the stopped state. 11/09/2020 10:49:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81315 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 11/09/2020 10:49:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81310 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 11/09/2020 10:49:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81309 Keywords=Classic Message=The State Repository Service service entered the stopped state. 11/09/2020 10:49:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81308 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 11/09/2020 10:49:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81307 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 11/09/2020 10:49:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81306 Keywords=Classic Message=The DHCP Client service entered the stopped state. 11/09/2020 10:49:31 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=81305 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 11/09/2020 10:49:31 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=81304 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 11/09/2020 10:49:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81303 Keywords=Classic Message=The Distributed Link Tracking Client service entered the stopped state. 11/09/2020 10:49:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81302 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 11/09/2020 10:49:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81301 Keywords=Classic Message=The Software Protection service entered the stopped state. 11/09/2020 10:49:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81300 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the stopped state. 11/09/2020 10:49:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81299 Keywords=Classic Message=The User Profile Service service entered the stopped state. 11/09/2020 10:49:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81298 Keywords=Classic Message=The Device Install Service service entered the stopped state. 11/09/2020 10:49:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81297 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 11/09/2020 10:49:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81296 Keywords=Classic Message=The Plug and Play service entered the stopped state. 11/09/2020 10:49:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81295 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 11/09/2020 10:49:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81294 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 11/09/2020 10:49:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81293 Keywords=Classic Message=The Windows Time service entered the stopped state. 11/09/2020 10:49:31 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=EC2AMAZ-H0SHIJ3 TaskCategory=None OpCode=None RecordNumber=81287 Keywords=Classic Message=The Event log service was stopped. 11/09/2020 10:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81322 Keywords=Classic Message=The Windows Update service entered the stopped state. 11/09/2020 10:49:33 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81321 Keywords=None Message=The access history in hive \??\C:\Windows\AppCompat\Programs\Amcache.hve was cleared updating 14 keys and creating 7 modified pages. 11/09/2020 10:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7023 EventType=2 Type=Error ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81320 Keywords=Classic Message=The Network Connection Broker service terminated with the following error: A device attached to the system is not functioning. 11/09/2020 10:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81319 Keywords=Classic Message=The Network Connection Broker service entered the stopped state. 11/09/2020 10:49:33 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10010 EventType=2 Type=Error ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81318 Keywords=Classic Message=The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout. 11/09/2020 10:49:34 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=2 OpCode=Info RecordNumber=81324 Keywords=None Message=The operating system is shutting down at system time ‎2020‎-‎11‎-‎09T10:49:34.811972800Z. 11/09/2020 10:49:34 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=103 OpCode=Info RecordNumber=81323 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 11/09/2020 10:49:54 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81332 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 11/09/2020 10:49:54 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81331 Keywords=None Message=There are 0x1 boot options on this system. 11/09/2020 10:49:54 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=81330 Keywords=None Message=The boot menu policy was 0x0. 11/09/2020 10:49:54 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=81329 Keywords=None Message=The boot type was 0x0. 11/09/2020 10:49:54 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=81328 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 11/09/2020 10:49:54 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81327 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 11/09/2020 10:49:54 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=81326 Keywords=None Message=The operating system started at system time ‎2020‎-‎11‎-‎09T10:49:54.492442200Z. 11/09/2020 10:49:57 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81331 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 11/09/2020 10:49:57 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81330 Keywords=None Message=There are 0x1 boot options on this system. 11/09/2020 10:49:57 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=81329 Keywords=None Message=The boot menu policy was 0x0. 11/09/2020 10:49:57 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=81328 Keywords=None Message=The boot type was 0x0. 11/09/2020 10:49:57 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=81327 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 11/09/2020 10:49:57 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81326 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 11/09/2020 10:49:57 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=81325 Keywords=None Message=The operating system started at system time ‎2020‎-‎11‎-‎09T10:49:57.498543400Z. 11/09/2020 10:49:58 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81340 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2299 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 10:49:58 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81339 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2299 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 10:49:58 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=81338 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 11/09/2020 10:49:58 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81337 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:49:58 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81336 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:49:58 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81335 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 11/09/2020 10:49:58 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81334 Keywords=None Message=File System Filter 'WdFilter' (10.0, ‎2098‎-‎06‎-‎20T11:58:38.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:49:58 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81333 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:49:59 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81341 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 11/09/2020 10:50:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81358 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 11/09/2020 10:50:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81357 Keywords=Classic Message=The AppXSvc service entered the running state. 11/09/2020 10:50:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81356 Keywords=Classic Message=The StateRepository service entered the running state. 11/09/2020 10:50:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81355 Keywords=Classic Message=The dmwappushservice service entered the running state. 11/09/2020 10:50:00 AM LogName=System SourceName=vxn EventCode=31 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=None RecordNumber=81354 Keywords=Classic Message=Intel(R) 82599 Virtual Function Network link has been established at 10Gbps full duplex. 11/09/2020 10:50:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81353 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 11/09/2020 10:50:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81352 Keywords=Classic Message=The NetSetupSvc service entered the running state. 11/09/2020 10:50:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81351 Keywords=Classic Message=The DeviceInstall service entered the running state. 11/09/2020 10:50:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81350 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 11/09/2020 10:50:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81349 Keywords=Classic Message=The sppsvc service entered the running state. 11/09/2020 10:50:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81348 Keywords=Classic Message=The LSM service entered the running state. 11/09/2020 10:50:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81347 Keywords=Classic Message=The RpcSs service entered the running state. 11/09/2020 10:50:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81346 Keywords=Classic Message=The RpcEptMapper service entered the running state. 11/09/2020 10:50:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81345 Keywords=Classic Message=The DcomLaunch service entered the running state. 11/09/2020 10:50:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81344 Keywords=Classic Message=The Power service entered the running state. 11/09/2020 10:50:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81343 Keywords=Classic Message=The PlugPlay service entered the running state. 11/09/2020 10:50:00 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81342 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 11/09/2020 10:50:01 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81339 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 10:50:01 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81338 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 10:50:01 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=81337 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 11/09/2020 10:50:01 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81336 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:50:01 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81335 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:50:01 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81334 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 11/09/2020 10:50:01 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81333 Keywords=None Message=File System Filter 'WdFilter' (10.0, ‎2098‎-‎06‎-‎20T11:58:38.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:50:01 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81332 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:50:02 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81340 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 11/09/2020 10:50:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81356 Keywords=Classic Message=The AppXSvc service entered the running state. 11/09/2020 10:50:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81355 Keywords=Classic Message=The StateRepository service entered the running state. 11/09/2020 10:50:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81354 Keywords=Classic Message=The NetSetupSvc service entered the running state. 11/09/2020 10:50:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81353 Keywords=Classic Message=The dmwappushservice service entered the running state. 11/09/2020 10:50:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81352 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 11/09/2020 10:50:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81351 Keywords=Classic Message=The DeviceInstall service entered the running state. 11/09/2020 10:50:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81350 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 11/09/2020 10:50:03 AM LogName=System SourceName=vxn EventCode=31 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=None RecordNumber=81349 Keywords=Classic Message=Intel(R) 82599 Virtual Function Network link has been established at 10Gbps full duplex. 11/09/2020 10:50:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81348 Keywords=Classic Message=The sppsvc service entered the running state. 11/09/2020 10:50:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81347 Keywords=Classic Message=The LSM service entered the running state. 11/09/2020 10:50:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81346 Keywords=Classic Message=The RpcSs service entered the running state. 11/09/2020 10:50:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81345 Keywords=Classic Message=The RpcEptMapper service entered the running state. 11/09/2020 10:50:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81344 Keywords=Classic Message=The DcomLaunch service entered the running state. 11/09/2020 10:50:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81343 Keywords=Classic Message=The Power service entered the running state. 11/09/2020 10:50:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81342 Keywords=Classic Message=The PlugPlay service entered the running state. 11/09/2020 10:50:03 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81341 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 11/09/2020 10:50:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81357 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 11/09/2020 10:50:05 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=81360 Keywords=Time Message=The system time has changed to ‎2020‎-‎11‎-‎09T10:50:05.656000000Z from ‎2020‎-‎11‎-‎09T10:50:05.666931400Z. Change Reason: An application or system component changed the time. 11/09/2020 10:50:05 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=81359 Keywords=Time Message=The system time has changed to ‎2020‎-‎11‎-‎09T10:50:05.656364200Z from ‎2020‎-‎11‎-‎09T10:50:05.656364200Z. Change Reason: System time adjusted to the new time zone. 11/09/2020 10:50:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81361 Keywords=Classic Message=The CryptSvc service entered the running state. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81388 Keywords=Classic Message=The FontCache service entered the running state. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81387 Keywords=Classic Message=The Wcmsvc service entered the running state. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81386 Keywords=Classic Message=The ProfSvc service entered the running state. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81385 Keywords=Classic Message=The SENS service entered the running state. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81384 Keywords=Classic Message=The ShellHWDetection service entered the running state. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81383 Keywords=Classic Message=The gpsvc service entered the running state. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81382 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81381 Keywords=Classic Message=The EventSystem service entered the running state. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81380 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81378 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2019‎-‎04‎-‎02T04:23:00.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81377 Keywords=Classic Message=The NcbService service entered the running state. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81376 Keywords=Classic Message=The WPDBusEnum service entered the running state. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81375 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81374 Keywords=Classic Message=The Themes service entered the running state. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81373 Keywords=Classic Message=The Dnscache service entered the running state. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81372 Keywords=Classic Message=The lmhosts service entered the running state. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81371 Keywords=Classic Message=The DsmSvc service entered the running state. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81370 Keywords=Classic Message=The netprofm service entered the running state. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81369 Keywords=Classic Message=The NlaSvc service entered the running state. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81368 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81367 Keywords=Classic Message=The Dhcp service entered the running state. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=81366 Keywords=None Message=DHCPv6 client service is started 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=81365 Keywords=None Message=DHCPv4 client service is started 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81364 Keywords=Classic Message=The nsi service entered the running state. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81363 Keywords=Classic Message=The EventLog service entered the running state. 11/09/2020 10:50:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81362 Keywords=Classic Message=The W32Time service entered the running state. 11/09/2020 10:50:07 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=None RecordNumber=81317 Keywords=Classic Message=The system uptime is 12 seconds. 11/09/2020 10:50:07 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=None RecordNumber=81316 Keywords=Classic Message=The Event log service was started. 11/09/2020 10:50:07 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=None RecordNumber=81315 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 11/09/2020 10:50:07 AM LogName=System SourceName=EventLog EventCode=6011 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=None RecordNumber=81314 Keywords=Classic Message=The NetBIOS name and DNS host name of this machine have been changed from WIN-RQ05606RPN5 to EC2AMAZ-DRAP9BO. 11/09/2020 10:50:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81407 Keywords=Classic Message=The WinDefend service entered the running state. 11/09/2020 10:50:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81406 Keywords=Classic Message=The iphlpsvc service entered the running state. 11/09/2020 10:50:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81405 Keywords=Classic Message=The WpnService service entered the running state. 11/09/2020 10:50:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81404 Keywords=Classic Message=The WinRM service entered the running state. 11/09/2020 10:50:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81403 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 11/09/2020 10:50:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81402 Keywords=Classic Message=The LanmanServer service entered the running state. 11/09/2020 10:50:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81401 Keywords=Classic Message=The Spooler service entered the running state. 11/09/2020 10:50:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81400 Keywords=Classic Message=The MpsSvc service entered the running state. 11/09/2020 10:50:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81399 Keywords=Classic Message=The RemoteRegistry service entered the running state. 11/09/2020 10:50:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81398 Keywords=Classic Message=The PcaSvc service entered the running state. 11/09/2020 10:50:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81397 Keywords=Classic Message=The TrkWks service entered the running state. 11/09/2020 10:50:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81396 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 11/09/2020 10:50:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81395 Keywords=Classic Message=The Winmgmt service entered the running state. 11/09/2020 10:50:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81394 Keywords=Classic Message=The UserManager service entered the running state. 11/09/2020 10:50:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81393 Keywords=Classic Message=The SamSs service entered the running state. 11/09/2020 10:50:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81392 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 11/09/2020 10:50:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81391 Keywords=Classic Message=The BFE service entered the running state. 11/09/2020 10:50:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81390 Keywords=Classic Message=The Schedule service entered the running state. 11/09/2020 10:50:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81389 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 11/09/2020 10:50:08 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=Info RecordNumber=81379 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 11/09/2020 10:50:08 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=81359 Keywords=Time Message=The system time has changed to ‎2020‎-‎11‎-‎09T10:50:08.934000000Z from ‎2020‎-‎11‎-‎09T10:50:08.943682700Z. Change Reason: An application or system component changed the time. 11/09/2020 10:50:08 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=81358 Keywords=Time Message=The system time has changed to ‎2020‎-‎11‎-‎09T10:50:08.934601300Z from ‎2020‎-‎11‎-‎09T10:50:08.934601300Z. Change Reason: System time adjusted to the new time zone. 11/09/2020 10:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81410 Keywords=Classic Message=The AppReadiness service entered the running state. 11/09/2020 10:50:09 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=35 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81409 Keywords=None Message=The time service is now synchronizing the system time with the time source 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 11/09/2020 10:50:09 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81408 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 11/09/2020 10:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81360 Keywords=Classic Message=The CryptSvc service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81414 Keywords=Classic Message=The DmEnrollmentSvc service entered the stopped state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81413 Keywords=Classic Message=The DmEnrollmentSvc service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81412 Keywords=Classic Message=The wlidsvc service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=81411 Keywords=Time Message=The system time has changed to ‎2020‎-‎11‎-‎09T10:50:10.025342000Z from ‎2020‎-‎11‎-‎09T10:50:10.025342000Z. Change Reason: System time adjusted to the new time zone. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81390 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81389 Keywords=Classic Message=The Wcmsvc service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81388 Keywords=Classic Message=The FontCache service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81387 Keywords=Classic Message=The ShellHWDetection service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81386 Keywords=Classic Message=The UserManager service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81385 Keywords=Classic Message=The gpsvc service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81384 Keywords=Classic Message=The ProfSvc service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81383 Keywords=Classic Message=The SENS service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81382 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81381 Keywords=Classic Message=The WPDBusEnum service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81380 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81379 Keywords=Classic Message=The EventSystem service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81378 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81377 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81376 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2019‎-‎04‎-‎02T04:23:00.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81375 Keywords=Classic Message=The Dnscache service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81374 Keywords=Classic Message=The NcbService service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81373 Keywords=Classic Message=The Schedule service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81372 Keywords=Classic Message=The DsmSvc service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81371 Keywords=Classic Message=The netprofm service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81370 Keywords=Classic Message=The lmhosts service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81369 Keywords=Classic Message=The Themes service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81368 Keywords=Classic Message=The NlaSvc service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81367 Keywords=Classic Message=The Dhcp service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81366 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=81365 Keywords=None Message=DHCPv6 client service is started 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=81364 Keywords=None Message=DHCPv4 client service is started 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81363 Keywords=Classic Message=The nsi service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81362 Keywords=Classic Message=The EventLog service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81361 Keywords=Classic Message=The W32Time service entered the running state. 11/09/2020 10:50:10 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=None RecordNumber=81314 Keywords=Classic Message=The system uptime is 12 seconds. 11/09/2020 10:50:10 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=None RecordNumber=81313 Keywords=Classic Message=The Event log service was started. 11/09/2020 10:50:10 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=None RecordNumber=81312 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 11/09/2020 10:50:10 AM LogName=System SourceName=EventLog EventCode=6011 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=None RecordNumber=81311 Keywords=Classic Message=The NetBIOS name and DNS host name of this machine have been changed from WIN-BPQP221EQ94 to EC2AMAZ-VS2L7UP. 11/09/2020 10:50:11 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81417 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:172.31.41.226 has been brought up. 11/09/2020 10:50:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81416 Keywords=Classic Message=The TermService service entered the running state. 11/09/2020 10:50:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81415 Keywords=Classic Message=The WdNisSvc service entered the running state. 11/09/2020 10:50:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81407 Keywords=Classic Message=The AppReadiness service entered the running state. 11/09/2020 10:50:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81406 Keywords=Classic Message=The WpnService service entered the running state. 11/09/2020 10:50:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81405 Keywords=Classic Message=The WinDefend service entered the running state. 11/09/2020 10:50:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81404 Keywords=Classic Message=The LanmanServer service entered the running state. 11/09/2020 10:50:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81403 Keywords=Classic Message=The WinRM service entered the running state. 11/09/2020 10:50:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81402 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 11/09/2020 10:50:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81401 Keywords=Classic Message=The iphlpsvc service entered the running state. 11/09/2020 10:50:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81400 Keywords=Classic Message=The PcaSvc service entered the running state. 11/09/2020 10:50:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81399 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 11/09/2020 10:50:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81398 Keywords=Classic Message=The TrkWks service entered the running state. 11/09/2020 10:50:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81397 Keywords=Classic Message=The RemoteRegistry service entered the running state. 11/09/2020 10:50:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81396 Keywords=Classic Message=The Winmgmt service entered the running state. 11/09/2020 10:50:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81395 Keywords=Classic Message=The Spooler service entered the running state. 11/09/2020 10:50:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81394 Keywords=Classic Message=The SamSs service entered the running state. 11/09/2020 10:50:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81393 Keywords=Classic Message=The MpsSvc service entered the running state. 11/09/2020 10:50:11 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=Info RecordNumber=81392 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 11/09/2020 10:50:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81391 Keywords=Classic Message=The BFE service entered the running state. 11/09/2020 10:50:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81422 Keywords=Classic Message=The KeyIso service entered the running state. 11/09/2020 10:50:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81421 Keywords=Classic Message=The SessionEnv service entered the running state. 11/09/2020 10:50:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81420 Keywords=Classic Message=The CertPropSvc service entered the running state. 11/09/2020 10:50:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81419 Keywords=Classic Message=The UmRdpService service entered the running state. 11/09/2020 10:50:12 AM LogName=System SourceName=Microsoft-Windows-TerminalServices-RemoteConnectionManager EventCode=1056 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81418 Keywords=Classic Message=A new self signed certificate to be used for RD Session Host Server authentication on SSL connections was generated. The name on this certificate is EC2AMAZ-DRAP9BO. The SHA1 hash of the certificate is in the event data. 11/09/2020 10:50:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81411 Keywords=Classic Message=The DmEnrollmentSvc service entered the stopped state. 11/09/2020 10:50:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81410 Keywords=Classic Message=The DmEnrollmentSvc service entered the running state. 11/09/2020 10:50:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81409 Keywords=Classic Message=The wlidsvc service entered the running state. 11/09/2020 10:50:12 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=81408 Keywords=Time Message=The system time has changed to ‎2020‎-‎11‎-‎09T10:50:12.368982500Z from ‎2020‎-‎11‎-‎09T10:50:12.368982500Z. Change Reason: System time adjusted to the new time zone. 11/09/2020 10:50:13 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81414 Keywords=Classic Message=The TermService service entered the running state. 11/09/2020 10:50:13 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81413 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:169.254.117.177 has been brought up. 11/09/2020 10:50:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81423 Keywords=Classic Message=The wuauserv service entered the running state. 11/09/2020 10:50:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81419 Keywords=Classic Message=The WdNisSvc service entered the running state. 11/09/2020 10:50:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81418 Keywords=Classic Message=The KeyIso service entered the running state. 11/09/2020 10:50:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81417 Keywords=Classic Message=The SessionEnv service entered the running state. 11/09/2020 10:50:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81416 Keywords=Classic Message=The CertPropSvc service entered the running state. 11/09/2020 10:50:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81415 Keywords=Classic Message=The UmRdpService service entered the running state. 11/09/2020 10:50:14 AM LogName=System SourceName=Microsoft-Windows-TerminalServices-RemoteConnectionManager EventCode=1056 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81412 Keywords=Classic Message=A new self signed certificate to be used for RD Session Host Server authentication on SSL connections was generated. The name on this certificate is EC2AMAZ-VS2L7UP. The SHA1 hash of the certificate is in the event data. 11/09/2020 10:50:16 AM LogName=System SourceName=Microsoft-Windows-TPM-WMI EventCode=1282 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81425 Keywords=None Message=The TBS device identifier has been generated. 11/09/2020 10:50:16 AM LogName=System SourceName=Microsoft-Windows-TPM-WMI EventCode=1281 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81424 Keywords=None Message=This event triggers the TBS device identifier generation. 11/09/2020 10:50:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81424 Keywords=Classic Message=The wuauserv service entered the running state. 11/09/2020 10:50:16 AM LogName=System SourceName=Microsoft-Windows-TPM-WMI EventCode=1282 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81423 Keywords=None Message=The TBS device identifier has been generated. 11/09/2020 10:50:16 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81422 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:172.31.44.144 has been brought up. 11/09/2020 10:50:16 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4201 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81421 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal is no longer active. 11/09/2020 10:50:16 AM LogName=System SourceName=Microsoft-Windows-TPM-WMI EventCode=1281 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81420 Keywords=None Message=This event triggers the TBS device identifier generation. 11/09/2020 10:50:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81426 Keywords=Classic Message=The TrustedInstaller service entered the running state. 11/09/2020 10:50:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81425 Keywords=Classic Message=The TrustedInstaller service entered the running state. 11/09/2020 10:50:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81427 Keywords=Classic Message=The vds service entered the running state. 11/09/2020 10:50:30 AM LogName=System SourceName=Virtual Disk Service EventCode=3 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=None RecordNumber=81426 Keywords=Classic Message=Service started. 11/09/2020 10:50:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81428 Keywords=Classic Message=The vds service entered the running state. 11/09/2020 10:50:31 AM LogName=System SourceName=Virtual Disk Service EventCode=3 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=None RecordNumber=81427 Keywords=Classic Message=Service started. 11/09/2020 10:50:34 AM LogName=System SourceName=Microsoft-Windows-UserModePowerService EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=10 OpCode=Info RecordNumber=81429 Keywords=None Message=Process C:\Windows\System32\powercfg.exe (process ID:3228) reset policy scheme from {8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C} to {8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C} 11/09/2020 10:50:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81429 Keywords=Classic Message=The start type of the Amazon SSM Agent service was changed from disabled to auto start. 11/09/2020 10:50:34 AM LogName=System SourceName=Microsoft-Windows-UserModePowerService EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=10 OpCode=Info RecordNumber=81428 Keywords=None Message=Process C:\Windows\System32\powercfg.exe (process ID:3268) reset policy scheme from {8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C} to {8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C} 11/09/2020 10:50:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81430 Keywords=Classic Message=The start type of the Amazon SSM Agent service was changed from disabled to auto start. 11/09/2020 10:50:41 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81430 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-VS2L7UP\Administrator SID (S-1-5-21-2991745389-3361229759-3978745117-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 10:50:44 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81431 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-DRAP9BO\Administrator SID (S-1-5-21-2805018519-3480086718-1000522476-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 10:50:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7023 EventType=2 Type=Error ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81439 Keywords=Classic Message=Splunk could not get the description for this event. Either the component that raises this event is not installed on your local computer or the installation is corrupt. FormatMessage error: Got the following information from this event: Tile Data model server %%2147943515 11/09/2020 10:50:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81438 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 11/09/2020 10:50:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81437 Keywords=Classic Message=The App Readiness service entered the stopped state. 11/09/2020 10:50:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81436 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 11/09/2020 10:50:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81435 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 11/09/2020 10:50:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81434 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 11/09/2020 10:50:44 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81433 Keywords=Classic Message=The process C:\Windows\system32\shutdown.exe (EC2AMAZ-VS2L7UP) has initiated the shutdown of computer EC2AMAZ-VS2L7UP on behalf of user EC2AMAZ-VS2L7UP\Administrator for the following reason: No title for this reason could be found Reason Code: 0x800000ff Shutdown Type: shutdown Comment: 11/09/2020 10:50:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81432 Keywords=Classic Message=The start type of the Amazon SSM Agent service was changed from auto start to disabled. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81467 Keywords=Classic Message=The Windows Update service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81466 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81465 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81464 Keywords=Classic Message=The Windows Defender Service service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81463 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81462 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81461 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81460 Keywords=Classic Message=The State Repository Service service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81459 Keywords=Classic Message=The DHCP Client service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=81458 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=81457 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81453 Keywords=Classic Message=The Remote Desktop Services service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81452 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81451 Keywords=Classic Message=The Certificate Propagation service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81450 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81449 Keywords=Classic Message=The Software Protection service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81448 Keywords=Classic Message=The Distributed Link Tracking Client service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81447 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81446 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81445 Keywords=Classic Message=The Device Install Service service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81444 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81443 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81442 Keywords=Classic Message=The Remote Desktop Services UserMode Port Redirector service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81441 Keywords=Classic Message=The Windows Time service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81440 Keywords=Classic Message=The Plug and Play service entered the stopped state. 11/09/2020 10:50:45 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=None RecordNumber=81431 Keywords=Classic Message=The Event log service was stopped. 11/09/2020 10:50:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81439 Keywords=Classic Message=The Plug and Play service entered the stopped state. 11/09/2020 10:50:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81438 Keywords=Classic Message=The App Readiness service entered the stopped state. 11/09/2020 10:50:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81437 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 11/09/2020 10:50:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81436 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 11/09/2020 10:50:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81435 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 11/09/2020 10:50:47 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81434 Keywords=Classic Message=The process C:\Windows\system32\shutdown.exe (EC2AMAZ-DRAP9BO) has initiated the shutdown of computer EC2AMAZ-DRAP9BO on behalf of user EC2AMAZ-DRAP9BO\Administrator for the following reason: No title for this reason could be found Reason Code: 0x800000ff Shutdown Type: shutdown Comment: 11/09/2020 10:50:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81433 Keywords=Classic Message=The start type of the Amazon SSM Agent service was changed from auto start to disabled. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81466 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81464 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81463 Keywords=Classic Message=The Windows Update service entered the stopped state. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81462 Keywords=Classic Message=The Remote Desktop Services service entered the stopped state. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81461 Keywords=Classic Message=The Windows Defender Service service entered the stopped state. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81460 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 11/09/2020 10:50:48 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=None RecordNumber=81459 Keywords=Classic Message=The Event log service was stopped. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81458 Keywords=Classic Message=The User Profile Service service entered the stopped state. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81457 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81456 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81455 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81454 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81453 Keywords=Classic Message=The Distributed Link Tracking Client service entered the stopped state. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81452 Keywords=Classic Message=The Software Protection service entered the stopped state. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81451 Keywords=Classic Message=The State Repository Service service entered the stopped state. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81450 Keywords=Classic Message=The Remote Desktop Services UserMode Port Redirector service entered the stopped state. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81449 Keywords=Classic Message=The DHCP Client service entered the stopped state. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=81448 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=81447 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81446 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the stopped state. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81445 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81444 Keywords=Classic Message=The Windows Time service entered the stopped state. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81443 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=81442 Keywords=Time Message=The system time has changed to ‎2020‎-‎11‎-‎09T10:50:48.014000000Z from ‎2020‎-‎11‎-‎09T10:50:48.023605200Z. Change Reason: An application or system component changed the time. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81441 Keywords=Classic Message=The Certificate Propagation service entered the stopped state. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81440 Keywords=Classic Message=The Device Install Service service entered the stopped state. 11/09/2020 10:50:48 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10149 EventType=3 Type=Warning ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=Info RecordNumber=81432 Keywords=Classic Message=The WinRM service is not listening for WS-Management requests. User Action If you did not intentionally stop the service, use the following command to see the WinRM configuration: winrm enumerate winrm/config/listener 11/09/2020 10:50:50 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=2 OpCode=Info RecordNumber=81470 Keywords=None Message=The operating system is shutting down at system time ‎2020‎-‎11‎-‎09T10:50:50.476035900Z. 11/09/2020 10:50:50 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=103 OpCode=Info RecordNumber=81469 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 11/09/2020 10:50:52 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=2 OpCode=Info RecordNumber=81471 Keywords=None Message=The operating system is shutting down at system time ‎2020‎-‎11‎-‎09T10:50:52.663130900Z. 11/09/2020 10:50:52 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=103 OpCode=Info RecordNumber=81470 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 11/09/2020 10:50:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81467 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 11/09/2020 11:24:28 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81477 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 11/09/2020 11:24:28 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81476 Keywords=None Message=There are 0x1 boot options on this system. 11/09/2020 11:24:28 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=81475 Keywords=None Message=The boot menu policy was 0x0. 11/09/2020 11:24:28 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=81474 Keywords=None Message=The boot type was 0x0. 11/09/2020 11:24:28 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=81473 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 11/09/2020 11:24:28 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81472 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 11/09/2020 11:24:28 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=81471 Keywords=None Message=The operating system started at system time ‎2020‎-‎11‎-‎09T11:24:28.498272000Z. 11/09/2020 11:24:32 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81479 Keywords=None Message=File System Filter 'WdFilter' (10.0, ‎2098‎-‎06‎-‎20T11:58:38.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:24:32 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81478 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:24:33 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81480 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 11/09/2020 11:24:35 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81491 Keywords=None Message=Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:24:35 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81490 Keywords=None Message=Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:24:35 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81489 Keywords=None Message=Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:24:35 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81488 Keywords=None Message=Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:24:35 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81487 Keywords=None Message=Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:24:35 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81486 Keywords=None Message=Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:24:35 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81485 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:24:35 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81484 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:24:35 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=81483 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 11/09/2020 11:24:35 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81482 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:24:35 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81481 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:24:41 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81492 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 11/09/2020 11:24:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81498 Keywords=Classic Message=The RpcSs service entered the running state. 11/09/2020 11:24:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81497 Keywords=Classic Message=The RpcEptMapper service entered the running state. 11/09/2020 11:24:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81496 Keywords=Classic Message=The DcomLaunch service entered the running state. 11/09/2020 11:24:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81495 Keywords=Classic Message=The Power service entered the running state. 11/09/2020 11:24:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81494 Keywords=Classic Message=The PlugPlay service entered the running state. 11/09/2020 11:24:42 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81493 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81525 Keywords=Classic Message=The NcbService service entered the running state. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81524 Keywords=Classic Message=The netprofm service entered the running state. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81523 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81522 Keywords=Classic Message=The SENS service entered the running state. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81521 Keywords=Classic Message=The ProfSvc service entered the running state. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81520 Keywords=Classic Message=The NlaSvc service entered the running state. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81519 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81518 Keywords=Classic Message=The FontCache service entered the running state. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81517 Keywords=Classic Message=The Dnscache service entered the running state. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81516 Keywords=Classic Message=The Wcmsvc service entered the running state. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81515 Keywords=Classic Message=The gpsvc service entered the running state. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81514 Keywords=Classic Message=The Dhcp service entered the running state. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=81513 Keywords=None Message=DHCPv6 client service is started 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81512 Keywords=Classic Message=The EventLog service entered the running state. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=81511 Keywords=None Message=DHCPv4 client service is started 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81510 Keywords=Classic Message=The nsi service entered the running state. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81509 Keywords=Classic Message=The Themes service entered the running state. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81508 Keywords=Classic Message=The EventSystem service entered the running state. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81507 Keywords=Classic Message=The lmhosts service entered the running state. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81506 Keywords=Classic Message=The WPDBusEnum service entered the running state. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81505 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81504 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81503 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2019‎-‎04‎-‎02T04:23:00.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81502 Keywords=Classic Message=The TermService service entered the running state. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81501 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81500 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 11/09/2020 11:24:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81499 Keywords=Classic Message=The LSM service entered the running state. 11/09/2020 11:24:43 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=None RecordNumber=81456 Keywords=Classic Message=The system uptime is 15 seconds. 11/09/2020 11:24:43 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=None RecordNumber=81455 Keywords=Classic Message=The Event log service was started. 11/09/2020 11:24:43 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=None RecordNumber=81454 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81548 Keywords=Classic Message=The WpnService service entered the running state. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81547 Keywords=Classic Message=The WinRM service entered the running state. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81546 Keywords=Classic Message=The Winmgmt service entered the running state. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81545 Keywords=Classic Message=The LanmanServer service entered the running state. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81544 Keywords=Classic Message=The W32Time service entered the running state. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81543 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81542 Keywords=Classic Message=The RemoteRegistry service entered the running state. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81541 Keywords=Classic Message=The UserManager service entered the running state. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81540 Keywords=Classic Message=The TrkWks service entered the running state. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81539 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81538 Keywords=Classic Message=The PcaSvc service entered the running state. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81537 Keywords=Classic Message=The Spooler service entered the running state. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81536 Keywords=Classic Message=The MpsSvc service entered the running state. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81535 Keywords=Classic Message=The SessionEnv service entered the running state. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81534 Keywords=Classic Message=The CryptSvc service entered the running state. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81533 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81532 Keywords=Classic Message=The Schedule service entered the running state. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81531 Keywords=Classic Message=The SamSs service entered the running state. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81530 Keywords=Classic Message=The CertPropSvc service entered the running state. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81529 Keywords=Classic Message=The BFE service entered the running state. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81528 Keywords=Classic Message=The UmRdpService service entered the running state. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81527 Keywords=Classic Message=The DsmSvc service entered the running state. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81526 Keywords=Classic Message=The ShellHWDetection service entered the running state. 11/09/2020 11:24:44 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=Info RecordNumber=81468 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 11/09/2020 11:24:45 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81556 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:10.0.1.14 has been brought up. 11/09/2020 11:24:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81555 Keywords=Classic Message=The NetSetupSvc service entered the running state. 11/09/2020 11:24:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81554 Keywords=Classic Message=The WinDefend service entered the running state. 11/09/2020 11:24:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81553 Keywords=Classic Message=The iphlpsvc service entered the running state. 11/09/2020 11:24:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81552 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 11/09/2020 11:24:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81551 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 11/09/2020 11:24:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81550 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 11/09/2020 11:24:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81549 Keywords=Classic Message=The StateRepository service entered the running state. 11/09/2020 11:24:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81557 Keywords=Classic Message=The DeviceInstall service entered the running state. 11/09/2020 11:24:49 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81558 Keywords=Classic Message=The wuauserv service entered the running state. 11/09/2020 11:24:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81559 Keywords=Classic Message=The WdNisSvc service entered the running state. 11/09/2020 11:24:56 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81560 Keywords=Classic Message=The TrustedInstaller service entered the running state. 11/09/2020 11:25:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81562 Keywords=Classic Message=The vds service entered the running state. 11/09/2020 11:25:23 AM LogName=System SourceName=Virtual Disk Service EventCode=3 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=None RecordNumber=81561 Keywords=Classic Message=Service started. 11/09/2020 11:25:26 AM LogName=System SourceName=Microsoft-Windows-UserModePowerService EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=10 OpCode=Info RecordNumber=81563 Keywords=None Message=Process C:\Windows\System32\powercfg.exe (process ID:4004) reset policy scheme from {8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C} to {8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C} 11/09/2020 11:25:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81564 Keywords=Classic Message=The start type of the Amazon SSM Agent service was changed from disabled to auto start. 11/09/2020 11:25:32 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81565 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-VS2L7UP\Administrator SID (S-1-5-21-2991745389-3361229759-3978745117-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:25:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81566 Keywords=Classic Message=The CNG Key Isolation service entered the running state. 11/09/2020 11:25:36 AM LogName=System SourceName=Microsoft-Windows-HttpEvent EventCode=15301 EventType=3 Type=Warning ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81570 Keywords=Classic Message=SSL Certificate Settings created by an admin process for endpoint : 0.0.0.0:5986 . 11/09/2020 11:25:36 AM LogName=System SourceName=Microsoft-Windows-HttpEvent EventCode=15007 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81569 Keywords=Classic Message=Reservation for namespace identified by URL prefix https://+:5986/wsman/ was successfully added. 11/09/2020 11:25:36 AM LogName=System SourceName=Microsoft-Windows-HttpEvent EventCode=15008 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81568 Keywords=Classic Message=Reservation for namespace identified by URL prefix https://+:5986/wsman/ was successfully deleted. 11/09/2020 11:25:36 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81567 Keywords=Classic Message=The Microsoft Passport service entered the running state. 11/09/2020 11:25:38 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81572 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-VS2L7UP\Administrator SID (S-1-5-21-2991745389-3361229759-3978745117-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:25:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81571 Keywords=Classic Message=The IPsec Policy Agent service entered the running state. 11/09/2020 11:25:40 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81573 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-VS2L7UP\Administrator SID (S-1-5-21-2991745389-3361229759-3978745117-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:25:41 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81575 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-VS2L7UP\Administrator SID (S-1-5-21-2991745389-3361229759-3978745117-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:25:41 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81574 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-VS2L7UP\Administrator SID (S-1-5-21-2991745389-3361229759-3978745117-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:25:42 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81578 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-VS2L7UP\Administrator SID (S-1-5-21-2991745389-3361229759-3978745117-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:25:42 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81577 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-VS2L7UP\Administrator SID (S-1-5-21-2991745389-3361229759-3978745117-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:25:42 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81576 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-VS2L7UP\Administrator SID (S-1-5-21-2991745389-3361229759-3978745117-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:25:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81581 Keywords=Classic Message=The Amazon SSM Agent service entered the running state. 11/09/2020 11:25:43 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81580 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-VS2L7UP\Administrator SID (S-1-5-21-2991745389-3361229759-3978745117-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:25:43 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81579 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-VS2L7UP\Administrator SID (S-1-5-21-2991745389-3361229759-3978745117-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:25:46 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81582 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-VS2L7UP\Administrator SID (S-1-5-21-2991745389-3361229759-3978745117-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:26:04 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81583 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-VS2L7UP\Administrator SID (S-1-5-21-2991745389-3361229759-3978745117-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:26:06 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81584 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-VS2L7UP\Administrator SID (S-1-5-21-2991745389-3361229759-3978745117-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:26:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81585 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from demand start to auto start. 11/09/2020 11:26:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81587 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the running state. 11/09/2020 11:26:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81586 Keywords=Classic Message=The Volume Shadow Copy service entered the running state. 11/09/2020 11:26:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81588 Keywords=Classic Message=The Portable Device Enumerator Service service entered the stopped state. 11/09/2020 11:26:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81592 Keywords=Classic Message=The Downloaded Maps Manager service entered the running state. 11/09/2020 11:26:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81591 Keywords=Classic Message=The Diagnostic System Host service entered the running state. 11/09/2020 11:26:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81590 Keywords=Classic Message=The Diagnostic Policy Service service entered the running state. 11/09/2020 11:26:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81589 Keywords=Classic Message=The Connected Devices Platform Service service entered the stopped state. 11/09/2020 11:26:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81595 Keywords=Classic Message=The Software Protection service entered the running state. 11/09/2020 11:26:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81594 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the running state. 11/09/2020 11:26:46 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81593 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-VS2L7UP\Administrator SID (S-1-5-21-2991745389-3361229759-3978745117-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:26:48 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81596 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-VS2L7UP\Administrator SID (S-1-5-21-2991745389-3361229759-3978745117-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:26:49 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81597 Keywords=Classic Message=The User Access Logging Service service entered the running state. 11/09/2020 11:26:50 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81599 Keywords=Classic Message=The process C:\Windows\system32\shutdown.exe (EC2AMAZ-VS2L7UP) has initiated the restart of computer EC2AMAZ-VS2L7UP on behalf of user EC2AMAZ-VS2L7UP\Administrator for the following reason: No title for this reason could be found Reason Code: 0x800000ff Shutdown Type: restart Comment: Reboot initiated by Ansible 11/09/2020 11:26:50 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81598 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-VS2L7UP\Administrator SID (S-1-5-21-2991745389-3361229759-3978745117-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:26:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81600 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81635 Keywords=Classic Message=The Downloaded Maps Manager service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81634 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81633 Keywords=Classic Message=The Remote Desktop Services service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81632 Keywords=Classic Message=The Windows Defender Service service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81631 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81630 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81629 Keywords=Classic Message=The State Repository Service service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81628 Keywords=Classic Message=The Volume Shadow Copy service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81627 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81626 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81625 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81624 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81623 Keywords=Classic Message=The DHCP Client service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=81622 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=81621 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81620 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81619 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81618 Keywords=Classic Message=The Diagnostic Policy Service service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81617 Keywords=Classic Message=The Diagnostic System Host service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81616 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81615 Keywords=Classic Message=The Certificate Propagation service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81614 Keywords=Classic Message=The User Profile Service service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81613 Keywords=Classic Message=The Distributed Link Tracking Client service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81612 Keywords=Classic Message=The Device Install Service service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81611 Keywords=Classic Message=The Windows Time service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81610 Keywords=Classic Message=The Remote Desktop Services UserMode Port Redirector service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81609 Keywords=Classic Message=The IPsec Policy Agent service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81608 Keywords=Classic Message=The Plug and Play service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81607 Keywords=Classic Message=The Amazon SSM Agent service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81606 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81605 Keywords=Classic Message=The User Access Logging Service service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81604 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81603 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 11/09/2020 11:26:55 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=None RecordNumber=81602 Keywords=Classic Message=The Event log service was stopped. 11/09/2020 11:26:55 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10149 EventType=3 Type=Warning ComputerName=EC2AMAZ-VS2L7UP TaskCategory=None OpCode=Info RecordNumber=81601 Keywords=Classic Message=The WinRM service is not listening for WS-Management requests. User Action If you did not intentionally stop the service, use the following command to see the WinRM configuration: winrm enumerate winrm/config/listener 11/09/2020 11:26:56 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81636 Keywords=Classic Message=The Software Protection service entered the stopped state. 11/09/2020 11:26:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81642 Keywords=Classic Message=The Windows Update service entered the stopped state. 11/09/2020 11:26:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81641 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 11/09/2020 11:27:00 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=2 OpCode=Info RecordNumber=81644 Keywords=None Message=The operating system is shutting down at system time ‎2020‎-‎11‎-‎09T11:27:00.475391400Z. 11/09/2020 11:27:00 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=103 OpCode=Info RecordNumber=81643 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 11/09/2020 11:27:20 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81651 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 11/09/2020 11:27:20 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81650 Keywords=None Message=There are 0x1 boot options on this system. 11/09/2020 11:27:20 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=81649 Keywords=None Message=The boot menu policy was 0x0. 11/09/2020 11:27:20 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=81648 Keywords=None Message=The boot type was 0x0. 11/09/2020 11:27:20 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=81647 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 11/09/2020 11:27:20 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81646 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 11/09/2020 11:27:20 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=81645 Keywords=None Message=The operating system started at system time ‎2020‎-‎11‎-‎09T11:27:20.492538600Z. 11/09/2020 11:27:24 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81664 Keywords=None Message=Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:27:24 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81663 Keywords=None Message=Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:27:24 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81662 Keywords=None Message=Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:27:24 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81661 Keywords=None Message=Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:27:24 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81660 Keywords=None Message=Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:27:24 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81659 Keywords=None Message=Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:27:24 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81658 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:27:24 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81657 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:27:24 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=81656 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 11/09/2020 11:27:24 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81655 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:27:24 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81654 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:27:24 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81653 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 11/09/2020 11:27:24 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81652 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:27:26 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81671 Keywords=Classic Message=The RpcSs service entered the running state. 11/09/2020 11:27:26 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81670 Keywords=Classic Message=The RpcEptMapper service entered the running state. 11/09/2020 11:27:26 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81669 Keywords=Classic Message=The DcomLaunch service entered the running state. 11/09/2020 11:27:26 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81668 Keywords=Classic Message=The Power service entered the running state. 11/09/2020 11:27:26 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81667 Keywords=Classic Message=The PlugPlay service entered the running state. 11/09/2020 11:27:26 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81666 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 11/09/2020 11:27:26 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81665 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81724 Keywords=Classic Message=The WpnService service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81723 Keywords=Classic Message=The StateRepository service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81722 Keywords=Classic Message=The WinRM service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81721 Keywords=Classic Message=The LanmanServer service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81720 Keywords=Classic Message=The Winmgmt service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81719 Keywords=Classic Message=The UserManager service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81718 Keywords=Classic Message=The Spooler service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81717 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81716 Keywords=Classic Message=The MpsSvc service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81715 Keywords=Classic Message=The W32Time service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81714 Keywords=Classic Message=The TrkWks service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81713 Keywords=Classic Message=The PcaSvc service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81712 Keywords=Classic Message=The CryptSvc service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81711 Keywords=Classic Message=The RemoteRegistry service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81710 Keywords=Classic Message=The SessionEnv service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81709 Keywords=Classic Message=The Schedule service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81708 Keywords=Classic Message=The SamSs service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81707 Keywords=Classic Message=The CertPropSvc service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81706 Keywords=Classic Message=The BFE service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81705 Keywords=Classic Message=The NcbService service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81704 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81703 Keywords=Classic Message=The UmRdpService service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81702 Keywords=Classic Message=The DsmSvc service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81701 Keywords=Classic Message=The netprofm service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81700 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81699 Keywords=Classic Message=The Dnscache service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81698 Keywords=Classic Message=The Wcmsvc service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81697 Keywords=Classic Message=The FontCache service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81696 Keywords=Classic Message=The NlaSvc service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81695 Keywords=Classic Message=The ShellHWDetection service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81694 Keywords=Classic Message=The SENS service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81693 Keywords=Classic Message=The ProfSvc service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81692 Keywords=Classic Message=The TrustedInstaller service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81691 Keywords=Classic Message=The Dhcp service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=81690 Keywords=None Message=DHCPv6 client service is started 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81689 Keywords=Classic Message=The gpsvc service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81688 Keywords=Classic Message=The Themes service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=81687 Keywords=None Message=DHCPv4 client service is started 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81686 Keywords=Classic Message=The EventSystem service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81685 Keywords=Classic Message=The WPDBusEnum service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81684 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81683 Keywords=Classic Message=The nsi service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81682 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81681 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81680 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2019‎-‎04‎-‎02T04:23:00.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=Info RecordNumber=81678 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81677 Keywords=Classic Message=The EventLog service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81676 Keywords=Classic Message=The lmhosts service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81675 Keywords=Classic Message=The TermService service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81674 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81673 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81672 Keywords=Classic Message=The LSM service entered the running state. 11/09/2020 11:27:27 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=None RecordNumber=81640 Keywords=Classic Message=The system uptime is 6 seconds. 11/09/2020 11:27:27 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=None RecordNumber=81639 Keywords=Classic Message=The Event log service was started. 11/09/2020 11:27:27 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=None RecordNumber=81638 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 11/09/2020 11:27:27 AM LogName=System SourceName=EventLog EventCode=6011 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=None RecordNumber=81637 Keywords=Classic Message=The NetBIOS name and DNS host name of this machine have been changed from EC2AMAZ-VS2L7UP to WIN-DC-259. 11/09/2020 11:27:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81734 Keywords=Classic Message=The AmazonSSMAgent service entered the running state. 11/09/2020 11:27:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81733 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 11/09/2020 11:27:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81732 Keywords=Classic Message=The wuauserv service entered the running state. 11/09/2020 11:27:28 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81731 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:10.0.1.14 has been brought up. 11/09/2020 11:27:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81730 Keywords=Classic Message=The PolicyAgent service entered the running state. 11/09/2020 11:27:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81729 Keywords=Classic Message=The KeyIso service entered the running state. 11/09/2020 11:27:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81728 Keywords=Classic Message=The NetSetupSvc service entered the running state. 11/09/2020 11:27:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81727 Keywords=Classic Message=The iphlpsvc service entered the running state. 11/09/2020 11:27:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81726 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 11/09/2020 11:27:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81725 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 11/09/2020 11:27:28 AM LogName=System SourceName=Microsoft-Windows-TerminalServices-RemoteConnectionManager EventCode=1056 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81679 Keywords=Classic Message=A new self signed certificate to be used for RD Session Host Server authentication on SSL connections was generated. The name on this certificate is win-dc-259. The SHA1 hash of the certificate is in the event data. 11/09/2020 11:27:33 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81735 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user WIN-DC-259\Administrator SID (S-1-5-21-2991745389-3361229759-3978745117-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:27:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81736 Keywords=Classic Message=The NetSetupSvc service entered the stopped state. 11/09/2020 11:28:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81738 Keywords=Classic Message=The NetSetupSvc service entered the running state. 11/09/2020 11:28:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81737 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from auto start to demand start. 11/09/2020 11:28:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81739 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from demand start to auto start. 11/09/2020 11:28:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81740 Keywords=Classic Message=A service was installed in the system. Service Name: DNS Server Service File Name: %systemroot%\system32\dns.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 11/09/2020 11:28:17 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81741 Keywords=Classic Message=The DNS Server service entered the running state. 11/09/2020 11:28:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81744 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the running state. 11/09/2020 11:28:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81743 Keywords=Classic Message=The Volume Shadow Copy service entered the running state. 11/09/2020 11:28:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81742 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from auto start to demand start. 11/09/2020 11:28:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81745 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the running state. 11/09/2020 11:28:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81748 Keywords=Classic Message=The Client License Service (ClipSVC) service entered the running state. 11/09/2020 11:28:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81747 Keywords=Classic Message=The Microsoft Account Sign-in Assistant service entered the running state. 11/09/2020 11:28:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81746 Keywords=Classic Message=The Windows Insider Service service entered the running state. 11/09/2020 11:28:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81749 Keywords=Classic Message=The Windows License Manager Service service entered the running state. 11/09/2020 11:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81750 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from demand start to auto start. 11/09/2020 11:28:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81751 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from auto start to demand start. 11/09/2020 11:28:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81752 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from demand start to auto start. 11/09/2020 11:29:13 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81756 Keywords=Classic Message=A service was installed in the system. Service Name: Kerberos Key Distribution Center Service File Name: %SystemRoot%\System32\lsass.exe Service Type: user mode service Service Start Type: disabled Service Account: LocalSystem 11/09/2020 11:29:13 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81755 Keywords=Classic Message=A service was installed in the system. Service Name: Intersite Messaging Service File Name: %SystemRoot%\System32\ismserv.exe Service Type: user mode service Service Start Type: disabled Service Account: LocalSystem 11/09/2020 11:29:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81771 Keywords=Classic Message=The Virtual Disk service entered the running state. 11/09/2020 11:29:14 AM LogName=System SourceName=Virtual Disk Service EventCode=3 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=None RecordNumber=81770 Keywords=Classic Message=Service started. 11/09/2020 11:29:14 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81769 Keywords=None Message=File System Filter 'DfsrRo' (10.0, ‎2016‎-‎07‎-‎16T02:20:37.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:29:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81768 Keywords=Classic Message=The DFS Namespace service entered the running state. 11/09/2020 11:29:14 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81767 Keywords=None Message=File System Filter 'DfsDriver' (10.0, ‎2016‎-‎07‎-‎16T02:21:37.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:29:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81766 Keywords=Classic Message=The DFS Replication service entered the running state. 11/09/2020 11:29:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81765 Keywords=Classic Message=A service was installed in the system. Service Name: Microsoft Key Distribution Service Service File Name: %SystemRoot%\system32\lsass.exe Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem 11/09/2020 11:29:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81764 Keywords=Classic Message=A service was installed in the system. Service Name: Active Directory Web Services Service File Name: %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe Service Type: user mode service Service Start Type: disabled Service Account: LocalSystem 11/09/2020 11:29:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81763 Keywords=Classic Message=A service was installed in the system. Service Name: DFS Namespace Server Filter Driver Service File Name: system32\drivers\dfs.sys Service Type: kernel mode driver Service Start Type: system start Service Account: 11/09/2020 11:29:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81762 Keywords=Classic Message=A service was installed in the system. Service Name: File Replication Service File Name: %SystemRoot%\system32\ntfrs.exe Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem 11/09/2020 11:29:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81761 Keywords=Classic Message=A service was installed in the system. Service Name: DS Role Server Service File Name: %SystemRoot%\System32\lsass.exe Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem 11/09/2020 11:29:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81760 Keywords=Classic Message=A service was installed in the system. Service Name: DFS Replication ReadOnly Driver Service File Name: system32\drivers\dfsrro.sys Service Type: kernel mode driver Service Start Type: boot start Service Account: 11/09/2020 11:29:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81759 Keywords=Classic Message=A service was installed in the system. Service Name: DFS Namespace Service File Name: %SystemRoot%\system32\dfssvc.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 11/09/2020 11:29:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81758 Keywords=Classic Message=A service was installed in the system. Service Name: DFS Replication Service File Name: %SystemRoot%\system32\DFSRs.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 11/09/2020 11:29:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81757 Keywords=Classic Message=A service was installed in the system. Service Name: Active Directory Domain Services Service File Name: %SystemRoot%\System32\lsass.exe Service Type: user mode service Service Start Type: disabled Service Account: LocalSystem 11/09/2020 11:29:14 AM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14531 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81754 Keywords=Classic Message=DFS server has finished initializing. 11/09/2020 11:29:14 AM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14533 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81753 Keywords=Classic Message=DFS has finished building all namespaces. 11/09/2020 11:29:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81772 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from auto start to demand start. 11/09/2020 11:29:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81773 Keywords=Classic Message=The DS Role Server service entered the running state. 11/09/2020 11:29:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81774 Keywords=Classic Message=The Portable Device Enumerator Service service entered the stopped state. 11/09/2020 11:29:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81778 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the running state. 11/09/2020 11:29:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81777 Keywords=Classic Message=The Downloaded Maps Manager service entered the running state. 11/09/2020 11:29:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81776 Keywords=Classic Message=The Diagnostic Policy Service service entered the running state. 11/09/2020 11:29:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81775 Keywords=Classic Message=The Connected Devices Platform Service service entered the stopped state. 11/09/2020 11:29:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81779 Keywords=Classic Message=The Software Protection service entered the running state. 11/09/2020 11:29:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81780 Keywords=Classic Message=The User Access Logging Service service entered the running state. 11/09/2020 11:29:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81781 Keywords=Classic Message=The Downloaded Maps Manager service entered the stopped state. 11/09/2020 11:29:49 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81782 Keywords=Classic Message=The Network Connectivity Assistant service entered the stopped state. 11/09/2020 11:30:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81791 Keywords=Classic Message=The DFS Replication service entered the stopped state. 11/09/2020 11:30:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81790 Keywords=Classic Message=The Virtual Disk service entered the stopped state. 11/09/2020 11:30:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81789 Keywords=Classic Message=The Network Connectivity Assistant service entered the stopped state. 11/09/2020 11:30:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81788 Keywords=Classic Message=The start type of the Distributed Link Tracking Client service was changed from auto start to demand start. 11/09/2020 11:30:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81787 Keywords=Classic Message=The start type of the Kerberos Key Distribution Center service was changed from disabled to auto start. 11/09/2020 11:30:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81786 Keywords=Classic Message=The start type of the Intersite Messaging service was changed from disabled to auto start. 11/09/2020 11:30:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81785 Keywords=Classic Message=The start type of the Active Directory Domain Services service was changed from disabled to auto start. 11/09/2020 11:30:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81784 Keywords=Classic Message=The start type of the Netlogon service was changed from demand start to auto start. 11/09/2020 11:30:00 AM LogName=System SourceName=Virtual Disk Service EventCode=4 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=None RecordNumber=81783 Keywords=Classic Message=Service stopped. 11/09/2020 11:30:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81792 Keywords=Classic Message=The start type of the File Replication service was changed from demand start to disabled. 11/09/2020 11:30:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81794 Keywords=Classic Message=The start type of the SSDP Discovery service was changed from demand start to disabled. 11/09/2020 11:30:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81793 Keywords=Classic Message=The start type of the UPnP Device Host service was changed from demand start to disabled. 11/09/2020 11:30:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81799 Keywords=Classic Message=The Netlogon service entered the running state. 11/09/2020 11:30:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81798 Keywords=Classic Message=The start type of the Encrypting File System (EFS) service was changed from demand start to auto start. 11/09/2020 11:30:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81797 Keywords=Classic Message=The start type of the Active Directory Web Services service was changed from disabled to auto start. 11/09/2020 11:30:06 AM LogName=System SourceName=NETLOGON EventCode=5719 EventType=2 Type=Error ComputerName=win-dc-259 TaskCategory=None OpCode=Info RecordNumber=81796 Keywords=Classic Message=This computer was not able to set up a secure session with a domain controller in domain ATTACKRANGE due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. 11/09/2020 11:30:06 AM LogName=System SourceName=NETLOGON EventCode=5516 EventType=2 Type=Error ComputerName=win-dc-259 TaskCategory=None OpCode=Info RecordNumber=81795 Keywords=Classic Message=The computer or domain WIN-DC-259 trusts domain ATTACKRANGE. (This may be an indirect trust.) However, WIN-DC-259 and ATTACKRANGE have the same machine security identifier (SID). NT should be re-installed on either WIN-DC-259 or ATTACKRANGE. 11/09/2020 11:30:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81800 Keywords=Classic Message=The Software Protection service entered the stopped state. 11/09/2020 11:30:11 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81801 Keywords=Classic Message=The process C:\Windows\system32\shutdown.exe (WIN-DC-259) has initiated the restart of computer WIN-DC-259 on behalf of user WIN-DC-259\Administrator for the following reason: No title for this reason could be found Reason Code: 0x800000ff Shutdown Type: restart Comment: Reboot initiated by Ansible 11/09/2020 11:30:13 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81803 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81840 Keywords=Classic Message=The Windows Update service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81836 Keywords=Classic Message=The DNS Server service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81835 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=None RecordNumber=81834 Keywords=Classic Message=The Event log service was stopped. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81833 Keywords=Classic Message=The Remote Desktop Services service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81832 Keywords=Classic Message=The Certificate Propagation service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81831 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81830 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81829 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81828 Keywords=Classic Message=The Volume Shadow Copy service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81827 Keywords=Classic Message=The State Repository Service service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81826 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81825 Keywords=Classic Message=The User Profile Service service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81824 Keywords=Classic Message=The DHCP Client service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=81823 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81822 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=win-dc-259 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=81821 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81820 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81819 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81818 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81817 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81816 Keywords=Classic Message=The Diagnostic Policy Service service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81815 Keywords=Classic Message=The Client License Service (ClipSVC) service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81814 Keywords=Classic Message=The Windows Insider Service service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81813 Keywords=Classic Message=The IPsec Policy Agent service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81812 Keywords=Classic Message=The Distributed Link Tracking Client service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81811 Keywords=Classic Message=The Windows Time service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81810 Keywords=Classic Message=The Remote Desktop Services UserMode Port Redirector service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81809 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81808 Keywords=Classic Message=The Amazon SSM Agent service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81807 Keywords=Classic Message=The Plug and Play service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81806 Keywords=Classic Message=The User Access Logging Service service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81805 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81804 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 11/09/2020 11:30:14 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10149 EventType=3 Type=Warning ComputerName=win-dc-259 TaskCategory=None OpCode=Info RecordNumber=81802 Keywords=Classic Message=The WinRM service is not listening for WS-Management requests. User Action If you did not intentionally stop the service, use the following command to see the WinRM configuration: winrm enumerate winrm/config/listener 11/09/2020 11:30:18 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=2 OpCode=Info RecordNumber=81843 Keywords=None Message=The operating system is shutting down at system time ‎2020‎-‎11‎-‎09T11:30:18.925040800Z. 11/09/2020 11:30:18 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=103 OpCode=Info RecordNumber=81842 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 11/09/2020 11:30:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81841 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 11/09/2020 11:30:40 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81850 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 11/09/2020 11:30:40 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81849 Keywords=None Message=There are 0x1 boot options on this system. 11/09/2020 11:30:40 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=81848 Keywords=None Message=The boot menu policy was 0x0. 11/09/2020 11:30:40 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=81847 Keywords=None Message=The boot type was 0x0. 11/09/2020 11:30:40 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=81846 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 11/09/2020 11:30:40 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81845 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 11/09/2020 11:30:40 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=81844 Keywords=None Message=The operating system started at system time ‎2020‎-‎11‎-‎09T11:30:40.496475700Z. 11/09/2020 11:30:44 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81865 Keywords=None Message=Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:30:44 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81864 Keywords=None Message=Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:30:44 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81863 Keywords=None Message=Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:30:44 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81862 Keywords=None Message=Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:30:44 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81861 Keywords=None Message=Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:30:44 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81860 Keywords=None Message=Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:30:44 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81859 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:30:44 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81858 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:30:44 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=81857 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 11/09/2020 11:30:44 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81856 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:30:44 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81855 Keywords=None Message=File System Filter 'DfsDriver' (10.0, ‎2016‎-‎07‎-‎16T02:21:37.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:30:44 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81854 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:30:44 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81853 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 11/09/2020 11:30:44 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81852 Keywords=None Message=File System Filter 'DfsrRo' (10.0, ‎2016‎-‎07‎-‎16T02:20:37.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:30:44 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81851 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:31:03 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81866 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 11/09/2020 11:31:04 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81867 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: . For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 11/09/2020 11:31:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16413 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81882 Keywords=None Message=An error occurred when trying to remove the account Network Service from the group Performance Log Users. The problem, "The system cannot find the file specified. ", occurred when trying to remove the account from the group. Please remove the member manually. 11/09/2020 11:31:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81881 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Storage Replica Administrators. Please contact PSS to recover. 11/09/2020 11:31:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81880 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Remote Management Users. Please contact PSS to recover. 11/09/2020 11:31:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81879 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Access Control Assistance Operators. Please contact PSS to recover. 11/09/2020 11:31:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81878 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Hyper-V Administrators. Please contact PSS to recover. 11/09/2020 11:31:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81877 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account RDS Management Servers. Please contact PSS to recover. 11/09/2020 11:31:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81876 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account RDS Endpoint Servers. Please contact PSS to recover. 11/09/2020 11:31:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81875 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account RDS Remote Access Servers. Please contact PSS to recover. 11/09/2020 11:31:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81874 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Certificate Service DCOM Access. Please contact PSS to recover. 11/09/2020 11:31:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81873 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Event Log Readers. Please contact PSS to recover. 11/09/2020 11:31:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16401 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81872 Keywords=None Message=An error occurred when trying to add the account INTERNET USER to the group IIS_IUSRS. The problem, "The specified local group does not exist. ", occurred when trying to open the group. Please add the account manually. 11/09/2020 11:31:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81871 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Cryptographic Operators. Please contact PSS to recover. 11/09/2020 11:31:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81870 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account IIS_IUSRS. Please contact PSS to recover. 11/09/2020 11:31:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81869 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Distributed COM Users. Please contact PSS to recover. 11/09/2020 11:31:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16937 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81868 Keywords=None Message=Secured the machine account . The builtin\account operators full control Access Control Entry was removed from the security descriptor on this object. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81936 Keywords=Classic Message=The KeyIso service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81935 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:10.0.1.14 has been brought up. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81934 Keywords=Classic Message=The UserManager service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81933 Keywords=Classic Message=The NetSetupSvc service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81932 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81931 Keywords=Classic Message=The NcaSvc service entered the stopped state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81930 Keywords=Classic Message=The iphlpsvc service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81929 Keywords=Classic Message=The Schedule service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81928 Keywords=Classic Message=The MpsSvc service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81927 Keywords=Classic Message=The SessionEnv service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81926 Keywords=Classic Message=The Winmgmt service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81925 Keywords=Classic Message=The Kdc service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=81924 Keywords=None Message=Name resolution for the name _ldap._tcp.dc._msdcs.attackrange.local. timed out after none of the configured DNS servers responded. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81923 Keywords=Classic Message=The CertPropSvc service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81922 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81921 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81920 Keywords=Classic Message=The BFE service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81919 Keywords=Classic Message=The UmRdpService service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81918 Keywords=Classic Message=The Wcmsvc service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81917 Keywords=Classic Message=The FontCache service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81916 Keywords=Classic Message=The NcbService service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81915 Keywords=Classic Message=The DsmSvc service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81914 Keywords=Classic Message=The netprofm service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81913 Keywords=Classic Message=The ShellHWDetection service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=81912 Keywords=None Message=Name resolution for the name _ldap._tcp.dc._msdcs.attackrange.local. timed out after none of the configured DNS servers responded. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81911 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81910 Keywords=Classic Message=The NlaSvc service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81909 Keywords=Classic Message=The gpsvc service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81908 Keywords=Classic Message=The SENS service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81907 Keywords=Classic Message=The ProfSvc service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81906 Keywords=Classic Message=The Themes service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81905 Keywords=Classic Message=The EventSystem service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81904 Keywords=Classic Message=The WPDBusEnum service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81903 Keywords=Classic Message=The Dhcp service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=81902 Keywords=None Message=DHCPv6 client service is started 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81901 Keywords=Classic Message=The NTDS service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=81900 Keywords=None Message=DHCPv4 client service is started 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81899 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81898 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81897 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2019‎-‎04‎-‎02T04:23:00.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81896 Keywords=Classic Message=The Dnscache service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81895 Keywords=Classic Message=The EventLog service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81894 Keywords=Classic Message=The lmhosts service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81893 Keywords=Classic Message=The nsi service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81892 Keywords=Classic Message=The TermService service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81891 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81890 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81889 Keywords=Classic Message=The LSM service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-TerminalServices-RemoteConnectionManager EventCode=1056 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81888 Keywords=Classic Message=A new self signed certificate to be used for RD Session Host Server authentication on SSL connections was generated. The name on this certificate is win-dc-259.attackrange.local. The SHA1 hash of the certificate is in the event data. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81887 Keywords=Classic Message=The RpcSs service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81886 Keywords=Classic Message=The RpcEptMapper service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81885 Keywords=Classic Message=The DcomLaunch service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81884 Keywords=Classic Message=The Power service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81883 Keywords=Classic Message=The PlugPlay service entered the running state. 11/09/2020 11:31:06 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=None RecordNumber=81839 Keywords=Classic Message=The system uptime is 25 seconds. 11/09/2020 11:31:06 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=None RecordNumber=81838 Keywords=Classic Message=The Event log service was started. 11/09/2020 11:31:06 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=None RecordNumber=81837 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 11/09/2020 11:31:07 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=81938 Keywords=None Message=Name resolution for the name _ldap._tcp.dc._msdcs.attackrange.local. timed out after none of the configured DNS servers responded. 11/09/2020 11:31:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81937 Keywords=Classic Message=The PolicyAgent service entered the running state. 11/09/2020 11:31:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81939 Keywords=Classic Message=The wuauserv service entered the running state. 11/09/2020 11:31:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81941 Keywords=Classic Message=The CryptSvc service entered the running state. 11/09/2020 11:31:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81940 Keywords=Classic Message=The TrustedInstaller service entered the running state. 11/09/2020 11:31:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81945 Keywords=Classic Message=The LanmanServer service entered the running state. 11/09/2020 11:31:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81944 Keywords=Classic Message=The SamSs service entered the running state. 11/09/2020 11:31:15 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16648 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81943 Keywords=None Message=The request for a new account-identifier pool has completed successfully. 11/09/2020 11:31:15 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16647 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81942 Keywords=None Message=The domain controller is starting a request for a new account-identifier pool. 11/09/2020 11:31:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81963 Keywords=Classic Message=The ADWS service entered the running state. 11/09/2020 11:31:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81962 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 11/09/2020 11:31:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81961 Keywords=Classic Message=The StateRepository service entered the running state. 11/09/2020 11:31:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81960 Keywords=Classic Message=The WinRM service entered the running state. 11/09/2020 11:31:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81959 Keywords=Classic Message=The DFSR service entered the running state. 11/09/2020 11:31:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81958 Keywords=Classic Message=The EFS service entered the running state. 11/09/2020 11:31:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81957 Keywords=Classic Message=The WpnService service entered the running state. 11/09/2020 11:31:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81956 Keywords=Classic Message=The Dfs service entered the running state. 11/09/2020 11:31:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81955 Keywords=Classic Message=The IsmServ service entered the running state. 11/09/2020 11:31:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81954 Keywords=Classic Message=The PcaSvc service entered the running state. 11/09/2020 11:31:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81953 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 11/09/2020 11:31:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81952 Keywords=Classic Message=The RemoteRegistry service entered the running state. 11/09/2020 11:31:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81951 Keywords=Classic Message=The Spooler service entered the running state. 11/09/2020 11:31:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81950 Keywords=Classic Message=The WerSvc service entered the running state. 11/09/2020 11:31:21 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=Info RecordNumber=81948 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 11/09/2020 11:31:21 AM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14531 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81947 Keywords=Classic Message=DFS server has finished initializing. 11/09/2020 11:31:21 AM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14533 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81946 Keywords=Classic Message=DFS has finished building all namespaces. 11/09/2020 11:31:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81966 Keywords=Classic Message=The vds service entered the running state. 11/09/2020 11:31:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81965 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 11/09/2020 11:31:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81964 Keywords=Classic Message=The AmazonSSMAgent service entered the running state. 11/09/2020 11:31:22 AM LogName=System SourceName=Virtual Disk Service EventCode=3 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=None RecordNumber=81949 Keywords=Classic Message=Service started. 11/09/2020 11:31:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81968 Keywords=Classic Message=The WMI Performance Adapter service entered the stopped state. 11/09/2020 11:31:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81967 Keywords=Classic Message=The WMI Performance Adapter service entered the running state. 11/09/2020 11:31:33 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10154 EventType=3 Type=Warning ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=Info RecordNumber=81969 Keywords=Classic Message=The WinRM service failed to create the following SPNs: WSMAN/win-dc-259.attackrange.local; WSMAN/win-dc-259. Additional Data The error received was 1355: %%1355. User Action The SPNs can be created by an administrator using setspn.exe utility. 11/09/2020 11:31:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81971 Keywords=Classic Message=The Netlogon service entered the running state. 11/09/2020 11:31:34 AM LogName=System SourceName=NETLOGON EventCode=5823 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=Info RecordNumber=81970 Keywords=Classic Message= The system successfully changed its password on the domain controller . This event is logged when the password for the computer account is changed by the system. It is logged on the computer that changed the password. 11/09/2020 11:31:36 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=143 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81973 Keywords=None Message=The time service has started advertising as a good time source. 11/09/2020 11:31:36 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=139 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81972 Keywords=None Message=The time service has started advertising as a time source. 11/09/2020 11:31:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81974 Keywords=Classic Message=The DNS service entered the running state. 11/09/2020 11:31:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81976 Keywords=Classic Message=The W32Time service entered the running state. 11/09/2020 11:31:46 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=12 EventType=3 Type=Warning ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81975 Keywords=None Message=Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient. 11/09/2020 11:31:47 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81977 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 11/09/2020 11:31:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81978 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from demand start to auto start. 11/09/2020 11:31:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81982 Keywords=Classic Message=The swprv service entered the running state. 11/09/2020 11:31:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81981 Keywords=Classic Message=The VSS service entered the running state. 11/09/2020 11:31:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81980 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from auto start to demand start. 11/09/2020 11:31:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81979 Keywords=Classic Message=The NetSetupSvc service entered the stopped state. 11/09/2020 11:32:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81983 Keywords=Classic Message=The DsmSvc service entered the stopped state. 11/09/2020 11:32:02 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=35 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81985 Keywords=None Message=The time service is now synchronizing the system time with the time source time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 11/09/2020 11:32:02 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=144 EventType=3 Type=Warning ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81984 Keywords=None Message=The time service has stopped advertising as a good time source. 11/09/2020 11:33:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81986 Keywords=Classic Message=The WPDBusEnum service entered the stopped state. 11/09/2020 11:33:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81990 Keywords=Classic Message=The NetSetupSvc service entered the running state. 11/09/2020 11:33:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81989 Keywords=Classic Message=The Portable Device Enumerator Service service entered the running state. 11/09/2020 11:33:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81988 Keywords=Classic Message=The NcaSvc service entered the stopped state. 11/09/2020 11:33:07 AM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1502 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Start RecordNumber=81987 Keywords=None Message=The Group Policy settings for the computer were processed successfully. New settings from 2 Group Policy objects were detected and applied. 11/09/2020 11:33:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81991 Keywords=Classic Message=The WerSvc service entered the stopped state. 11/09/2020 11:33:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81995 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the running state. 11/09/2020 11:33:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81994 Keywords=Classic Message=The MapsBroker service entered the running state. 11/09/2020 11:33:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81993 Keywords=Classic Message=The DPS service entered the running state. 11/09/2020 11:33:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81992 Keywords=Classic Message=The Connected Devices Platform Service service entered the stopped state. 11/09/2020 11:33:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81996 Keywords=Classic Message=The sppsvc service entered the running state. 11/09/2020 11:33:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81997 Keywords=Classic Message=The UALSVC service entered the running state. 11/09/2020 11:33:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81998 Keywords=Classic Message=The MapsBroker service entered the stopped state. 11/09/2020 11:33:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81999 Keywords=Classic Message=The sppsvc service entered the stopped state. 11/09/2020 11:34:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82000 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 11/09/2020 11:34:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82001 Keywords=Classic Message=The VSS service entered the stopped state. 11/09/2020 11:35:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82002 Keywords=Classic Message=The Portable Device Enumerator Service service entered the stopped state. 11/09/2020 11:35:11 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82003 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user ATTACKRANGE\Administrator SID (S-1-5-21-2991745389-3361229759-3978745117-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:35:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82004 Keywords=Classic Message=The Windows Modules Installer service entered the running state. 11/09/2020 11:35:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82005 Keywords=Classic Message=The msiserver service entered the running state. 11/09/2020 11:35:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82006 Keywords=Classic Message=The WdiSystemHost service entered the running state. 11/09/2020 11:35:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82008 Keywords=Classic Message=A service was installed in the system. Service Name: splknetdrv Service File Name: \SystemRoot\system32\DRIVERS\splknetdrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 11/09/2020 11:35:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82007 Keywords=Classic Message=A service was installed in the system. Service Name: Splunk Trace Kernel Mode Driver Service File Name: \SystemRoot\system32\DRIVERS\splunkdrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 11/09/2020 11:35:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82009 Keywords=Classic Message=A service was installed in the system. Service Name: SplunkMonitorNoHandle Service File Name: system32\DRIVERS\SplunkMonitorNoHandleDrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 11/09/2020 11:35:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82010 Keywords=Classic Message=A service was installed in the system. Service Name: SplunkForwarder Service Service File Name: "C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 11/09/2020 11:35:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82011 Keywords=Classic Message=The Network Setup Service service entered the stopped state. 11/09/2020 11:35:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82012 Keywords=Classic Message=The SplunkForwarder Service service entered the running state. 11/09/2020 11:36:26 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82013 Keywords=Classic Message=A service was installed in the system. Service Name: nxlog Service File Name: "C:\Program Files (x86)\nxlog\nxlog.exe" -c "C:\Program Files (x86)\nxlog\conf\nxlog.conf" Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 11/09/2020 11:36:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82014 Keywords=Classic Message=The nxlog service entered the running state. 11/09/2020 11:36:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82016 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 11/09/2020 11:36:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82015 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 11/09/2020 11:36:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82017 Keywords=Classic Message=The SplunkForwarder Service service entered the running state. 11/09/2020 11:36:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82018 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the running state. 11/09/2020 11:37:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82022 Keywords=Classic Message=The sysmon64 service entered the running state. 11/09/2020 11:37:16 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82021 Keywords=None Message=File System Filter 'SysmonDrv' (0.0, ‎2020‎-‎11‎-‎04T10:48:06.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:37:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82020 Keywords=Classic Message=A service was installed in the system. Service Name: SysmonDrv Service File Name: C:\Windows\SysmonDrv.sys Service Type: kernel mode driver Service Start Type: boot start Service Account: 11/09/2020 11:37:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82019 Keywords=Classic Message=A service was installed in the system. Service Name: sysmon64 Service File Name: C:\Windows\sysmon64.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 11/09/2020 11:37:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82023 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 11/09/2020 11:37:23 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82024 Keywords=Classic Message=The process C:\Windows\system32\shutdown.exe (WIN-DC-259) has initiated the restart of computer WIN-DC-259 on behalf of user ATTACKRANGE\Administrator for the following reason: No title for this reason could be found Reason Code: 0x800000ff Shutdown Type: restart Comment: Reboot initiated by Ansible 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82061 Keywords=Classic Message=The DNS Server service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82060 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82059 Keywords=Classic Message=The Remote Desktop Services service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82058 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82057 Keywords=Classic Message=The Windows Update service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82056 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82055 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82054 Keywords=Classic Message=The State Repository Service service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82053 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82052 Keywords=Classic Message=The DHCP Client service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=82051 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=82050 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82049 Keywords=Classic Message=The Certificate Propagation service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82048 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82047 Keywords=Classic Message=The Virtual Disk service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82046 Keywords=Classic Message=The User Profile Service service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82045 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82044 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82043 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82042 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82041 Keywords=Classic Message=The Windows Installer service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82040 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82039 Keywords=Classic Message=The Active Directory Web Services service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82038 Keywords=Classic Message=The IPsec Policy Agent service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82037 Keywords=Classic Message=The Diagnostic System Host service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82036 Keywords=Classic Message=The Amazon SSM Agent service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82035 Keywords=Classic Message=The Intersite Messaging service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82034 Keywords=Classic Message=The Diagnostic Policy Service service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82033 Keywords=Classic Message=The Windows Time service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82032 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82031 Keywords=Classic Message=The Remote Desktop Services UserMode Port Redirector service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=82030 Keywords=Time Message=The system time has changed to ‎2020‎-‎11‎-‎09T11:37:25.650000000Z from ‎2020‎-‎11‎-‎09T11:37:25.652121800Z. Change Reason: An application or system component changed the time. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82029 Keywords=Classic Message=The Plug and Play service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82028 Keywords=Classic Message=The User Access Logging Service service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82027 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82026 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 11/09/2020 11:37:25 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=None RecordNumber=82025 Keywords=Classic Message=The Event log service was stopped. 11/09/2020 11:37:26 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82063 Keywords=Classic Message=The nxlog service entered the stopped state. 11/09/2020 11:37:26 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82062 Keywords=Classic Message=The DFS Replication service entered the stopped state. 11/09/2020 11:37:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82070 Keywords=Classic Message=The Active Directory Domain Services service entered the stopped state. 11/09/2020 11:37:27 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=82069 Keywords=None Message=Name resolution for the name 255.1.0.10.in-addr.arpa. timed out after none of the configured DNS servers responded. 11/09/2020 11:37:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82068 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 11/09/2020 11:37:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82067 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 11/09/2020 11:37:30 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=2 OpCode=Info RecordNumber=82072 Keywords=None Message=The operating system is shutting down at system time ‎2020‎-‎11‎-‎09T11:37:30.968902800Z. 11/09/2020 11:37:30 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=103 OpCode=Info RecordNumber=82071 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 11/09/2020 11:37:52 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82079 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 11/09/2020 11:37:52 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82078 Keywords=None Message=There are 0x1 boot options on this system. 11/09/2020 11:37:52 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=82077 Keywords=None Message=The boot menu policy was 0x0. 11/09/2020 11:37:52 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=82076 Keywords=None Message=The boot type was 0x0. 11/09/2020 11:37:52 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=82075 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 11/09/2020 11:37:52 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82074 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 11/09/2020 11:37:52 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=82073 Keywords=None Message=The operating system started at system time ‎2020‎-‎11‎-‎09T11:37:52.498359600Z. 11/09/2020 11:37:56 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=82095 Keywords=None Message=Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:37:56 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=82094 Keywords=None Message=Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:37:56 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=82093 Keywords=None Message=Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:37:56 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=82092 Keywords=None Message=Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:37:56 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=82091 Keywords=None Message=Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:37:56 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=82090 Keywords=None Message=Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:37:56 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=82089 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:37:56 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=82088 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:37:56 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=82087 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 11/09/2020 11:37:56 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82086 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:37:56 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82085 Keywords=None Message=File System Filter 'DfsDriver' (10.0, ‎2016‎-‎07‎-‎16T02:21:37.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:37:56 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82084 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:37:56 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82083 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 11/09/2020 11:37:56 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82082 Keywords=None Message=File System Filter 'SysmonDrv' (0.0, ‎2020‎-‎11‎-‎04T10:48:06.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:37:56 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82081 Keywords=None Message=File System Filter 'DfsrRo' (10.0, ‎2016‎-‎07‎-‎16T02:20:37.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:37:56 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82080 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:37:58 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82097 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: . For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 11/09/2020 11:37:58 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82096 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82147 Keywords=Classic Message=The NetSetupSvc service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82146 Keywords=Classic Message=The UserManager service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82145 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82144 Keywords=Classic Message=The MpsSvc service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82143 Keywords=Classic Message=The NcaSvc service entered the stopped state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82142 Keywords=Classic Message=The iphlpsvc service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82141 Keywords=Classic Message=The Schedule service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82140 Keywords=Classic Message=The Wcmsvc service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82139 Keywords=Classic Message=The Kdc service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82138 Keywords=Classic Message=The SessionEnv service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82137 Keywords=Classic Message=The Winmgmt service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82136 Keywords=Classic Message=The FontCache service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82135 Keywords=Classic Message=The ShellHWDetection service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82134 Keywords=Classic Message=The DsmSvc service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82133 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82132 Keywords=Classic Message=The NcbService service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82131 Keywords=Classic Message=The BFE service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82130 Keywords=Classic Message=The netprofm service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=82129 Keywords=None Message=Name resolution for the name _ldap._tcp.dc._msdcs.attackrange.local. timed out after none of the configured DNS servers responded. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82128 Keywords=Classic Message=The NlaSvc service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82127 Keywords=Classic Message=The gpsvc service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82126 Keywords=Classic Message=The SENS service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82125 Keywords=Classic Message=The ProfSvc service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82124 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82123 Keywords=Classic Message=The CertPropSvc service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82122 Keywords=Classic Message=The EventSystem service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82121 Keywords=Classic Message=The UmRdpService service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82120 Keywords=Classic Message=The Dhcp service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=82119 Keywords=None Message=DHCPv6 client service is started 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82118 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82117 Keywords=Classic Message=The Themes service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=82116 Keywords=None Message=DHCPv4 client service is started 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82115 Keywords=Classic Message=The NTDS service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82114 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82113 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82112 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2019‎-‎04‎-‎02T04:23:00.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82111 Keywords=Classic Message=The Dnscache service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82110 Keywords=Classic Message=The WPDBusEnum service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82109 Keywords=Classic Message=The EventLog service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82108 Keywords=Classic Message=The lmhosts service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82107 Keywords=Classic Message=The nsi service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82106 Keywords=Classic Message=The TermService service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82105 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82104 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82103 Keywords=Classic Message=The LSM service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82102 Keywords=Classic Message=The RpcSs service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82101 Keywords=Classic Message=The RpcEptMapper service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82100 Keywords=Classic Message=The DcomLaunch service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82099 Keywords=Classic Message=The Power service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82098 Keywords=Classic Message=The PlugPlay service entered the running state. 11/09/2020 11:38:00 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=None RecordNumber=82066 Keywords=Classic Message=The system uptime is 8 seconds. 11/09/2020 11:38:00 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=None RecordNumber=82065 Keywords=Classic Message=The Event log service was started. 11/09/2020 11:38:00 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=None RecordNumber=82064 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 11/09/2020 11:38:01 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=82151 Keywords=None Message=Name resolution for the name _ldap._tcp.dc._msdcs.attackrange.local. timed out after none of the configured DNS servers responded. 11/09/2020 11:38:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82150 Keywords=Classic Message=The PolicyAgent service entered the running state. 11/09/2020 11:38:01 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82149 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:10.0.1.14 has been brought up. 11/09/2020 11:38:01 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=82148 Keywords=None Message=Name resolution for the name isatap.eu-central-1.compute.internal timed out after none of the configured DNS servers responded. 11/09/2020 11:38:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82152 Keywords=Classic Message=The CryptSvc service entered the running state. 11/09/2020 11:38:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82153 Keywords=Classic Message=The wuauserv service entered the running state. 11/09/2020 11:38:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82154 Keywords=Classic Message=The TrustedInstaller service entered the running state. 11/09/2020 11:38:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82156 Keywords=Classic Message=The LanmanServer service entered the running state. 11/09/2020 11:38:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82155 Keywords=Classic Message=The SamSs service entered the running state. 11/09/2020 11:38:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82176 Keywords=Classic Message=The vds service entered the running state. 11/09/2020 11:38:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82175 Keywords=Classic Message=The ADWS service entered the running state. 11/09/2020 11:38:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82174 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 11/09/2020 11:38:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82173 Keywords=Classic Message=The StateRepository service entered the running state. 11/09/2020 11:38:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82172 Keywords=Classic Message=The WinRM service entered the running state. 11/09/2020 11:38:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82171 Keywords=Classic Message=The sysmon64 service entered the running state. 11/09/2020 11:38:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82170 Keywords=Classic Message=The WpnService service entered the running state. 11/09/2020 11:38:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82169 Keywords=Classic Message=The Dfs service entered the running state. 11/09/2020 11:38:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82168 Keywords=Classic Message=The DFSR service entered the running state. 11/09/2020 11:38:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82167 Keywords=Classic Message=The IsmServ service entered the running state. 11/09/2020 11:38:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82166 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 11/09/2020 11:38:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82165 Keywords=Classic Message=The EFS service entered the running state. 11/09/2020 11:38:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82164 Keywords=Classic Message=The PcaSvc service entered the running state. 11/09/2020 11:38:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82163 Keywords=Classic Message=The RemoteRegistry service entered the running state. 11/09/2020 11:38:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82162 Keywords=Classic Message=The Spooler service entered the running state. 11/09/2020 11:38:16 AM LogName=System SourceName=Virtual Disk Service EventCode=3 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=None RecordNumber=82161 Keywords=Classic Message=Service started. 11/09/2020 11:38:16 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=Info RecordNumber=82160 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 11/09/2020 11:38:16 AM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14531 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82159 Keywords=Classic Message=DFS server has finished initializing. 11/09/2020 11:38:16 AM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14533 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82158 Keywords=Classic Message=DFS has finished building all namespaces. 11/09/2020 11:38:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82157 Keywords=Classic Message=The Netlogon service entered the running state. 11/09/2020 11:38:17 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82179 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 11/09/2020 11:38:17 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82178 Keywords=Classic Message=The AmazonSSMAgent service entered the running state. 11/09/2020 11:38:17 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82177 Keywords=Classic Message=The nxlog service entered the running state. 11/09/2020 11:38:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82180 Keywords=Classic Message=The NetSetupSvc service entered the stopped state. 11/09/2020 11:38:20 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=143 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82182 Keywords=None Message=The time service has started advertising as a good time source. 11/09/2020 11:38:20 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=139 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82181 Keywords=None Message=The time service has started advertising as a time source. 11/09/2020 11:38:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82183 Keywords=Classic Message=The SplunkForwarder service entered the running state. 11/09/2020 11:38:28 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10154 EventType=3 Type=Warning ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=Info RecordNumber=82184 Keywords=Classic Message=The WinRM service failed to create the following SPNs: WSMAN/win-dc-259.attackrange.local; WSMAN/win-dc-259. Additional Data The error received was 1355: %%1355. User Action The SPNs can be created by an administrator using setspn.exe utility. 11/09/2020 11:38:29 AM LogName=System SourceName=Microsoft-Windows-LSA EventCode=6038 EventType=3 Type=Warning ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=Info RecordNumber=82185 Keywords=Classic Message=Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server. NTLM is a weaker authentication mechanism. Please check: Which applications are using NTLM authentication? Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication? If NTLM must be supported, is Extended Protection configured? Details on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699. 11/09/2020 11:38:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82188 Keywords=Classic Message=The W32Time service entered the running state. 11/09/2020 11:38:32 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=134 EventType=3 Type=Warning ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82187 Keywords=None Message=NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x8'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9) 11/09/2020 11:38:32 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=12 EventType=3 Type=Warning ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82186 Keywords=None Message=Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient. 11/09/2020 11:38:40 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82192 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user ATTACKRANGE\Administrator SID (S-1-5-21-2991745389-3361229759-3978745117-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:38:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82191 Keywords=Classic Message=The NetSetupSvc service entered the running state. 11/09/2020 11:38:40 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82190 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 11/09/2020 11:38:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82189 Keywords=Classic Message=The DNS service entered the running state. 11/09/2020 11:38:42 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=82195 Keywords=None Message=Name resolution for the name attackrange.local timed out after none of the configured DNS servers responded. 11/09/2020 11:38:42 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82194 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 11/09/2020 11:38:42 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82193 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user ATTACKRANGE\Administrator SID (S-1-5-21-2991745389-3361229759-3978745117-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:38:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82196 Keywords=Classic Message=The NetSetupSvc service entered the stopped state. 11/09/2020 11:38:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82198 Keywords=Classic Message=The NetSetupSvc service entered the running state. 11/09/2020 11:38:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82197 Keywords=Classic Message=The NcaSvc service entered the stopped state. 11/09/2020 11:38:45 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82199 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 11/09/2020 11:38:48 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=35 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82201 Keywords=None Message=The time service is now synchronizing the system time with the time source time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 11/09/2020 11:38:48 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=144 EventType=3 Type=Warning ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82200 Keywords=None Message=The time service has stopped advertising as a good time source. 11/09/2020 11:38:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82202 Keywords=Classic Message=The DsmSvc service entered the stopped state. 11/09/2020 11:39:09 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81479 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 11/09/2020 11:39:09 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81478 Keywords=None Message=There are 0x1 boot options on this system. 11/09/2020 11:39:09 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=81477 Keywords=None Message=The boot menu policy was 0x0. 11/09/2020 11:39:09 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=81476 Keywords=None Message=The boot type was 0x0. 11/09/2020 11:39:09 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=81475 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 11/09/2020 11:39:09 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81474 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 11/09/2020 11:39:09 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=81472 Keywords=None Message=The operating system started at system time ‎2020‎-‎11‎-‎09T11:39:09.494304400Z. 11/09/2020 11:39:13 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81481 Keywords=None Message=File System Filter 'WdFilter' (10.0, ‎2098‎-‎06‎-‎20T11:58:38.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:39:13 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81480 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:39:14 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81482 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 11/09/2020 11:39:15 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=81485 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 11/09/2020 11:39:15 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81484 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:39:15 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81483 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:39:16 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81493 Keywords=None Message=Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:39:16 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81492 Keywords=None Message=Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:39:16 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81491 Keywords=None Message=Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:39:16 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81490 Keywords=None Message=Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:39:16 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81489 Keywords=None Message=Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:39:16 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81488 Keywords=None Message=Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:39:16 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81487 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:39:16 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81486 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:39:22 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81494 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 11/09/2020 11:39:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81500 Keywords=Classic Message=The RpcSs service entered the running state. 11/09/2020 11:39:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81499 Keywords=Classic Message=The RpcEptMapper service entered the running state. 11/09/2020 11:39:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81498 Keywords=Classic Message=The DcomLaunch service entered the running state. 11/09/2020 11:39:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81497 Keywords=Classic Message=The Power service entered the running state. 11/09/2020 11:39:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81496 Keywords=Classic Message=The PlugPlay service entered the running state. 11/09/2020 11:39:23 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81495 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81529 Keywords=Classic Message=The ShellHWDetection service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81528 Keywords=Classic Message=The DsmSvc service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81527 Keywords=Classic Message=The SENS service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81526 Keywords=Classic Message=The ProfSvc service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81525 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81524 Keywords=Classic Message=The NcbService service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81523 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81522 Keywords=Classic Message=The netprofm service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81521 Keywords=Classic Message=The FontCache service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81520 Keywords=Classic Message=The Dnscache service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81519 Keywords=Classic Message=The NlaSvc service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81518 Keywords=Classic Message=The Wcmsvc service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81517 Keywords=Classic Message=The Dhcp service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=81516 Keywords=None Message=DHCPv6 client service is started 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81515 Keywords=Classic Message=The EventLog service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=81514 Keywords=None Message=DHCPv4 client service is started 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81513 Keywords=Classic Message=The gpsvc service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81512 Keywords=Classic Message=The nsi service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81511 Keywords=Classic Message=The Themes service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81510 Keywords=Classic Message=The EventSystem service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81509 Keywords=Classic Message=The lmhosts service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81508 Keywords=Classic Message=The WPDBusEnum service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81507 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81506 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81505 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2019‎-‎04‎-‎02T04:23:00.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81504 Keywords=Classic Message=The TermService service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81503 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81502 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81501 Keywords=Classic Message=The LSM service entered the running state. 11/09/2020 11:39:24 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=None RecordNumber=81469 Keywords=Classic Message=The system uptime is 15 seconds. 11/09/2020 11:39:24 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=None RecordNumber=81468 Keywords=Classic Message=The Event log service was started. 11/09/2020 11:39:24 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=None RecordNumber=81465 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81556 Keywords=Classic Message=The WinDefend service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81555 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81554 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81553 Keywords=Classic Message=The StateRepository service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81552 Keywords=Classic Message=The iphlpsvc service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81551 Keywords=Classic Message=The WpnService service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81550 Keywords=Classic Message=The WinRM service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81549 Keywords=Classic Message=The W32Time service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81548 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81547 Keywords=Classic Message=The MpsSvc service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81546 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81545 Keywords=Classic Message=The RemoteRegistry service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81544 Keywords=Classic Message=The LanmanServer service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81543 Keywords=Classic Message=The Winmgmt service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81542 Keywords=Classic Message=The CryptSvc service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81541 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81540 Keywords=Classic Message=The Spooler service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81539 Keywords=Classic Message=The TrkWks service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81538 Keywords=Classic Message=The PcaSvc service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81537 Keywords=Classic Message=The UserManager service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81536 Keywords=Classic Message=The SessionEnv service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81535 Keywords=Classic Message=The SamSs service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81534 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81533 Keywords=Classic Message=The BFE service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81532 Keywords=Classic Message=The Schedule service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81531 Keywords=Classic Message=The CertPropSvc service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81530 Keywords=Classic Message=The UmRdpService service entered the running state. 11/09/2020 11:39:25 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=Info RecordNumber=81473 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 11/09/2020 11:39:26 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81558 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:10.0.1.15 has been brought up. 11/09/2020 11:39:26 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81557 Keywords=Classic Message=The NetSetupSvc service entered the running state. 11/09/2020 11:39:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81560 Keywords=Classic Message=The wuauserv service entered the running state. 11/09/2020 11:39:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81559 Keywords=Classic Message=The DeviceInstall service entered the running state. 11/09/2020 11:39:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81561 Keywords=Classic Message=The WdNisSvc service entered the running state. 11/09/2020 11:39:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81562 Keywords=Classic Message=The TrustedInstaller service entered the running state. 11/09/2020 11:40:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81564 Keywords=Classic Message=The vds service entered the running state. 11/09/2020 11:40:05 AM LogName=System SourceName=Virtual Disk Service EventCode=3 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=None RecordNumber=81563 Keywords=Classic Message=Service started. 11/09/2020 11:40:08 AM LogName=System SourceName=Microsoft-Windows-UserModePowerService EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=10 OpCode=Info RecordNumber=81565 Keywords=None Message=Process C:\Windows\System32\powercfg.exe (process ID:3972) reset policy scheme from {8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C} to {8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C} 11/09/2020 11:40:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82203 Keywords=Classic Message=The TrustedInstaller service entered the stopped state. 11/09/2020 11:40:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81566 Keywords=Classic Message=The start type of the Amazon SSM Agent service was changed from disabled to auto start. 11/09/2020 11:40:15 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81567 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-DRAP9BO\Administrator SID (S-1-5-21-2805018519-3480086718-1000522476-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:40:17 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82205 Keywords=Classic Message=The DPS service entered the running state. 11/09/2020 11:40:17 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82204 Keywords=Classic Message=The Connected Devices Platform Service service entered the stopped state. 11/09/2020 11:40:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82208 Keywords=Classic Message=The sppsvc service entered the running state. 11/09/2020 11:40:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82207 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the running state. 11/09/2020 11:40:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82206 Keywords=Classic Message=The MapsBroker service entered the running state. 11/09/2020 11:40:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81568 Keywords=Classic Message=The CNG Key Isolation service entered the running state. 11/09/2020 11:40:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81569 Keywords=Classic Message=The Microsoft Passport service entered the running state. 11/09/2020 11:40:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82209 Keywords=Classic Message=The UALSVC service entered the running state. 11/09/2020 11:40:21 AM LogName=System SourceName=Microsoft-Windows-HttpEvent EventCode=15301 EventType=3 Type=Warning ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81572 Keywords=Classic Message=SSL Certificate Settings created by an admin process for endpoint : 0.0.0.0:5986 . 11/09/2020 11:40:21 AM LogName=System SourceName=Microsoft-Windows-HttpEvent EventCode=15007 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81571 Keywords=Classic Message=Reservation for namespace identified by URL prefix https://+:5986/wsman/ was successfully added. 11/09/2020 11:40:21 AM LogName=System SourceName=Microsoft-Windows-HttpEvent EventCode=15008 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81570 Keywords=Classic Message=Reservation for namespace identified by URL prefix https://+:5986/wsman/ was successfully deleted. 11/09/2020 11:40:22 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81574 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-DRAP9BO\Administrator SID (S-1-5-21-2805018519-3480086718-1000522476-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:40:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81573 Keywords=Classic Message=The IPsec Policy Agent service entered the running state. 11/09/2020 11:40:23 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81576 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-DRAP9BO\Administrator SID (S-1-5-21-2805018519-3480086718-1000522476-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:40:23 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81575 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-DRAP9BO\Administrator SID (S-1-5-21-2805018519-3480086718-1000522476-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:40:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82211 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 11/09/2020 11:40:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82210 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 11/09/2020 11:40:24 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81578 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-DRAP9BO\Administrator SID (S-1-5-21-2805018519-3480086718-1000522476-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:40:24 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81577 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-DRAP9BO\Administrator SID (S-1-5-21-2805018519-3480086718-1000522476-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:40:25 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81580 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-DRAP9BO\Administrator SID (S-1-5-21-2805018519-3480086718-1000522476-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:40:25 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81579 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-DRAP9BO\Administrator SID (S-1-5-21-2805018519-3480086718-1000522476-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:40:28 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81582 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-DRAP9BO\Administrator SID (S-1-5-21-2805018519-3480086718-1000522476-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:40:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81581 Keywords=Classic Message=The Amazon SSM Agent service entered the running state. 11/09/2020 11:40:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82212 Keywords=Classic Message=The MapsBroker service entered the stopped state. 11/09/2020 11:40:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82213 Keywords=Classic Message=The SplunkForwarder Service service entered the running state. 11/09/2020 11:40:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82214 Keywords=Classic Message=A service was installed in the system. Service Name: npf Service File Name: C:/Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\npf.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 11/09/2020 11:40:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82215 Keywords=Classic Message=The Portable Device Enumerator Service service entered the stopped state. 11/09/2020 11:40:46 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81583 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-DRAP9BO\Administrator SID (S-1-5-21-2805018519-3480086718-1000522476-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:40:48 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81584 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-DRAP9BO\Administrator SID (S-1-5-21-2805018519-3480086718-1000522476-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:40:49 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82216 Keywords=Classic Message=The Software Protection service entered the stopped state. 11/09/2020 11:41:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82217 Keywords=Classic Message=The Network Setup Service service entered the stopped state. 11/09/2020 11:41:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81585 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from demand start to auto start. 11/09/2020 11:41:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81588 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the running state. 11/09/2020 11:41:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81587 Keywords=Classic Message=The Volume Shadow Copy service entered the running state. 11/09/2020 11:41:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81586 Keywords=Classic Message=The Portable Device Enumerator Service service entered the stopped state. 11/09/2020 11:41:26 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81591 Keywords=Classic Message=The Diagnostic System Host service entered the running state. 11/09/2020 11:41:26 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81590 Keywords=Classic Message=The Diagnostic Policy Service service entered the running state. 11/09/2020 11:41:26 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81589 Keywords=Classic Message=The Connected Devices Platform Service service entered the stopped state. 11/09/2020 11:41:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81592 Keywords=Classic Message=The Downloaded Maps Manager service entered the running state. 11/09/2020 11:41:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81594 Keywords=Classic Message=The Software Protection service entered the running state. 11/09/2020 11:41:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81593 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the running state. 11/09/2020 11:41:29 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81595 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-DRAP9BO\Administrator SID (S-1-5-21-2805018519-3480086718-1000522476-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:41:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81597 Keywords=Classic Message=The User Access Logging Service service entered the running state. 11/09/2020 11:41:31 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81596 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-DRAP9BO\Administrator SID (S-1-5-21-2805018519-3480086718-1000522476-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:41:32 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81598 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-DRAP9BO\Administrator SID (S-1-5-21-2805018519-3480086718-1000522476-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:41:33 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81599 Keywords=Classic Message=The process C:\Windows\system32\shutdown.exe (EC2AMAZ-DRAP9BO) has initiated the restart of computer EC2AMAZ-DRAP9BO on behalf of user EC2AMAZ-DRAP9BO\Administrator for the following reason: No title for this reason could be found Reason Code: 0x800000ff Shutdown Type: restart Comment: Reboot initiated by Ansible 11/09/2020 11:41:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81600 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81638 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81637 Keywords=Classic Message=The Windows Defender Service service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81632 Keywords=Classic Message=The Remote Desktop Services service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81631 Keywords=Classic Message=The User Profile Service service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81630 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81629 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81628 Keywords=Classic Message=The State Repository Service service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81627 Keywords=Classic Message=The Volume Shadow Copy service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81626 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81625 Keywords=Classic Message=The DHCP Client service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=81624 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81623 Keywords=Classic Message=The Certificate Propagation service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81622 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81621 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81620 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81619 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81618 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81617 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=81616 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81615 Keywords=Classic Message=The Windows Time service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81614 Keywords=Classic Message=The Diagnostic System Host service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81613 Keywords=Classic Message=The Diagnostic Policy Service service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81612 Keywords=Classic Message=The Distributed Link Tracking Client service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81611 Keywords=Classic Message=The Remote Desktop Services UserMode Port Redirector service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81610 Keywords=Classic Message=The Device Install Service service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81609 Keywords=Classic Message=The IPsec Policy Agent service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81608 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81607 Keywords=Classic Message=The Plug and Play service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81606 Keywords=Classic Message=The Amazon SSM Agent service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81605 Keywords=Classic Message=The User Access Logging Service service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81604 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81603 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 11/09/2020 11:41:37 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=None RecordNumber=81602 Keywords=Classic Message=The Event log service was stopped. 11/09/2020 11:41:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-DRAP9BO TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81601 Keywords=Classic Message=The Downloaded Maps Manager service entered the stopped state. 11/09/2020 11:41:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81639 Keywords=Classic Message=The Software Protection service entered the stopped state. 11/09/2020 11:41:40 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=103 OpCode=Info RecordNumber=81642 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 11/09/2020 11:41:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81641 Keywords=Classic Message=The Windows Update service entered the stopped state. 11/09/2020 11:41:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81640 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 11/09/2020 11:41:41 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=2 OpCode=Info RecordNumber=81643 Keywords=None Message=The operating system is shutting down at system time ‎2020‎-‎11‎-‎09T11:41:41.084141400Z. 11/09/2020 11:42:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81650 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 11/09/2020 11:42:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81649 Keywords=None Message=There are 0x1 boot options on this system. 11/09/2020 11:42:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=81648 Keywords=None Message=The boot menu policy was 0x0. 11/09/2020 11:42:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=81647 Keywords=None Message=The boot type was 0x0. 11/09/2020 11:42:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=81646 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 11/09/2020 11:42:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81645 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 11/09/2020 11:42:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=81644 Keywords=None Message=The operating system started at system time ‎2020‎-‎11‎-‎09T11:42:02.487123400Z. 11/09/2020 11:42:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81663 Keywords=None Message=Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:42:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81662 Keywords=None Message=Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:42:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81661 Keywords=None Message=Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:42:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81660 Keywords=None Message=Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:42:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81659 Keywords=None Message=Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:42:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81658 Keywords=None Message=Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:42:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81657 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:42:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81656 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:42:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=81655 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 11/09/2020 11:42:06 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81654 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:42:06 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81653 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:42:06 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81652 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 11/09/2020 11:42:06 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81651 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:42:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81666 Keywords=Classic Message=The PlugPlay service entered the running state. 11/09/2020 11:42:07 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81665 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 11/09/2020 11:42:07 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81664 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81729 Keywords=Classic Message=The KeyIso service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81728 Keywords=Classic Message=The NetSetupSvc service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81727 Keywords=Classic Message=The wuauserv service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81726 Keywords=Classic Message=The iphlpsvc service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81725 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81724 Keywords=Classic Message=The WinRM service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81723 Keywords=Classic Message=The StateRepository service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81722 Keywords=Classic Message=The WpnService service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81721 Keywords=Classic Message=The LanmanServer service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81720 Keywords=Classic Message=The W32Time service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81719 Keywords=Classic Message=The RemoteRegistry service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81718 Keywords=Classic Message=The Winmgmt service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81717 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81716 Keywords=Classic Message=The TrkWks service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81715 Keywords=Classic Message=The PcaSvc service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81714 Keywords=Classic Message=The MpsSvc service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81713 Keywords=Classic Message=The Spooler service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81712 Keywords=Classic Message=The CryptSvc service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81711 Keywords=Classic Message=The UserManager service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81710 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=Info RecordNumber=81708 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81707 Keywords=Classic Message=The SessionEnv service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81706 Keywords=Classic Message=The SamSs service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81705 Keywords=Classic Message=The Schedule service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81704 Keywords=Classic Message=The BFE service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81703 Keywords=Classic Message=The CertPropSvc service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81702 Keywords=Classic Message=The UmRdpService service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81701 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81700 Keywords=Classic Message=The NcbService service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81699 Keywords=Classic Message=The DsmSvc service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81698 Keywords=Classic Message=The netprofm service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81697 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81696 Keywords=Classic Message=The Dnscache service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81695 Keywords=Classic Message=The FontCache service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81694 Keywords=Classic Message=The ShellHWDetection service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81693 Keywords=Classic Message=The NlaSvc service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81692 Keywords=Classic Message=The SENS service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81691 Keywords=Classic Message=The Wcmsvc service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81690 Keywords=Classic Message=The ProfSvc service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81689 Keywords=Classic Message=The TrustedInstaller service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81688 Keywords=Classic Message=The gpsvc service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81687 Keywords=Classic Message=The Dhcp service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=81686 Keywords=None Message=DHCPv6 client service is started 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81685 Keywords=Classic Message=The WPDBusEnum service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81684 Keywords=Classic Message=The EventSystem service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=81683 Keywords=None Message=DHCPv4 client service is started 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81682 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81681 Keywords=Classic Message=The Themes service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81680 Keywords=Classic Message=The nsi service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81679 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81678 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81677 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2019‎-‎04‎-‎02T04:23:00.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81676 Keywords=Classic Message=The EventLog service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81675 Keywords=Classic Message=The lmhosts service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81674 Keywords=Classic Message=The TermService service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81673 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81672 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81671 Keywords=Classic Message=The LSM service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81670 Keywords=Classic Message=The RpcSs service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81669 Keywords=Classic Message=The RpcEptMapper service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81668 Keywords=Classic Message=The DcomLaunch service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81667 Keywords=Classic Message=The Power service entered the running state. 11/09/2020 11:42:08 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=None RecordNumber=81636 Keywords=Classic Message=The system uptime is 5 seconds. 11/09/2020 11:42:08 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=None RecordNumber=81635 Keywords=Classic Message=The Event log service was started. 11/09/2020 11:42:08 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=None RecordNumber=81634 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 11/09/2020 11:42:08 AM LogName=System SourceName=EventLog EventCode=6011 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=None RecordNumber=81633 Keywords=Classic Message=The NetBIOS name and DNS host name of this machine have been changed from EC2AMAZ-DRAP9BO to WIN-HOST-8. 11/09/2020 11:42:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81733 Keywords=Classic Message=The AmazonSSMAgent service entered the running state. 11/09/2020 11:42:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81732 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 11/09/2020 11:42:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81731 Keywords=Classic Message=The PolicyAgent service entered the running state. 11/09/2020 11:42:09 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81730 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:10.0.1.15 has been brought up. 11/09/2020 11:42:09 AM LogName=System SourceName=Microsoft-Windows-TerminalServices-RemoteConnectionManager EventCode=1056 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81709 Keywords=Classic Message=A new self signed certificate to be used for RD Session Host Server authentication on SSL connections was generated. The name on this certificate is win-host-8. The SHA1 hash of the certificate is in the event data. 11/09/2020 11:42:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81734 Keywords=Classic Message=The sppsvc service entered the running state. 11/09/2020 11:42:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81735 Keywords=Classic Message=The NetSetupSvc service entered the stopped state. 11/09/2020 11:42:16 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81736 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user WIN-HOST-8\Administrator SID (S-1-5-21-2805018519-3480086718-1000522476-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:42:24 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81737 Keywords=Classic Message=The process C:\Windows\system32\shutdown.exe (WIN-HOST-8) has initiated the restart of computer WIN-HOST-8 on behalf of user WIN-HOST-8\Administrator for the following reason: No title for this reason could be found Reason Code: 0x800000ff Shutdown Type: restart Comment: Reboot initiated by Ansible 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81771 Keywords=Classic Message=The Windows Update service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81770 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81769 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81765 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81764 Keywords=Classic Message=The Remote Desktop Services service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81763 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81762 Keywords=Classic Message=The Software Protection service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81761 Keywords=Classic Message=The State Repository Service service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81760 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81759 Keywords=Classic Message=The DHCP Client service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81758 Keywords=Classic Message=The User Profile Service service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81757 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=81756 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=81755 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81754 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81753 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81752 Keywords=Classic Message=The Distributed Link Tracking Client service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81751 Keywords=Classic Message=The IPsec Policy Agent service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81750 Keywords=Classic Message=The Certificate Propagation service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81749 Keywords=Classic Message=The Windows Time service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81748 Keywords=Classic Message=The Remote Desktop Services UserMode Port Redirector service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81747 Keywords=Classic Message=The Plug and Play service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81746 Keywords=Classic Message=The Amazon SSM Agent service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81745 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81744 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81743 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81742 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81741 Keywords=Classic Message=The NetSetupSvc service entered the running state. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81740 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from auto start to demand start. 11/09/2020 11:42:41 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=None RecordNumber=81739 Keywords=Classic Message=The Event log service was stopped. 11/09/2020 11:42:41 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10149 EventType=3 Type=Warning ComputerName=win-host-8 TaskCategory=None OpCode=Info RecordNumber=81738 Keywords=Classic Message=The WinRM service is not listening for WS-Management requests. User Action If you did not intentionally stop the service, use the following command to see the WinRM configuration: winrm enumerate winrm/config/listener 11/09/2020 11:42:45 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=2 OpCode=Info RecordNumber=81774 Keywords=None Message=The operating system is shutting down at system time ‎2020‎-‎11‎-‎09T11:42:45.780795800Z. 11/09/2020 11:42:45 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=103 OpCode=Info RecordNumber=81773 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 11/09/2020 11:42:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81772 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 11/09/2020 11:43:09 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81781 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 11/09/2020 11:43:09 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81780 Keywords=None Message=There are 0x1 boot options on this system. 11/09/2020 11:43:09 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=81779 Keywords=None Message=The boot menu policy was 0x0. 11/09/2020 11:43:09 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=81778 Keywords=None Message=The boot type was 0x0. 11/09/2020 11:43:09 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=81777 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 11/09/2020 11:43:09 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81776 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 11/09/2020 11:43:09 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=81775 Keywords=None Message=The operating system started at system time ‎2020‎-‎11‎-‎09T11:43:09.499137500Z. 11/09/2020 11:43:13 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81794 Keywords=None Message=Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:43:13 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81793 Keywords=None Message=Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:43:13 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81792 Keywords=None Message=Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:43:13 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81791 Keywords=None Message=Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:43:13 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81790 Keywords=None Message=Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:43:13 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81789 Keywords=None Message=Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:43:13 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81788 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:43:13 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81787 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:43:13 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=81786 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 11/09/2020 11:43:13 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81785 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:43:13 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81784 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:43:13 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81783 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 11/09/2020 11:43:13 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81782 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:43:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81797 Keywords=Classic Message=The PlugPlay service entered the running state. 11/09/2020 11:43:14 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81796 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 11/09/2020 11:43:14 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81795 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81857 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:10.0.1.15 has been brought up. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81856 Keywords=Classic Message=The NetSetupSvc service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81855 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81854 Keywords=Classic Message=The iphlpsvc service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81853 Keywords=Classic Message=The WinRM service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81852 Keywords=Classic Message=The StateRepository service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81851 Keywords=Classic Message=The WpnService service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81850 Keywords=Classic Message=The LanmanServer service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81849 Keywords=Classic Message=The MpsSvc service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81848 Keywords=Classic Message=The W32Time service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81847 Keywords=Classic Message=The TrkWks service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81846 Keywords=Classic Message=The Winmgmt service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81845 Keywords=Classic Message=The PcaSvc service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81844 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81843 Keywords=Classic Message=The RemoteRegistry service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81842 Keywords=Classic Message=The CryptSvc service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81841 Keywords=Classic Message=The Spooler service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81840 Keywords=Classic Message=The UserManager service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81839 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81838 Keywords=Classic Message=The SessionEnv service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81837 Keywords=Classic Message=The SamSs service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81836 Keywords=Classic Message=The Schedule service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81835 Keywords=Classic Message=The CertPropSvc service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81834 Keywords=Classic Message=The BFE service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=Info RecordNumber=81833 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81832 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81831 Keywords=Classic Message=The UmRdpService service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81830 Keywords=Classic Message=The NcbService service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81829 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81828 Keywords=Classic Message=The DsmSvc service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81827 Keywords=Classic Message=The netprofm service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81826 Keywords=Classic Message=The FontCache service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81825 Keywords=Classic Message=The Dnscache service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81824 Keywords=Classic Message=The ShellHWDetection service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81823 Keywords=Classic Message=The NlaSvc service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81822 Keywords=Classic Message=The SENS service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81821 Keywords=Classic Message=The Wcmsvc service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81820 Keywords=Classic Message=The ProfSvc service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81819 Keywords=Classic Message=The Dhcp service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81818 Keywords=Classic Message=The gpsvc service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=81817 Keywords=None Message=DHCPv6 client service is started 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81816 Keywords=Classic Message=The Themes service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81815 Keywords=Classic Message=The EventSystem service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=81814 Keywords=None Message=DHCPv4 client service is started 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81813 Keywords=Classic Message=The WPDBusEnum service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81812 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81811 Keywords=Classic Message=The nsi service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81810 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81809 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81808 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2019‎-‎04‎-‎02T04:23:00.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81807 Keywords=Classic Message=The EventLog service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81806 Keywords=Classic Message=The TermService service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81805 Keywords=Classic Message=The lmhosts service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81804 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81803 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81802 Keywords=Classic Message=The LSM service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81801 Keywords=Classic Message=The RpcSs service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81800 Keywords=Classic Message=The RpcEptMapper service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81799 Keywords=Classic Message=The DcomLaunch service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81798 Keywords=Classic Message=The Power service entered the running state. 11/09/2020 11:43:15 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=None RecordNumber=81768 Keywords=Classic Message=The system uptime is 5 seconds. 11/09/2020 11:43:15 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=None RecordNumber=81767 Keywords=Classic Message=The Event log service was started. 11/09/2020 11:43:15 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=None RecordNumber=81766 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 11/09/2020 11:43:16 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81861 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user WIN-HOST-8\Administrator SID (S-1-5-21-2805018519-3480086718-1000522476-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:43:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81860 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 11/09/2020 11:43:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81859 Keywords=Classic Message=The AmazonSSMAgent service entered the running state. 11/09/2020 11:43:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81858 Keywords=Classic Message=The PolicyAgent service entered the running state. 11/09/2020 11:43:36 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81865 Keywords=Classic Message=The Netlogon service entered the running state. 11/09/2020 11:43:36 AM LogName=System SourceName=NetJoin EventCode=4096 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81864 Keywords=None Message=The machine win-host-8 successfully joined the domain attackrange.local. 11/09/2020 11:43:36 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81863 Keywords=Classic Message=The NcaSvc service entered the stopped state. 11/09/2020 11:43:36 AM LogName=System SourceName=Workstation EventCode=3260 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=Info RecordNumber=81862 Keywords=Classic Message=This computer has been successfully joined to domain 'attackrange.local'. 11/09/2020 11:43:38 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81866 Keywords=Classic Message=The process C:\Windows\system32\shutdown.exe (WIN-HOST-8) has initiated the restart of computer WIN-HOST-8 on behalf of user WIN-HOST-8\Administrator for the following reason: No title for this reason could be found Reason Code: 0x800000ff Shutdown Type: restart Comment: Reboot initiated by Ansible 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=2 OpCode=Info RecordNumber=81898 Keywords=None Message=The operating system is shutting down at system time ‎2020‎-‎11‎-‎09T11:43:40.806931900Z. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=103 OpCode=Info RecordNumber=81897 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81893 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81892 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81891 Keywords=Classic Message=The Remote Desktop Services service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81890 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81889 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81888 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81887 Keywords=Classic Message=The State Repository Service service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81886 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81885 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81884 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81883 Keywords=Classic Message=The Certificate Propagation service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81882 Keywords=Classic Message=The User Profile Service service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81881 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81880 Keywords=Classic Message=The DHCP Client service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81879 Keywords=Classic Message=The IPsec Policy Agent service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81878 Keywords=Classic Message=The Distributed Link Tracking Client service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=81877 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=win-host-8 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=81876 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81875 Keywords=Classic Message=The Remote Desktop Services UserMode Port Redirector service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81874 Keywords=Classic Message=The Amazon SSM Agent service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81873 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81872 Keywords=Classic Message=The Windows Time service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81871 Keywords=Classic Message=The Plug and Play service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81870 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81869 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 11/09/2020 11:43:40 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=win-host-8 TaskCategory=None OpCode=None RecordNumber=81868 Keywords=Classic Message=The Event log service was stopped. 11/09/2020 11:43:40 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10149 EventType=3 Type=Warning ComputerName=win-host-8 TaskCategory=None OpCode=Info RecordNumber=81867 Keywords=Classic Message=The WinRM service is not listening for WS-Management requests. User Action If you did not intentionally stop the service, use the following command to see the WinRM configuration: winrm enumerate winrm/config/listener 11/09/2020 11:44:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81905 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 11/09/2020 11:44:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81904 Keywords=None Message=There are 0x1 boot options on this system. 11/09/2020 11:44:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=81903 Keywords=None Message=The boot menu policy was 0x0. 11/09/2020 11:44:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=81902 Keywords=None Message=The boot type was 0x0. 11/09/2020 11:44:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=81901 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 11/09/2020 11:44:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81900 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 11/09/2020 11:44:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=81899 Keywords=None Message=The operating system started at system time ‎2020‎-‎11‎-‎09T11:44:03.488440600Z. 11/09/2020 11:44:07 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81907 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 11/09/2020 11:44:07 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81906 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:44:08 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81918 Keywords=None Message=Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:44:08 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81917 Keywords=None Message=Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:44:08 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81916 Keywords=None Message=Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:44:08 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81915 Keywords=None Message=Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:44:08 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81914 Keywords=None Message=Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:44:08 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81913 Keywords=None Message=Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:44:08 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81912 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:44:08 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=81911 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:44:08 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=81910 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 11/09/2020 11:44:08 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81909 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:44:08 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81908 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:44:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81928 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 11/09/2020 11:44:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81927 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 11/09/2020 11:44:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81926 Keywords=Classic Message=The LSM service entered the running state. 11/09/2020 11:44:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81925 Keywords=Classic Message=The RpcSs service entered the running state. 11/09/2020 11:44:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81924 Keywords=Classic Message=The RpcEptMapper service entered the running state. 11/09/2020 11:44:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81923 Keywords=Classic Message=The DcomLaunch service entered the running state. 11/09/2020 11:44:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81922 Keywords=Classic Message=The Power service entered the running state. 11/09/2020 11:44:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81921 Keywords=Classic Message=The PlugPlay service entered the running state. 11/09/2020 11:44:09 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81920 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 11/09/2020 11:44:09 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81919 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81987 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81986 Keywords=Classic Message=The AmazonSSMAgent service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81985 Keywords=Classic Message=The PolicyAgent service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81984 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:10.0.1.15 has been brought up. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81983 Keywords=Classic Message=The KeyIso service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81982 Keywords=Classic Message=The NetSetupSvc service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81981 Keywords=Classic Message=The NcaSvc service entered the stopped state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81980 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81979 Keywords=Classic Message=The WinRM service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81978 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81977 Keywords=Classic Message=The iphlpsvc service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81976 Keywords=Classic Message=The WpnService service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81975 Keywords=Classic Message=The StateRepository service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81974 Keywords=Classic Message=The LanmanServer service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81973 Keywords=Classic Message=The UserManager service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81972 Keywords=Classic Message=The SessionEnv service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81971 Keywords=Classic Message=The MpsSvc service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81970 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81969 Keywords=Classic Message=The TrkWks service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81968 Keywords=Classic Message=The PcaSvc service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81967 Keywords=Classic Message=The Spooler service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81966 Keywords=Classic Message=The CryptSvc service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81965 Keywords=Classic Message=The RemoteRegistry service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-TerminalServices-RemoteConnectionManager EventCode=1056 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81964 Keywords=Classic Message=A new self signed certificate to be used for RD Session Host Server authentication on SSL connections was generated. The name on this certificate is win-host-8.attackrange.local. The SHA1 hash of the certificate is in the event data. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=Info RecordNumber=81963 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81962 Keywords=Classic Message=The Schedule service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81961 Keywords=Classic Message=The CertPropSvc service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81960 Keywords=Classic Message=The Winmgmt service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81959 Keywords=Classic Message=The UmRdpService service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81958 Keywords=Classic Message=The SamSs service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81957 Keywords=Classic Message=The Netlogon service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81956 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81955 Keywords=Classic Message=The BFE service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81954 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81953 Keywords=Classic Message=The NcbService service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81952 Keywords=Classic Message=The DsmSvc service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81951 Keywords=Classic Message=The FontCache service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81950 Keywords=Classic Message=The Wcmsvc service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81949 Keywords=Classic Message=The ShellHWDetection service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81948 Keywords=Classic Message=The netprofm service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81947 Keywords=Classic Message=The gpsvc service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81946 Keywords=Classic Message=The SENS service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81945 Keywords=Classic Message=The ProfSvc service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81944 Keywords=Classic Message=The NlaSvc service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81943 Keywords=Classic Message=The Themes service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81942 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81941 Keywords=Classic Message=The WPDBusEnum service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81940 Keywords=Classic Message=The EventSystem service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81939 Keywords=Classic Message=The Dhcp service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=81938 Keywords=None Message=DHCPv6 client service is started 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=81937 Keywords=None Message=DHCPv4 client service is started 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81936 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81935 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81934 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2019‎-‎04‎-‎02T04:23:00.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81933 Keywords=Classic Message=The Dnscache service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81932 Keywords=Classic Message=The EventLog service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81931 Keywords=Classic Message=The lmhosts service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81930 Keywords=Classic Message=The nsi service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81929 Keywords=Classic Message=The TermService service entered the running state. 11/09/2020 11:44:10 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=None RecordNumber=81896 Keywords=Classic Message=The system uptime is 6 seconds. 11/09/2020 11:44:10 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=None RecordNumber=81895 Keywords=Classic Message=The Event log service was started. 11/09/2020 11:44:10 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=None RecordNumber=81894 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 11/09/2020 11:44:11 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81991 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user WIN-HOST-8\Administrator SID (S-1-5-21-2805018519-3480086718-1000522476-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:44:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81990 Keywords=Classic Message=The wuauserv service entered the running state. 11/09/2020 11:44:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81989 Keywords=Classic Message=The NcaSvc service entered the stopped state. 11/09/2020 11:44:11 AM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1502 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Start RecordNumber=81988 Keywords=None Message=The Group Policy settings for the computer were processed successfully. New settings from 1 Group Policy objects were detected and applied. 11/09/2020 11:44:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81992 Keywords=Classic Message=The TrustedInstaller service entered the running state. 11/09/2020 11:44:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81993 Keywords=Classic Message=The W32Time service entered the running state. 11/09/2020 11:44:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81996 Keywords=Classic Message=The msiserver service entered the running state. 11/09/2020 11:44:21 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81995 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 11/09/2020 11:44:21 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=81994 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from win-dc-259.attackrange.local (ntp.d|0.0.0.0:123->10.0.1.14:123). 11/09/2020 11:44:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81999 Keywords=Classic Message=A service was installed in the system. Service Name: SplunkMonitorNoHandle Service File Name: system32\DRIVERS\SplunkMonitorNoHandleDrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 11/09/2020 11:44:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81998 Keywords=Classic Message=A service was installed in the system. Service Name: splknetdrv Service File Name: \SystemRoot\system32\DRIVERS\splknetdrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 11/09/2020 11:44:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=81997 Keywords=Classic Message=A service was installed in the system. Service Name: Splunk Trace Kernel Mode Driver Service File Name: \SystemRoot\system32\DRIVERS\splunkdrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 11/09/2020 11:44:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82000 Keywords=Classic Message=A service was installed in the system. Service Name: SplunkForwarder Service Service File Name: "C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 11/09/2020 11:44:36 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=35 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82001 Keywords=None Message=The time service is now synchronizing the system time with the time source time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 11/09/2020 11:44:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82002 Keywords=Classic Message=The SplunkForwarder Service service entered the running state. 11/09/2020 11:45:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82003 Keywords=Classic Message=A service was installed in the system. Service Name: nxlog Service File Name: "C:\Program Files (x86)\nxlog\nxlog.exe" -c "C:\Program Files (x86)\nxlog\conf\nxlog.conf" Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 11/09/2020 11:45:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82004 Keywords=Classic Message=The nxlog service entered the running state. 11/09/2020 11:45:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82006 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 11/09/2020 11:45:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82005 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 11/09/2020 11:45:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82007 Keywords=Classic Message=The SplunkForwarder Service service entered the running state. 11/09/2020 11:46:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82219 Keywords=Classic Message=The Windows Insider Service service entered the running state. 11/09/2020 11:46:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82218 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the running state. 11/09/2020 11:46:10 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82014 Keywords=None Message=File System Filter 'SysmonDrv' (0.0, ‎2020‎-‎11‎-‎04T10:48:06.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:46:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82013 Keywords=Classic Message=A service was installed in the system. Service Name: SysmonDrv Service File Name: C:\Windows\SysmonDrv.sys Service Type: kernel mode driver Service Start Type: boot start Service Account: 11/09/2020 11:46:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82012 Keywords=Classic Message=A service was installed in the system. Service Name: sysmon64 Service File Name: C:\Windows\sysmon64.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 11/09/2020 11:46:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82011 Keywords=Classic Message=The Downloaded Maps Manager service entered the running state. 11/09/2020 11:46:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82010 Keywords=Classic Message=The Diagnostic System Host service entered the running state. 11/09/2020 11:46:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82009 Keywords=Classic Message=The Diagnostic Policy Service service entered the running state. 11/09/2020 11:46:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82008 Keywords=Classic Message=The Connected Devices Platform Service service entered the stopped state. 11/09/2020 11:46:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82018 Keywords=Classic Message=The Software Protection service entered the running state. 11/09/2020 11:46:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82017 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the running state. 11/09/2020 11:46:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82016 Keywords=Classic Message=The Portable Device Enumerator Service service entered the stopped state. 11/09/2020 11:46:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82015 Keywords=Classic Message=The sysmon64 service entered the running state. 11/09/2020 11:46:13 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82019 Keywords=Classic Message=The User Access Logging Service service entered the running state. 11/09/2020 11:46:17 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82020 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 11/09/2020 11:46:18 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82021 Keywords=Classic Message=The process C:\Windows\system32\shutdown.exe (WIN-HOST-8) has initiated the restart of computer WIN-HOST-8 on behalf of user WIN-HOST-8\Administrator for the following reason: No title for this reason could be found Reason Code: 0x800000ff Shutdown Type: restart Comment: Reboot initiated by Ansible 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82054 Keywords=Classic Message=The Downloaded Maps Manager service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82053 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82052 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82051 Keywords=Classic Message=The Remote Desktop Services service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82050 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82049 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82048 Keywords=Classic Message=The State Repository Service service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82047 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82046 Keywords=Classic Message=The Certificate Propagation service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82045 Keywords=Classic Message=The DHCP Client service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82044 Keywords=Classic Message=The Software Protection service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=82043 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=82042 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82041 Keywords=Classic Message=The User Profile Service service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82040 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82039 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82038 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82037 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82036 Keywords=Classic Message=The Diagnostic Policy Service service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82035 Keywords=Classic Message=The Windows Time service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82034 Keywords=Classic Message=The IPsec Policy Agent service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82033 Keywords=Classic Message=The Distributed Link Tracking Client service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82032 Keywords=Classic Message=The Windows Installer service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82031 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82030 Keywords=Classic Message=The Diagnostic System Host service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82029 Keywords=Classic Message=The Amazon SSM Agent service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82028 Keywords=Classic Message=The Remote Desktop Services UserMode Port Redirector service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=82027 Keywords=Time Message=The system time has changed to ‎2020‎-‎11‎-‎09T11:46:20.532000000Z from ‎2020‎-‎11‎-‎09T11:46:20.532823200Z. Change Reason: An application or system component changed the time. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82026 Keywords=Classic Message=The Plug and Play service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82025 Keywords=Classic Message=The User Access Logging Service service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82024 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82023 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 11/09/2020 11:46:20 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=None RecordNumber=82022 Keywords=Classic Message=The Event log service was stopped. 11/09/2020 11:46:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82055 Keywords=Classic Message=The nxlog service entered the stopped state. 11/09/2020 11:46:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82057 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 11/09/2020 11:46:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82056 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 11/09/2020 11:46:23 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=2 OpCode=Info RecordNumber=82064 Keywords=None Message=The operating system is shutting down at system time ‎2020‎-‎11‎-‎09T11:46:23.861159400Z. 11/09/2020 11:46:23 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=103 OpCode=Info RecordNumber=82063 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 11/09/2020 11:46:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82062 Keywords=Classic Message=The Windows Update service entered the stopped state. 11/09/2020 11:46:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82061 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 11/09/2020 11:46:45 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82071 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 11/09/2020 11:46:45 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82070 Keywords=None Message=There are 0x1 boot options on this system. 11/09/2020 11:46:45 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=82069 Keywords=None Message=The boot menu policy was 0x0. 11/09/2020 11:46:45 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=82068 Keywords=None Message=The boot type was 0x0. 11/09/2020 11:46:45 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=82067 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 11/09/2020 11:46:45 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82066 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 11/09/2020 11:46:45 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=82065 Keywords=None Message=The operating system started at system time ‎2020‎-‎11‎-‎09T11:46:45.498665400Z. 11/09/2020 11:46:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=82085 Keywords=None Message=Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:46:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=82084 Keywords=None Message=Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:46:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=82083 Keywords=None Message=Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:46:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=82082 Keywords=None Message=Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:46:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=82081 Keywords=None Message=Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:46:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=82080 Keywords=None Message=Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:46:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=82079 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:46:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=82078 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 11/09/2020 11:46:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=82077 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 11/09/2020 11:46:49 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82076 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:46:49 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82075 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:46:49 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82074 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 11/09/2020 11:46:49 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82073 Keywords=None Message=File System Filter 'SysmonDrv' (0.0, ‎2020‎-‎11‎-‎04T10:48:06.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:46:49 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82072 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:46:50 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82086 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82148 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82147 Keywords=Classic Message=The StateRepository service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82146 Keywords=Classic Message=The WinRM service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82145 Keywords=Classic Message=The LanmanServer service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82144 Keywords=Classic Message=The WpnService service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82143 Keywords=Classic Message=The NetSetupSvc service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82142 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82141 Keywords=Classic Message=The RemoteRegistry service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82140 Keywords=Classic Message=The TrkWks service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82139 Keywords=Classic Message=The NcaSvc service entered the stopped state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82138 Keywords=Classic Message=The MpsSvc service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82137 Keywords=Classic Message=The UserManager service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82136 Keywords=Classic Message=The PcaSvc service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82135 Keywords=Classic Message=The CryptSvc service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82134 Keywords=Classic Message=The Spooler service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82133 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82132 Keywords=Classic Message=The iphlpsvc service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=Info RecordNumber=82131 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82130 Keywords=Classic Message=The SessionEnv service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82129 Keywords=Classic Message=The Netlogon service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82128 Keywords=Classic Message=The SamSs service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82127 Keywords=Classic Message=The Schedule service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82126 Keywords=Classic Message=The ShellHWDetection service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82125 Keywords=Classic Message=The FontCache service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82124 Keywords=Classic Message=The Wcmsvc service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82123 Keywords=Classic Message=The Winmgmt service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82122 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82121 Keywords=Classic Message=The CertPropSvc service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82120 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82119 Keywords=Classic Message=The SENS service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82118 Keywords=Classic Message=The BFE service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82117 Keywords=Classic Message=The UmRdpService service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82116 Keywords=Classic Message=The NcbService service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82115 Keywords=Classic Message=The DsmSvc service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82114 Keywords=Classic Message=The netprofm service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82113 Keywords=Classic Message=The EventSystem service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82112 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82111 Keywords=Classic Message=The gpsvc service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82110 Keywords=Classic Message=The ProfSvc service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82109 Keywords=Classic Message=The NlaSvc service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82108 Keywords=Classic Message=The WPDBusEnum service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82107 Keywords=Classic Message=The Themes service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82106 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82105 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82104 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2019‎-‎04‎-‎02T04:23:00.000000000Z) has successfully loaded and registered with Filter Manager. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82103 Keywords=Classic Message=The Dhcp service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=82102 Keywords=None Message=DHCPv6 client service is started 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82101 Keywords=Classic Message=The Dnscache service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=82100 Keywords=None Message=DHCPv4 client service is started 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82099 Keywords=Classic Message=The EventLog service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82098 Keywords=Classic Message=The nsi service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82097 Keywords=Classic Message=The lmhosts service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82096 Keywords=Classic Message=The TermService service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82095 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82094 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82093 Keywords=Classic Message=The LSM service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82092 Keywords=Classic Message=The RpcSs service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82091 Keywords=Classic Message=The RpcEptMapper service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82090 Keywords=Classic Message=The DcomLaunch service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82089 Keywords=Classic Message=The Power service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82088 Keywords=Classic Message=The PlugPlay service entered the running state. 11/09/2020 11:46:51 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82087 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 11/09/2020 11:46:51 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=None RecordNumber=82060 Keywords=Classic Message=The system uptime is 5 seconds. 11/09/2020 11:46:51 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=None RecordNumber=82059 Keywords=Classic Message=The Event log service was started. 11/09/2020 11:46:51 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=None RecordNumber=82058 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 11/09/2020 11:46:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82154 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 11/09/2020 11:46:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82153 Keywords=Classic Message=The AmazonSSMAgent service entered the running state. 11/09/2020 11:46:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82152 Keywords=Classic Message=The sysmon64 service entered the running state. 11/09/2020 11:46:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82151 Keywords=Classic Message=The PolicyAgent service entered the running state. 11/09/2020 11:46:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82150 Keywords=Classic Message=The nxlog service entered the running state. 11/09/2020 11:46:52 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4202 EventType=2 Type=Error ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82149 Keywords=None Message=Unable to update the IP address on Isatap interface isatap.eu-central-1.compute.internal. Update Type: 1. Error Code: 0x490. 11/09/2020 11:46:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82156 Keywords=Classic Message=The wuauserv service entered the running state. 11/09/2020 11:46:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82155 Keywords=Classic Message=The NcaSvc service entered the stopped state. 11/09/2020 11:46:56 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82157 Keywords=Classic Message=The TrustedInstaller service entered the running state. 11/09/2020 11:46:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82158 Keywords=Classic Message=The SplunkForwarder service entered the running state. 11/09/2020 11:47:00 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82159 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user WIN-HOST-8\Administrator SID (S-1-5-21-2805018519-3480086718-1000522476-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 11/09/2020 11:47:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82160 Keywords=Classic Message=The W32Time service entered the running state. 11/09/2020 11:47:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82220 Keywords=Classic Message=The Windows Insider Service service entered the stopped state. 11/09/2020 11:47:03 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82162 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 11/09/2020 11:47:03 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82161 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from win-dc-259.attackrange.local (ntp.d|0.0.0.0:123->10.0.1.14:123). 11/09/2020 11:47:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82221 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the stopped state. 11/09/2020 11:47:17 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=35 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82163 Keywords=None Message=The time service is now synchronizing the system time with the time source time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 11/09/2020 11:48:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82223 Keywords=Classic Message=The Windows Insider Service service entered the running state. 11/09/2020 11:48:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82222 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the running state. 11/09/2020 11:48:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82224 Keywords=Classic Message=The Device Setup Manager service entered the running state. 11/09/2020 11:48:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82225 Keywords=Classic Message=The Windows Modules Installer service entered the running state. 11/09/2020 11:48:04 AM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1501 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Start RecordNumber=82228 Keywords=None Message=The Group Policy settings for the user were processed successfully. There were no changes detected since the last successful processing of Group Policy. 11/09/2020 11:48:04 AM LogName=System SourceName=Microsoft-Windows-Winlogon EventCode=7001 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1101 OpCode=Info RecordNumber=82227 Keywords=None Message=User Logon Notification for Customer Experience Improvement Program 11/09/2020 11:48:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82226 Keywords=Classic Message=The Smart Card Device Enumeration Service service entered the running state. 11/09/2020 11:48:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82232 Keywords=Classic Message=The start type of the Encrypting File System (EFS) service was changed from auto start to demand start. 11/09/2020 11:48:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82231 Keywords=Classic Message=The CDPUserSvc_849df service entered the running state. 11/09/2020 11:48:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82230 Keywords=Classic Message=The Microsoft Passport Container service entered the running state. 11/09/2020 11:48:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82229 Keywords=Classic Message=The Microsoft Passport service entered the running state. 11/09/2020 11:48:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82235 Keywords=Classic Message=The Portable Device Enumerator Service service entered the running state. 11/09/2020 11:48:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82234 Keywords=Classic Message=The Network Connectivity Assistant service entered the stopped state. 11/09/2020 11:48:06 AM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1502 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Start RecordNumber=82233 Keywords=None Message=The Group Policy settings for the computer were processed successfully. New settings from 2 Group Policy objects were detected and applied. 11/09/2020 11:48:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82236 Keywords=Classic Message=The App Readiness service entered the running state. 11/09/2020 11:48:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82238 Keywords=Classic Message=The Client License Service (ClipSVC) service entered the running state. 11/09/2020 11:48:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82237 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the running state. 11/09/2020 11:48:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82239 Keywords=Classic Message=The Diagnostic System Host service entered the running state. 11/09/2020 11:48:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82241 Keywords=Classic Message=The Connected Devices Platform Service service entered the running state. 11/09/2020 11:48:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82240 Keywords=Classic Message=The CNG Key Isolation service entered the running state. 11/09/2020 11:48:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82242 Keywords=Classic Message=The Remote Registry service entered the stopped state. 11/09/2020 11:48:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82244 Keywords=Classic Message=The Geolocation Service service entered the running state. 11/09/2020 11:48:24 AM LogName=System SourceName=Lfsvc EventCode=2 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=Info RecordNumber=82243 Keywords=Classic Message=Geolocation positioning has been disabled by the user. 11/09/2020 11:48:27 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82245 Keywords=None Message=The access history in hive \??\C:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. 11/09/2020 11:48:28 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82246 Keywords=None Message=The access history in hive \??\C:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. 11/09/2020 11:48:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82247 Keywords=Classic Message=The Microsoft Account Sign-in Assistant service entered the running state. 11/09/2020 11:48:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82164 Keywords=Classic Message=The DsmSvc service entered the stopped state. 11/09/2020 11:48:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82168 Keywords=Classic Message=The Portable Device Enumerator Service service entered the stopped state. 11/09/2020 11:48:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82167 Keywords=Classic Message=The MapsBroker service entered the running state. 11/09/2020 11:48:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82166 Keywords=Classic Message=The DPS service entered the running state. 11/09/2020 11:48:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82165 Keywords=Classic Message=The Connected Devices Platform Service service entered the stopped state. 11/09/2020 11:48:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82170 Keywords=Classic Message=The sppsvc service entered the running state. 11/09/2020 11:48:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82169 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the running state. 11/09/2020 11:48:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82171 Keywords=Classic Message=The UALSVC service entered the running state. 11/09/2020 11:49:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82248 Keywords=Classic Message=The Windows Insider Service service entered the stopped state. 11/09/2020 11:49:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82172 Keywords=Classic Message=The MapsBroker service entered the stopped state. 11/09/2020 11:49:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82249 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the stopped state. 11/09/2020 11:49:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82174 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 11/09/2020 11:49:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82173 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 11/09/2020 11:49:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82175 Keywords=Classic Message=The SplunkForwarder Service service entered the running state. 11/09/2020 11:49:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82176 Keywords=Classic Message=A service was installed in the system. Service Name: npf Service File Name: C:/Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\npf.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 11/09/2020 11:49:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82177 Keywords=Classic Message=The Software Protection service entered the stopped state. 11/09/2020 11:49:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82178 Keywords=Classic Message=The Network Setup Service service entered the stopped state. 11/09/2020 11:50:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82250 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 11/09/2020 11:50:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82179 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 11/09/2020 11:50:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82253 Keywords=Classic Message=The Credential Manager service entered the running state. 11/09/2020 11:50:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82252 Keywords=Classic Message=The Sync Host_849df service entered the running state. 11/09/2020 11:50:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82251 Keywords=Classic Message=The Microsoft Passport service entered the stopped state. 11/09/2020 11:50:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82254 Keywords=Classic Message=The Portable Device Enumerator Service service entered the stopped state. 11/09/2020 11:50:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82181 Keywords=Classic Message=The Device Setup Manager service entered the running state. 11/09/2020 11:50:46 AM LogName=System SourceName=Microsoft-Windows-LSA EventCode=6038 EventType=3 Type=Warning ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=Info RecordNumber=82180 Keywords=Classic Message=Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server. NTLM is a weaker authentication mechanism. Please check: Which applications are using NTLM authentication? Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication? If NTLM must be supported, is Extended Protection configured? Details on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699. 11/09/2020 11:50:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82182 Keywords=Classic Message=The Windows Modules Installer service entered the running state. 11/09/2020 11:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82186 Keywords=Classic Message=The CDPUserSvc_774ef service entered the running state. 11/09/2020 11:50:48 AM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1501 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Start RecordNumber=82185 Keywords=None Message=The Group Policy settings for the user were processed successfully. There were no changes detected since the last successful processing of Group Policy. 11/09/2020 11:50:48 AM LogName=System SourceName=Microsoft-Windows-Winlogon EventCode=7001 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1101 OpCode=Info RecordNumber=82184 Keywords=None Message=User Logon Notification for Customer Experience Improvement Program 11/09/2020 11:50:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82183 Keywords=Classic Message=The Smart Card Device Enumeration Service service entered the running state. 11/09/2020 11:50:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82189 Keywords=Classic Message=The Client License Service (ClipSVC) service entered the running state. 11/09/2020 11:50:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82188 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the running state. 11/09/2020 11:50:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82187 Keywords=Classic Message=The App Readiness service entered the running state. 11/09/2020 11:50:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82190 Keywords=Classic Message=The Diagnostic System Host service entered the running state. 11/09/2020 11:50:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82192 Keywords=Classic Message=The Geolocation Service service entered the running state. 11/09/2020 11:50:53 AM LogName=System SourceName=Lfsvc EventCode=2 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=Info RecordNumber=82191 Keywords=Classic Message=Geolocation positioning has been disabled by the user. 11/09/2020 11:50:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82194 Keywords=Classic Message=The CNG Key Isolation service entered the running state. 11/09/2020 11:50:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82193 Keywords=Classic Message=The Microsoft Account Sign-in Assistant service entered the running state. 11/09/2020 11:50:55 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82196 Keywords=None Message=The access history in hive \??\C:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. 11/09/2020 11:50:55 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2805018519-3480086718-1000522476-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82195 Keywords=None Message=The access history in hive \??\C:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. 11/09/2020 11:50:56 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82197 Keywords=Classic Message=The Windows License Manager Service service entered the running state. 11/09/2020 11:51:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82255 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the running state. 11/09/2020 11:51:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82256 Keywords=Classic Message=The Windows Insider Service service entered the running state. 11/09/2020 11:51:13 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82257 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 11/09/2020 11:51:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82258 Keywords=Classic Message=The Microsoft Account Sign-in Assistant service entered the stopped state. 11/09/2020 11:51:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82198 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 11/09/2020 11:52:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82199 Keywords=Classic Message=The Smart Card Device Enumeration Service service entered the stopped state. 11/09/2020 11:52:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82259 Keywords=Classic Message=The Windows Insider Service service entered the stopped state. 11/09/2020 11:52:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82260 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the stopped state. 11/09/2020 11:52:49 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82201 Keywords=Classic Message=The Credential Manager service entered the running state. 11/09/2020 11:52:49 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82200 Keywords=Classic Message=The Sync Host_774ef service entered the running state. 11/09/2020 11:52:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82202 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 11/09/2020 11:53:13 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82261 Keywords=Classic Message=The Client License Service (ClipSVC) service entered the stopped state. 11/09/2020 11:53:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82262 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the stopped state. 11/09/2020 11:53:46 AM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1501 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Start RecordNumber=82264 Keywords=None Message=The Group Policy settings for the user were processed successfully. There were no changes detected since the last successful processing of Group Policy. 11/09/2020 11:53:46 AM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1500 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Start RecordNumber=82263 Keywords=None Message=The Group Policy settings for the computer were processed successfully. There were no changes detected since the last successful processing of Group Policy. 11/09/2020 11:53:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82203 Keywords=Classic Message=The Microsoft Account Sign-in Assistant service entered the stopped state. 11/09/2020 11:54:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82206 Keywords=Classic Message=The Microsoft Account Sign-in Assistant service entered the running state. 11/09/2020 11:54:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82205 Keywords=Classic Message=The Windows Insider Service service entered the running state. 11/09/2020 11:54:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82204 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the running state. 11/09/2020 11:55:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82207 Keywords=Classic Message=The Windows Insider Service service entered the stopped state. 11/09/2020 11:55:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82208 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the stopped state. 11/09/2020 11:55:56 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82209 Keywords=Classic Message=The Client License Service (ClipSVC) service entered the stopped state. 11/09/2020 11:55:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82210 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the stopped state. 11/09/2020 11:56:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82211 Keywords=Classic Message=The Remote Registry service entered the stopped state. 11/09/2020 11:57:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82213 Keywords=Classic Message=The Windows Insider Service service entered the running state. 11/09/2020 11:57:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82212 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the running state. 11/09/2020 11:57:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82265 Keywords=Classic Message=The Microsoft Passport Container service entered the stopped state. 11/09/2020 11:57:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82214 Keywords=Classic Message=The Microsoft Account Sign-in Assistant service entered the stopped state. 11/09/2020 11:58:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82215 Keywords=Classic Message=The Windows Insider Service service entered the stopped state. 11/09/2020 11:58:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82216 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the stopped state. 11/09/2020 12:00:00 PM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=None RecordNumber=82266 Keywords=Classic Message=The system uptime is 1328 seconds. 11/09/2020 12:00:00 PM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=None RecordNumber=82217 Keywords=Classic Message=The system uptime is 794 seconds. 11/09/2020 12:00:41 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82218 Keywords=Classic Message=The Device Setup Manager service entered the running state. 11/09/2020 12:00:42 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82221 Keywords=Classic Message=The Windows Modules Installer service entered the running state. 11/09/2020 12:00:42 PM LogName=System SourceName=Microsoft-Windows-Winlogon EventCode=7001 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1101 OpCode=Info RecordNumber=82220 Keywords=None Message=User Logon Notification for Customer Experience Improvement Program 11/09/2020 12:00:42 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82219 Keywords=Classic Message=The Smart Card Device Enumeration Service service entered the running state. 11/09/2020 12:00:50 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82225 Keywords=Classic Message=The Client License Service (ClipSVC) service entered the running state. 11/09/2020 12:00:50 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82224 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the running state. 11/09/2020 12:00:50 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82223 Keywords=Classic Message=The CDPUserSvc_18d700 service entered the running state. 11/09/2020 12:00:50 PM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1501 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-1112 SidType=0 TaskCategory=None OpCode=Start RecordNumber=82222 Keywords=None Message=The Group Policy settings for the user were processed successfully. There were no changes detected since the last successful processing of Group Policy. 11/09/2020 12:00:51 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82226 Keywords=Classic Message=The Connected Devices Platform Service service entered the running state. 11/09/2020 12:00:52 PM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-1112 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82229 Keywords=None Message=The access history in hive \??\C:\Users\paba\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. 11/09/2020 12:00:52 PM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-1112 SidType=0 TaskCategory=None OpCode=Info RecordNumber=82228 Keywords=None Message=The access history in hive \??\C:\Users\paba\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. 11/09/2020 12:00:52 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82227 Keywords=Classic Message=The Microsoft Account Sign-in Assistant service entered the running state. 11/09/2020 12:00:56 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82230 Keywords=Classic Message=The Windows License Manager Service service entered the stopped state. 11/09/2020 12:01:29 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82231 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 11/09/2020 12:02:30 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82232 Keywords=Classic Message=The Smart Card Device Enumeration Service service entered the stopped state. 11/09/2020 12:02:35 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82233 Keywords=Classic Message=The Device Setup Manager service entered the running state. 11/09/2020 12:02:36 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82234 Keywords=Classic Message=The Smart Card Device Enumeration Service service entered the running state. 11/09/2020 12:02:50 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82235 Keywords=Classic Message=The Sync Host_18d700 service entered the running state. 11/09/2020 12:03:07 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82267 Keywords=Classic Message=The Windows Update service entered the stopped state. 11/09/2020 12:03:28 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82236 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 11/09/2020 12:03:29 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82268 Keywords=Classic Message=The Remote Registry service entered the running state. 11/09/2020 12:03:43 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82237 Keywords=Classic Message=The Smart Card Device Enumeration Service service entered the stopped state. 11/09/2020 12:03:53 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82238 Keywords=Classic Message=The Microsoft Account Sign-in Assistant service entered the stopped state. 11/09/2020 12:04:36 PM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1501 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2991745389-3361229759-3978745117-500 SidType=0 TaskCategory=None OpCode=Start RecordNumber=82273 Keywords=None Message=The Group Policy settings for the user were processed successfully. There were no changes detected since the last successful processing of Group Policy. 11/09/2020 12:04:36 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82272 Keywords=Classic Message=The Windows Update service entered the running state. 11/09/2020 12:04:36 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82271 Keywords=Classic Message=The Portable Device Enumerator Service service entered the running state. 11/09/2020 12:04:36 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82270 Keywords=Classic Message=The Network Connectivity Assistant service entered the stopped state. 11/09/2020 12:04:36 PM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1502 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Start RecordNumber=82269 Keywords=None Message=The Group Policy settings for the computer were processed successfully. New settings from 2 Group Policy objects were detected and applied. 11/09/2020 12:04:42 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82239 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 11/09/2020 12:05:52 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82241 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the stopped state. 11/09/2020 12:05:52 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-8.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82240 Keywords=Classic Message=The Client License Service (ClipSVC) service entered the stopped state. 11/09/2020 12:06:36 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82274 Keywords=Classic Message=The Portable Device Enumerator Service service entered the stopped state. 11/09/2020 12:08:09 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-259.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=82275 Keywords=Classic Message=The App Readiness service entered the stopped state.