07/01/2021 04:09:14 PM
LogName=Microsoft-Windows-PrintService/Operational
SourceName=Microsoft-Windows-PrintService
EventCode=603
EventType=2
Type=Error
ComputerName=win-dc-128.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1166625382-1442148322-2337405042-500
SidType=0
TaskCategory=Client-side rendering
OpCode=Spooler Operation Failed
RecordNumber=13
Keywords=Classic Spooler Event, Client Side Rendering (CSR)
Message=The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-21-1166625382-1442148322-2337405042-500\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
07/01/2021 04:09:14 PM
LogName=Microsoft-Windows-PrintService/Operational
SourceName=Microsoft-Windows-PrintService
EventCode=603
EventType=2
Type=Error
ComputerName=win-dc-128.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-21-1166625382-1442148322-2337405042-500
SidType=0
TaskCategory=Client-side rendering
OpCode=Spooler Operation Failed
RecordNumber=12
Keywords=Classic Spooler Event, Client Side Rendering (CSR)
Message=The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-21-1166625382-1442148322-2337405042-500\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
07/01/2021 04:20:25 PM
LogName=Microsoft-Windows-PrintService/Operational
SourceName=Microsoft-Windows-PrintService
EventCode=316
EventType=4
Type=Information
ComputerName=win-dc-128.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-18
SidType=0
TaskCategory=Adding a printer driver
OpCode=Spooler Operation Succeeded
RecordNumber=14
Keywords=Print Driver, Classic Spooler Event
Message=Printer driver 1234 for Windows x64 Version-3 was added or updated. Files:- UNIDRV.DLL, kernelbase.dll, evil.dll. No user action is required.
07/01/2021 04:20:36 PM
LogName=Microsoft-Windows-PrintService/Operational
SourceName=Microsoft-Windows-PrintService
EventCode=316
EventType=4
Type=Information
ComputerName=win-dc-128.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-18
SidType=0
TaskCategory=Adding a printer driver
OpCode=Spooler Operation Succeeded
RecordNumber=15
Keywords=Print Driver, Classic Spooler Event
Message=Printer driver 1234 for Windows x64 Version-3 was added or updated. Files:- UNIDRV.DLL, kernelbase.dll, evil.dll. No user action is required.
07/01/2021 04:20:47 PM
LogName=Microsoft-Windows-PrintService/Operational
SourceName=Microsoft-Windows-PrintService
EventCode=809
EventType=2
Type=Error
ComputerName=win-dc-128.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-18
SidType=0
TaskCategory=Deleting a directory
OpCode=Spooler Operation Failed
RecordNumber=17
Keywords=Print Spooler
Message=The print spooler failed to recursively delete the directory C:\Windows\system32\spool\drivers\x64\3\Old, error code 0x0. See the event user data for context information.
07/01/2021 04:20:47 PM
LogName=Microsoft-Windows-PrintService/Operational
SourceName=Microsoft-Windows-PrintService
EventCode=316
EventType=4
Type=Information
ComputerName=win-dc-128.attackrange.local
User=NOT_TRANSLATED
Sid=S-1-5-18
SidType=0
TaskCategory=Adding a printer driver
OpCode=Spooler Operation Succeeded
RecordNumber=16
Keywords=Print Driver, Classic Spooler Event
Message=Printer driver 1234 for Windows x64 Version-3 was added or updated. Files:- UNIDRV.DLL, kernelbase.dll, evil.dll. No user action is required.