03/31/2021 10:48:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88699 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 03/31/2021 10:48:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88698 Keywords=None Message=There are 0x1 boot options on this system. 03/31/2021 10:48:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=88697 Keywords=None Message=The boot menu policy was 0x0. 03/31/2021 10:48:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=88696 Keywords=None Message=The boot type was 0x0. 03/31/2021 10:48:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=88695 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 03/31/2021 10:48:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88694 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 03/31/2021 10:48:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=88693 Keywords=None Message=The operating system started at system time ‎2021‎-‎03‎-‎31T10:48:03.493199900Z. 03/31/2021 10:48:10 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88702 Keywords=None Message=Volume \\?\Volume{69825a4f-0000-0000-0000-100000000000} (\Device\HarddiskVolume1) is healthy. No action is needed. 03/31/2021 10:48:10 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88701 Keywords=None Message=File System Filter 'WdFilter' (10.0, ‎2096‎-‎03‎-‎30T23:06:20.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 10:48:10 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88700 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 10:48:23 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=15 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88708 Keywords=None Message=Hive \SystemRoot\System32\config\DRIVERS was reorganized with a starting size of 5169152 bytes and an ending size of 5169152 bytes. 03/31/2021 10:48:23 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=88707 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 10:48:23 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=88706 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 10:48:23 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=88705 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 03/31/2021 10:48:23 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88704 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 10:48:23 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88703 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 10:48:24 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88709 Keywords=None Message=The access history in hive \Device\HarddiskVolume1\Boot\BCD was cleared updating 49 keys and creating 4 modified pages. 03/31/2021 10:48:25 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=15 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88710 Keywords=None Message=Hive \SystemRoot\System32\Config\SOFTWARE was reorganized with a starting size of 91312128 bytes and an ending size of 80035840 bytes. 03/31/2021 10:48:26 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88713 Keywords=None Message=The access history in hive \SystemRoot\System32\Config\SAM was cleared updating 85 keys and creating 8 modified pages. 03/31/2021 10:48:26 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88712 Keywords=None Message=The access history in hive \SystemRoot\System32\Config\SECURITY was cleared updating 83 keys and creating 4 modified pages. 03/31/2021 10:48:26 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88711 Keywords=None Message=The access history in hive \SystemRoot\System32\Config\DEFAULT was cleared updating 283 keys and creating 42 modified pages. 03/31/2021 10:48:34 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88714 Keywords=None Message=The access history in hive \??\C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT was cleared updating 621 keys and creating 34 modified pages. 03/31/2021 10:48:36 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88718 Keywords=None Message=The access history in hive \??\C:\Users\Default\NTUSER.DAT was cleared updating 1953 keys and creating 137 modified pages. 03/31/2021 10:48:36 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88717 Keywords=None Message=The access history in hive \??\C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat was cleared updating 842 keys and creating 113 modified pages. 03/31/2021 10:48:36 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88716 Keywords=None Message=The access history in hive \??\C:\Users\Administrator\NTUSER.DAT was cleared updating 1955 keys and creating 135 modified pages. 03/31/2021 10:48:36 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88715 Keywords=None Message=The access history in hive \??\C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT was cleared updating 627 keys and creating 37 modified pages. 03/31/2021 10:48:46 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88719 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 03/31/2021 10:48:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88730 Keywords=Classic Message=The DeviceInstall service entered the running state. 03/31/2021 10:48:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88729 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 03/31/2021 10:48:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88728 Keywords=Classic Message=The sppsvc service entered the running state. 03/31/2021 10:48:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88727 Keywords=Classic Message=The LSM service entered the running state. 03/31/2021 10:48:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88726 Keywords=Classic Message=The RpcSs service entered the running state. 03/31/2021 10:48:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88725 Keywords=Classic Message=The RpcEptMapper service entered the running state. 03/31/2021 10:48:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88724 Keywords=Classic Message=The DcomLaunch service entered the running state. 03/31/2021 10:48:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88723 Keywords=Classic Message=The Power service entered the running state. 03/31/2021 10:48:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88722 Keywords=Classic Message=The PlugPlay service entered the running state. 03/31/2021 10:48:47 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16977 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88721 Keywords=None Message=The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. 03/31/2021 10:48:47 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88720 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 03/31/2021 10:48:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88736 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 03/31/2021 10:48:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88735 Keywords=Classic Message=The AppXSvc service entered the running state. 03/31/2021 10:48:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88734 Keywords=Classic Message=The StateRepository service entered the running state. 03/31/2021 10:48:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88733 Keywords=Classic Message=The dmwappushservice service entered the running state. 03/31/2021 10:48:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88732 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 03/31/2021 10:48:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88731 Keywords=Classic Message=The NetSetupSvc service entered the running state. 03/31/2021 10:48:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88739 Keywords=Classic Message=The DsmSvc service entered the running state. 03/31/2021 10:48:53 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88738 Keywords=None Message=The access history in hive \SystemRoot\System32\Config\BBI was cleared updating 52 keys and creating 13 modified pages. 03/31/2021 10:48:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88737 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88775 Keywords=Classic Message=The Schedule service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88774 Keywords=Classic Message=The Winmgmt service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88773 Keywords=Classic Message=The W32Time service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88772 Keywords=Classic Message=The RemoteRegistry service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88771 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88770 Keywords=Classic Message=The MpsSvc service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88769 Keywords=Classic Message=The TrkWks service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88768 Keywords=Classic Message=The PcaSvc service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88767 Keywords=Classic Message=The Spooler service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88766 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88765 Keywords=Classic Message=The CryptSvc service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7023 EventType=2 Type=Error ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88764 Keywords=Classic Message=The netprofm service terminated with the following error: The device is not ready. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88763 Keywords=Classic Message=The netprofm service entered the stopped state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88762 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88761 Keywords=Classic Message=The NlaSvc service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88760 Keywords=Classic Message=The SamSs service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88759 Keywords=Classic Message=The Dnscache service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88758 Keywords=Classic Message=The BFE service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88757 Keywords=Classic Message=The FontCache service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88756 Keywords=Classic Message=The Wcmsvc service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88755 Keywords=Classic Message=The ShellHWDetection service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88754 Keywords=Classic Message=The gpsvc service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88753 Keywords=Classic Message=The ProfSvc service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88752 Keywords=Classic Message=The SENS service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88750 Keywords=Classic Message=The Themes service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88749 Keywords=Classic Message=The Dhcp service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=88748 Keywords=None Message=DHCPv6 client service is started 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88747 Keywords=Classic Message=The EventSystem service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=88746 Keywords=None Message=DHCPv4 client service is started 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88745 Keywords=Classic Message=The nsi service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88744 Keywords=Classic Message=The EventLog service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88743 Keywords=Classic Message=The WPDBusEnum service entered the running state. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88742 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88741 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2021‎-‎01‎-‎07T22:49:16.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 10:48:54 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88740 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 10:48:54 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=None RecordNumber=88685 Keywords=Classic Message=The Event log service was started. 03/31/2021 10:48:54 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=None RecordNumber=88684 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 03/31/2021 10:48:54 AM LogName=System SourceName=EventLog EventCode=6011 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=None RecordNumber=88683 Keywords=Classic Message=The NetBIOS name and DNS host name of this machine have been changed from EC2AMAZ-4AGFDD4 to WIN-AGLVLUHN3EH. 03/31/2021 10:48:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88783 Keywords=Classic Message=The WinDefend service entered the running state. 03/31/2021 10:48:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7023 EventType=2 Type=Error ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88782 Keywords=Classic Message=The IP Helper service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 03/31/2021 10:48:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88781 Keywords=Classic Message=The iphlpsvc service entered the stopped state. 03/31/2021 10:48:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88780 Keywords=Classic Message=The WinRM service entered the running state. 03/31/2021 10:48:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88779 Keywords=Classic Message=The UserManager service entered the running state. 03/31/2021 10:48:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88778 Keywords=Classic Message=The LanmanServer service entered the running state. 03/31/2021 10:48:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88777 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 03/31/2021 10:48:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88776 Keywords=Classic Message=The WpnService service entered the running state. 03/31/2021 10:48:55 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=Info RecordNumber=88751 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 03/31/2021 10:48:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88784 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 03/31/2021 10:48:58 AM LogName=System SourceName=Microsoft-Windows-UserPnp EventCode=20003 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=7005 OpCode=Info RecordNumber=88785 Keywords=None Message=Driver Management has concluded the process to add Service vxn for Device Instance ID PCI\VEN_8086&DEV_10ED&SUBSYS_00000000&REV_01\3&267A616A&2&18 with the following status: 0. 03/31/2021 10:48:59 AM LogName=System SourceName=Microsoft-Windows-UserPnp EventCode=20001 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=7005 OpCode=Info RecordNumber=88786 Keywords=None Message=Driver Management concluded the process to install driver vxn65x64.inf_amd64_c69f09961e9fb531\vxn65x64.inf for Device Instance ID PCI\VEN_8086&DEV_10ED&SUBSYS_00000000&REV_01\3&267A616A&2&18 with the following status: 0x0. 03/31/2021 10:49:00 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88788 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.AccountsControl_10.0.14393.2068_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/31/2021 10:49:00 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88787 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/31/2021 10:49:01 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88796 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/31/2021 10:49:01 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88795 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.AssignedAccessLockApp_1000.14393.2068.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/31/2021 10:49:01 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88794 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Apprep.ChxApp_1000.14393.2969.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/31/2021 10:49:01 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88793 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.LockApp_10.0.14393.2068_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/31/2021 10:49:01 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88792 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.BioEnrollment_10.0.14393.0_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/31/2021 10:49:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88791 Keywords=Classic Message=The TCP/IP NetBIOS Helper service entered the running state. 03/31/2021 10:49:01 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88790 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 03/31/2021 10:49:01 AM LogName=System SourceName=vxn EventCode=31 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=None RecordNumber=88789 Keywords=Classic Message=Intel(R) 82599 Virtual Function Network link has been established at 10Gbps full duplex. 03/31/2021 10:49:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88799 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/31/2021 10:49:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88798 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.SecondaryTileExperience_10.0.0.0_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/31/2021 10:49:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88797 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/31/2021 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88804 Keywords=Classic Message=The Windows Defender Network Inspection Service service entered the running state. 03/31/2021 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88803 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Windows.PrintDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/31/2021 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88802 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Windows.MiracastView_6.3.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/31/2021 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88801 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/31/2021 10:49:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88800 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/31/2021 10:49:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88805 Keywords=Classic Message=The Windows Update service entered the running state. 03/31/2021 10:49:12 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=15 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88806 Keywords=None Message=Hive \??\C:\Windows\System32\config\COMPONENTS was reorganized with a starting size of 119222272 bytes and an ending size of 90611712 bytes. 03/31/2021 10:49:13 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=15 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88807 Keywords=None Message=Hive \??\C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT was reorganized with a starting size of 12394496 bytes and an ending size of 11698176 bytes. 03/31/2021 10:49:29 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=88809 Keywords=Time Message=The system time has changed to ‎2021‎-‎03‎-‎31T10:49:29.080000000Z from ‎2021‎-‎03‎-‎31T10:49:29.088463300Z. Change Reason: An application or system component changed the time. 03/31/2021 10:49:29 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=88808 Keywords=Time Message=The system time has changed to ‎2021‎-‎03‎-‎31T10:49:29.080192200Z from ‎2021‎-‎03‎-‎31T10:49:29.080192200Z. Change Reason: System time adjusted to the new time zone. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88841 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88840 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88839 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88838 Keywords=Classic Message=The Windows Defender Service service entered the stopped state. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88833 Keywords=Classic Message=The DHCP Client service entered the stopped state. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=88832 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88831 Keywords=Classic Message=The State Repository Service service entered the stopped state. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=88830 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88829 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88828 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88827 Keywords=Classic Message=The User Profile Service service entered the stopped state. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88826 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the stopped state. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88825 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88824 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88823 Keywords=Classic Message=The Device Install Service service entered the stopped state. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88822 Keywords=Classic Message=The Software Protection service entered the stopped state. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88821 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88820 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88819 Keywords=Classic Message=The Distributed Link Tracking Client service entered the stopped state. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88818 Keywords=Classic Message=The Plug and Play service entered the stopped state. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88817 Keywords=Classic Message=The Windows Time service entered the stopped state. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88816 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88815 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88814 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 03/31/2021 10:49:39 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88813 Keywords=Classic Message=The process C:\Windows\system32\winlogon.exe (EC2AMAZ-4AGFDD4) has initiated the restart of computer WIN-AGLVLUHN3EH on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Upgrade (Planned) Reason Code: 0x80020003 Shutdown Type: restart Comment: 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Setup EventCode=2004 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=OS information OpCode=Info RecordNumber=88812 Keywords=None Message=Successfully logged OS information 03/31/2021 10:49:39 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=None RecordNumber=88811 Keywords=Classic Message=The Event log service was stopped. 03/31/2021 10:49:39 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10149 EventType=3 Type=Warning ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=Info RecordNumber=88810 Keywords=Classic Message=The WinRM service is not listening for WS-Management requests. User Action If you did not intentionally stop the service, use the following command to see the WinRM configuration: winrm enumerate winrm/config/listener 03/31/2021 10:49:44 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=103 OpCode=Info RecordNumber=88842 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 03/31/2021 10:49:45 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=2 OpCode=Info RecordNumber=88843 Keywords=None Message=The operating system is shutting down at system time ‎2021‎-‎03‎-‎31T10:49:45.279765000Z. 03/31/2021 10:50:14 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88850 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 03/31/2021 10:50:14 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88849 Keywords=None Message=There are 0x1 boot options on this system. 03/31/2021 10:50:14 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=88848 Keywords=None Message=The boot menu policy was 0x0. 03/31/2021 10:50:14 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=88847 Keywords=None Message=The boot type was 0x0. 03/31/2021 10:50:14 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=88846 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 03/31/2021 10:50:14 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88845 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 03/31/2021 10:50:14 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=88844 Keywords=None Message=The operating system started at system time ‎2021‎-‎03‎-‎31T10:50:14.488736600Z. 03/31/2021 10:50:18 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=88858 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 10:50:18 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=88857 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 10:50:18 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=88856 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 03/31/2021 10:50:18 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88855 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 10:50:18 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88854 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 10:50:18 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88853 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 03/31/2021 10:50:18 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88852 Keywords=None Message=File System Filter 'WdFilter' (10.0, ‎2096‎-‎03‎-‎30T23:06:20.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 10:50:18 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88851 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 10:50:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88868 Keywords=Classic Message=The LSM service entered the running state. 03/31/2021 10:50:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88867 Keywords=Classic Message=The RpcSs service entered the running state. 03/31/2021 10:50:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88866 Keywords=Classic Message=The RpcEptMapper service entered the running state. 03/31/2021 10:50:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88865 Keywords=Classic Message=The DcomLaunch service entered the running state. 03/31/2021 10:50:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88864 Keywords=Classic Message=The Power service entered the running state. 03/31/2021 10:50:20 AM LogName=System SourceName=vxn EventCode=31 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=None RecordNumber=88863 Keywords=Classic Message=Intel(R) 82599 Virtual Function Network link has been established at 10Gbps full duplex. 03/31/2021 10:50:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88862 Keywords=Classic Message=The PlugPlay service entered the running state. 03/31/2021 10:50:20 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16977 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88861 Keywords=None Message=The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. 03/31/2021 10:50:20 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88860 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 03/31/2021 10:50:20 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88859 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 03/31/2021 10:50:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88877 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 03/31/2021 10:50:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88876 Keywords=Classic Message=The AppXSvc service entered the running state. 03/31/2021 10:50:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88875 Keywords=Classic Message=The StateRepository service entered the running state. 03/31/2021 10:50:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88874 Keywords=Classic Message=The NetSetupSvc service entered the running state. 03/31/2021 10:50:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88873 Keywords=Classic Message=The dmwappushservice service entered the running state. 03/31/2021 10:50:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88872 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 03/31/2021 10:50:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88871 Keywords=Classic Message=The DeviceInstall service entered the running state. 03/31/2021 10:50:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88870 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 03/31/2021 10:50:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88869 Keywords=Classic Message=The sppsvc service entered the running state. 03/31/2021 10:50:26 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=88879 Keywords=Time Message=The system time has changed to ‎2021‎-‎03‎-‎31T10:50:26.868000000Z from ‎2021‎-‎03‎-‎31T10:50:26.872891800Z. Change Reason: An application or system component changed the time. 03/31/2021 10:50:26 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=88878 Keywords=Time Message=The system time has changed to ‎2021‎-‎03‎-‎31T10:50:26.868110800Z from ‎2021‎-‎03‎-‎31T10:50:26.868110800Z. Change Reason: System time adjusted to the new time zone. 03/31/2021 10:50:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88880 Keywords=Classic Message=The CryptSvc service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88913 Keywords=Classic Message=The UserManager service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88912 Keywords=Classic Message=The SamSs service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88911 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88910 Keywords=Classic Message=The BFE service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88909 Keywords=Classic Message=The Schedule service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88908 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88907 Keywords=Classic Message=The gpsvc service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88906 Keywords=Classic Message=The ShellHWDetection service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88905 Keywords=Classic Message=The FontCache service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88904 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88903 Keywords=Classic Message=The ProfSvc service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88902 Keywords=Classic Message=The Wcmsvc service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88901 Keywords=Classic Message=The SENS service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88900 Keywords=Classic Message=The Dnscache service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88899 Keywords=Classic Message=The EventSystem service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88898 Keywords=Classic Message=The WPDBusEnum service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88897 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88896 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88895 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2021‎-‎01‎-‎07T22:49:16.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88894 Keywords=Classic Message=The NcbService service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88892 Keywords=Classic Message=The Themes service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88891 Keywords=Classic Message=The DsmSvc service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88890 Keywords=Classic Message=The netprofm service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88889 Keywords=Classic Message=The lmhosts service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88888 Keywords=Classic Message=The NlaSvc service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88887 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88886 Keywords=Classic Message=The Dhcp service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=88885 Keywords=None Message=DHCPv6 client service is started 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=88884 Keywords=None Message=DHCPv4 client service is started 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88883 Keywords=Classic Message=The nsi service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88882 Keywords=Classic Message=The W32Time service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88881 Keywords=Classic Message=The EventLog service entered the running state. 03/31/2021 10:50:29 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=None RecordNumber=88837 Keywords=Classic Message=The system uptime is 14 seconds. 03/31/2021 10:50:29 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=None RecordNumber=88836 Keywords=Classic Message=The Event log service was started. 03/31/2021 10:50:29 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=None RecordNumber=88835 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 03/31/2021 10:50:29 AM LogName=System SourceName=EventLog EventCode=6011 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=None RecordNumber=88834 Keywords=Classic Message=The NetBIOS name and DNS host name of this machine have been changed from WIN-AGLVLUHN3EH to EC2AMAZ-FS1TSEM. 03/31/2021 10:50:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88926 Keywords=Classic Message=The WinDefend service entered the running state. 03/31/2021 10:50:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88925 Keywords=Classic Message=The iphlpsvc service entered the running state. 03/31/2021 10:50:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88924 Keywords=Classic Message=The LanmanServer service entered the running state. 03/31/2021 10:50:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88923 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 03/31/2021 10:50:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88922 Keywords=Classic Message=The WinRM service entered the running state. 03/31/2021 10:50:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88921 Keywords=Classic Message=The WpnService service entered the running state. 03/31/2021 10:50:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88920 Keywords=Classic Message=The MpsSvc service entered the running state. 03/31/2021 10:50:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88919 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 03/31/2021 10:50:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88918 Keywords=Classic Message=The RemoteRegistry service entered the running state. 03/31/2021 10:50:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88917 Keywords=Classic Message=The PcaSvc service entered the running state. 03/31/2021 10:50:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88916 Keywords=Classic Message=The TrkWks service entered the running state. 03/31/2021 10:50:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88915 Keywords=Classic Message=The Winmgmt service entered the running state. 03/31/2021 10:50:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88914 Keywords=Classic Message=The Spooler service entered the running state. 03/31/2021 10:50:30 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=Info RecordNumber=88893 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 03/31/2021 10:50:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88927 Keywords=Classic Message=The WdNisSvc service entered the running state. 03/31/2021 10:50:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88929 Keywords=Classic Message=The AppReadiness service entered the running state. 03/31/2021 10:50:33 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88928 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:169.254.176.226 has been brought up. 03/31/2021 10:50:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88937 Keywords=Classic Message=The DmEnrollmentSvc service entered the stopped state. 03/31/2021 10:50:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88936 Keywords=Classic Message=The DmEnrollmentSvc service entered the running state. 03/31/2021 10:50:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88935 Keywords=Classic Message=The wlidsvc service entered the running state. 03/31/2021 10:50:34 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=88934 Keywords=Time Message=The system time has changed to ‎2021‎-‎03‎-‎31T10:50:34.561567800Z from ‎2021‎-‎03‎-‎31T10:50:34.561567800Z. Change Reason: System time adjusted to the new time zone. 03/31/2021 10:50:34 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=35 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88933 Keywords=None Message=The time service is now synchronizing the system time with the time source 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 03/31/2021 10:50:34 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88932 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 03/31/2021 10:50:34 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88931 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:172.31.39.142 has been brought up. 03/31/2021 10:50:34 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4201 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88930 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal is no longer active. 03/31/2021 10:50:36 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88938 Keywords=Classic Message=The TermService service entered the running state. 03/31/2021 10:50:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88942 Keywords=Classic Message=The CertPropSvc service entered the running state. 03/31/2021 10:50:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88941 Keywords=Classic Message=The SessionEnv service entered the running state. 03/31/2021 10:50:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88940 Keywords=Classic Message=The UmRdpService service entered the running state. 03/31/2021 10:50:38 AM LogName=System SourceName=Microsoft-Windows-TPM-WMI EventCode=1282 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88945 Keywords=None Message=The TBS device identifier has been generated. 03/31/2021 10:50:38 AM LogName=System SourceName=Microsoft-Windows-TPM-WMI EventCode=1281 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88944 Keywords=None Message=This event triggers the TBS device identifier generation. 03/31/2021 10:50:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88943 Keywords=Classic Message=The KeyIso service entered the running state. 03/31/2021 10:50:38 AM LogName=System SourceName=Microsoft-Windows-TerminalServices-RemoteConnectionManager EventCode=1056 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88939 Keywords=Classic Message=A new self signed certificate to be used for RD Session Host Server authentication on SSL connections was generated. The name on this certificate is EC2AMAZ-FS1TSEM. The SHA1 hash of the certificate is in the event data. 03/31/2021 10:50:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88946 Keywords=Classic Message=The wuauserv service entered the running state. 03/31/2021 10:50:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88947 Keywords=Classic Message=The TrustedInstaller service entered the running state. 03/31/2021 10:50:52 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88949 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 03/31/2021 10:50:52 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=88948 Keywords=Time Message=The system time has changed to ‎2021‎-‎03‎-‎31T10:50:52.669000000Z from ‎2021‎-‎03‎-‎31T10:50:52.678415100Z. Change Reason: An application or system component changed the time. 03/31/2021 10:51:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88951 Keywords=Classic Message=The vds service entered the running state. 03/31/2021 10:51:03 AM LogName=System SourceName=Virtual Disk Service EventCode=3 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=None RecordNumber=88950 Keywords=Classic Message=Service started. 03/31/2021 10:51:07 AM LogName=System SourceName=Microsoft-Windows-UserModePowerService EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=10 OpCode=Info RecordNumber=88952 Keywords=None Message=Process C:\Windows\System32\powercfg.exe (process ID:3312) reset policy scheme from {8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C} to {8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C} 03/31/2021 10:51:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88953 Keywords=Classic Message=The start type of the Amazon SSM Agent service was changed from disabled to auto start. 03/31/2021 10:51:21 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88954 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-FS1TSEM\Administrator SID (S-1-5-21-4055678433-3894535204-3898404691-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88982 Keywords=Classic Message=The User Profile Service service entered the stopped state. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88981 Keywords=Classic Message=The DHCP Client service entered the stopped state. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=88980 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=88979 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88978 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88977 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88976 Keywords=Classic Message=The Certificate Propagation service entered the stopped state. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88975 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88974 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88973 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the stopped state. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88972 Keywords=Classic Message=The Remote Desktop Services service entered the stopped state. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88971 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88970 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88969 Keywords=Classic Message=The Device Install Service service entered the stopped state. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88968 Keywords=Classic Message=The Software Protection service entered the stopped state. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88967 Keywords=Classic Message=The Distributed Link Tracking Client service entered the stopped state. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88966 Keywords=Classic Message=The Remote Desktop Services UserMode Port Redirector service entered the stopped state. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88965 Keywords=Classic Message=The Plug and Play service entered the stopped state. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88964 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88963 Keywords=Classic Message=The Windows Time service entered the stopped state. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=88962 Keywords=Time Message=The system time has changed to ‎2021‎-‎03‎-‎31T10:51:24.585000000Z from ‎2021‎-‎03‎-‎31T10:51:24.604265900Z. Change Reason: An application or system component changed the time. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88961 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88960 Keywords=Classic Message=The App Readiness service entered the stopped state. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88959 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88958 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 03/31/2021 10:51:24 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88957 Keywords=Classic Message=The process C:\Windows\system32\shutdown.exe (EC2AMAZ-FS1TSEM) has initiated the shutdown of computer EC2AMAZ-FS1TSEM on behalf of user EC2AMAZ-FS1TSEM\Administrator for the following reason: No title for this reason could be found Reason Code: 0x800000ff Shutdown Type: shutdown Comment: 03/31/2021 10:51:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88956 Keywords=Classic Message=The start type of the Amazon SSM Agent service was changed from auto start to disabled. 03/31/2021 10:51:24 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=None RecordNumber=88955 Keywords=Classic Message=The Event log service was stopped. 03/31/2021 10:51:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88990 Keywords=Classic Message=The Windows Update service entered the stopped state. 03/31/2021 10:51:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88989 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 03/31/2021 10:51:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88988 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 03/31/2021 10:51:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88987 Keywords=Classic Message=The Windows Defender Service service entered the stopped state. 03/31/2021 10:51:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88986 Keywords=Classic Message=The State Repository Service service entered the stopped state. 03/31/2021 10:51:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88992 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 03/31/2021 10:51:29 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=103 OpCode=Info RecordNumber=88991 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 03/31/2021 10:51:30 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=2 OpCode=Info RecordNumber=88993 Keywords=None Message=The operating system is shutting down at system time ‎2021‎-‎03‎-‎31T10:51:30.044410500Z. 03/31/2021 11:46:41 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89001 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 03/31/2021 11:46:41 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89000 Keywords=None Message=There are 0x1 boot options on this system. 03/31/2021 11:46:41 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=88999 Keywords=None Message=The boot menu policy was 0x0. 03/31/2021 11:46:41 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=88998 Keywords=None Message=The boot type was 0x0. 03/31/2021 11:46:41 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=88997 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 03/31/2021 11:46:41 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88996 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 03/31/2021 11:46:41 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=88994 Keywords=None Message=The operating system started at system time ‎2021‎-‎03‎-‎31T11:46:41.497884300Z. 03/31/2021 11:46:45 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89003 Keywords=None Message=File System Filter 'WdFilter' (10.0, ‎2096‎-‎03‎-‎30T23:06:20.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:46:45 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89002 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:46:46 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89004 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 03/31/2021 11:46:48 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=89007 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 03/31/2021 11:46:48 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89006 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:46:48 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89005 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:46:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89015 Keywords=None Message=Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:46:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89014 Keywords=None Message=Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:46:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89013 Keywords=None Message=Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:46:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89012 Keywords=None Message=Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:46:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89011 Keywords=None Message=Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:46:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89010 Keywords=None Message=Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:46:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89009 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:46:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89008 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:46:55 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89016 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 03/31/2021 11:46:56 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89019 Keywords=Classic Message=The PlugPlay service entered the running state. 03/31/2021 11:46:56 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16977 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89018 Keywords=None Message=The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. 03/31/2021 11:46:56 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89017 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 03/31/2021 11:46:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89035 Keywords=Classic Message=The nsi service entered the running state. 03/31/2021 11:46:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89034 Keywords=Classic Message=The Themes service entered the running state. 03/31/2021 11:46:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89033 Keywords=Classic Message=The EventSystem service entered the running state. 03/31/2021 11:46:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89032 Keywords=Classic Message=The WPDBusEnum service entered the running state. 03/31/2021 11:46:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89031 Keywords=Classic Message=The lmhosts service entered the running state. 03/31/2021 11:46:57 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89030 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:46:57 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89029 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:46:57 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89028 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2021‎-‎01‎-‎07T22:49:16.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:46:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89027 Keywords=Classic Message=The TermService service entered the running state. 03/31/2021 11:46:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89026 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 03/31/2021 11:46:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89025 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 03/31/2021 11:46:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89024 Keywords=Classic Message=The LSM service entered the running state. 03/31/2021 11:46:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89023 Keywords=Classic Message=The RpcSs service entered the running state. 03/31/2021 11:46:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89022 Keywords=Classic Message=The RpcEptMapper service entered the running state. 03/31/2021 11:46:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89021 Keywords=Classic Message=The DcomLaunch service entered the running state. 03/31/2021 11:46:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89020 Keywords=Classic Message=The Power service entered the running state. 03/31/2021 11:46:57 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=None RecordNumber=88984 Keywords=Classic Message=The Event log service was started. 03/31/2021 11:46:57 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=None RecordNumber=88983 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89059 Keywords=Classic Message=The BFE service entered the running state. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89058 Keywords=Classic Message=The UserManager service entered the running state. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89057 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89056 Keywords=Classic Message=The Schedule service entered the running state. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89055 Keywords=Classic Message=The SessionEnv service entered the running state. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89054 Keywords=Classic Message=The CertPropSvc service entered the running state. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89053 Keywords=Classic Message=The NcbService service entered the running state. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89052 Keywords=Classic Message=The UmRdpService service entered the running state. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89051 Keywords=Classic Message=The DsmSvc service entered the running state. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89050 Keywords=Classic Message=The netprofm service entered the running state. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89049 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89048 Keywords=Classic Message=The NlaSvc service entered the running state. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89047 Keywords=Classic Message=The FontCache service entered the running state. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89046 Keywords=Classic Message=The Dnscache service entered the running state. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89045 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89044 Keywords=Classic Message=The ShellHWDetection service entered the running state. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89043 Keywords=Classic Message=The gpsvc service entered the running state. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89042 Keywords=Classic Message=The SENS service entered the running state. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89041 Keywords=Classic Message=The ProfSvc service entered the running state. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89040 Keywords=Classic Message=The Wcmsvc service entered the running state. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89039 Keywords=Classic Message=The Dhcp service entered the running state. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89038 Keywords=Classic Message=The EventLog service entered the running state. 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=89037 Keywords=None Message=DHCPv6 client service is started 03/31/2021 11:46:58 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=89036 Keywords=None Message=DHCPv4 client service is started 03/31/2021 11:46:58 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=None RecordNumber=88985 Keywords=Classic Message=The system uptime is 16 seconds. 03/31/2021 11:46:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89079 Keywords=Classic Message=The WinDefend service entered the running state. 03/31/2021 11:46:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89078 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 03/31/2021 11:46:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89077 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 03/31/2021 11:46:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89076 Keywords=Classic Message=The StateRepository service entered the running state. 03/31/2021 11:46:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89075 Keywords=Classic Message=The iphlpsvc service entered the running state. 03/31/2021 11:46:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89074 Keywords=Classic Message=The WpnService service entered the running state. 03/31/2021 11:46:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89073 Keywords=Classic Message=The WinRM service entered the running state. 03/31/2021 11:46:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89072 Keywords=Classic Message=The LanmanServer service entered the running state. 03/31/2021 11:46:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89071 Keywords=Classic Message=The Winmgmt service entered the running state. 03/31/2021 11:46:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89070 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 03/31/2021 11:46:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89069 Keywords=Classic Message=The W32Time service entered the running state. 03/31/2021 11:46:59 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89068 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 03/31/2021 11:46:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89067 Keywords=Classic Message=The RemoteRegistry service entered the running state. 03/31/2021 11:46:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89066 Keywords=Classic Message=The Spooler service entered the running state. 03/31/2021 11:46:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89065 Keywords=Classic Message=The TrkWks service entered the running state. 03/31/2021 11:46:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89064 Keywords=Classic Message=The PcaSvc service entered the running state. 03/31/2021 11:46:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89063 Keywords=Classic Message=The CryptSvc service entered the running state. 03/31/2021 11:46:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89062 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 03/31/2021 11:46:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89061 Keywords=Classic Message=The SamSs service entered the running state. 03/31/2021 11:46:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89060 Keywords=Classic Message=The MpsSvc service entered the running state. 03/31/2021 11:46:59 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=Info RecordNumber=88995 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 03/31/2021 11:47:00 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89081 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:10.0.1.14 has been brought up. 03/31/2021 11:47:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89080 Keywords=Classic Message=The NetSetupSvc service entered the running state. 03/31/2021 11:47:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89083 Keywords=Classic Message=The wuauserv service entered the running state. 03/31/2021 11:47:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89082 Keywords=Classic Message=The DeviceInstall service entered the running state. 03/31/2021 11:47:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89084 Keywords=Classic Message=The TrustedInstaller service entered the running state. 03/31/2021 11:47:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89085 Keywords=Classic Message=The WdNisSvc service entered the running state. 03/31/2021 11:47:27 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89086 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 03/31/2021 11:47:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89088 Keywords=Classic Message=The vds service entered the running state. 03/31/2021 11:47:40 AM LogName=System SourceName=Virtual Disk Service EventCode=3 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=None RecordNumber=89087 Keywords=Classic Message=Service started. 03/31/2021 11:47:43 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=35 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89090 Keywords=None Message=The time service is now synchronizing the system time with the time source 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 03/31/2021 11:47:43 AM LogName=System SourceName=Microsoft-Windows-UserModePowerService EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=10 OpCode=Info RecordNumber=89089 Keywords=None Message=Process C:\Windows\System32\powercfg.exe (process ID:4032) reset policy scheme from {8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C} to {8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C} 03/31/2021 11:47:47 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89091 Keywords=Classic Message=The start type of the Amazon SSM Agent service was changed from disabled to auto start. 03/31/2021 11:47:54 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89092 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-FS1TSEM\Administrator SID (S-1-5-21-4055678433-3894535204-3898404691-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/31/2021 11:47:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89094 Keywords=Classic Message=The Microsoft Passport service entered the running state. 03/31/2021 11:47:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89093 Keywords=Classic Message=The CNG Key Isolation service entered the running state. 03/31/2021 11:47:59 AM LogName=System SourceName=Microsoft-Windows-HttpEvent EventCode=15301 EventType=3 Type=Warning ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89097 Keywords=Classic Message=SSL Certificate Settings created by an admin process for endpoint : 0.0.0.0:5986 . 03/31/2021 11:47:59 AM LogName=System SourceName=Microsoft-Windows-HttpEvent EventCode=15007 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89096 Keywords=Classic Message=Reservation for namespace identified by URL prefix https://+:5986/wsman/ was successfully added. 03/31/2021 11:47:59 AM LogName=System SourceName=Microsoft-Windows-HttpEvent EventCode=15008 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89095 Keywords=Classic Message=Reservation for namespace identified by URL prefix https://+:5986/wsman/ was successfully deleted. 03/31/2021 11:48:01 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89099 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-FS1TSEM\Administrator SID (S-1-5-21-4055678433-3894535204-3898404691-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/31/2021 11:48:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89098 Keywords=Classic Message=The IPsec Policy Agent service entered the running state. 03/31/2021 11:48:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89100 Keywords=Classic Message=The Amazon SSM Agent service entered the running state. 03/31/2021 11:48:13 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89104 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-FS1TSEM\Administrator SID (S-1-5-21-4055678433-3894535204-3898404691-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/31/2021 11:48:13 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89103 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-FS1TSEM\Administrator SID (S-1-5-21-4055678433-3894535204-3898404691-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/31/2021 11:48:13 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89102 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-FS1TSEM\Administrator SID (S-1-5-21-4055678433-3894535204-3898404691-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/31/2021 11:48:13 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89101 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-FS1TSEM\Administrator SID (S-1-5-21-4055678433-3894535204-3898404691-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/31/2021 11:48:14 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89107 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-FS1TSEM\Administrator SID (S-1-5-21-4055678433-3894535204-3898404691-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/31/2021 11:48:14 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89106 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-FS1TSEM\Administrator SID (S-1-5-21-4055678433-3894535204-3898404691-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/31/2021 11:48:14 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89105 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-FS1TSEM\Administrator SID (S-1-5-21-4055678433-3894535204-3898404691-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/31/2021 11:48:15 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89108 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-FS1TSEM\Administrator SID (S-1-5-21-4055678433-3894535204-3898404691-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/31/2021 11:48:17 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89109 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-FS1TSEM\Administrator SID (S-1-5-21-4055678433-3894535204-3898404691-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/31/2021 11:48:38 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89110 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-FS1TSEM\Administrator SID (S-1-5-21-4055678433-3894535204-3898404691-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/31/2021 11:48:40 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89111 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-FS1TSEM\Administrator SID (S-1-5-21-4055678433-3894535204-3898404691-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/31/2021 11:48:41 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89112 Keywords=None Message=The access history in hive \??\C:\Windows\AppCompat\Programs\Amcache.hve was cleared updating 13 keys and creating 7 modified pages. 03/31/2021 11:48:57 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89113 Keywords=Classic Message=The Portable Device Enumerator Service service entered the stopped state. 03/31/2021 11:49:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89116 Keywords=Classic Message=The Diagnostic System Host service entered the running state. 03/31/2021 11:49:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89115 Keywords=Classic Message=The Diagnostic Policy Service service entered the running state. 03/31/2021 11:49:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89114 Keywords=Classic Message=The Connected Devices Platform Service service entered the stopped state. 03/31/2021 11:49:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89117 Keywords=Classic Message=The Downloaded Maps Manager service entered the running state. 03/31/2021 11:49:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89119 Keywords=Classic Message=The Software Protection service entered the running state. 03/31/2021 11:49:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89118 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the running state. 03/31/2021 11:49:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89120 Keywords=Classic Message=The User Access Logging Service service entered the running state. 03/31/2021 11:49:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89121 Keywords=Classic Message=The Downloaded Maps Manager service entered the stopped state. 03/31/2021 11:49:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89122 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from demand start to auto start. 03/31/2021 11:49:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89124 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the running state. 03/31/2021 11:49:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89123 Keywords=Classic Message=The Volume Shadow Copy service entered the running state. 03/31/2021 11:49:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89126 Keywords=Classic Message=The Client License Service (ClipSVC) service entered the running state. 03/31/2021 11:49:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89125 Keywords=Classic Message=The Microsoft Account Sign-in Assistant service entered the running state. 03/31/2021 11:49:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89127 Keywords=Classic Message=The Windows License Manager Service service entered the running state. 03/31/2021 11:49:25 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89128 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-FS1TSEM\Administrator SID (S-1-5-21-4055678433-3894535204-3898404691-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/31/2021 11:49:26 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89129 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-FS1TSEM\Administrator SID (S-1-5-21-4055678433-3894535204-3898404691-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/31/2021 11:49:28 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89130 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-FS1TSEM\Administrator SID (S-1-5-21-4055678433-3894535204-3898404691-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/31/2021 11:49:29 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89131 Keywords=Classic Message=The process C:\Windows\system32\shutdown.exe (EC2AMAZ-FS1TSEM) has initiated the restart of computer EC2AMAZ-FS1TSEM on behalf of user EC2AMAZ-FS1TSEM\Administrator for the following reason: No title for this reason could be found Reason Code: 0x800000ff Shutdown Type: restart Comment: Reboot initiated by Ansible 03/31/2021 11:49:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89132 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 03/31/2021 11:49:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89133 Keywords=Classic Message=The Device Install Service service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89163 Keywords=Classic Message=The Remote Desktop Services service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89162 Keywords=Classic Message=The State Repository Service service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89161 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89160 Keywords=Classic Message=The Software Protection service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89159 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89158 Keywords=Classic Message=The Volume Shadow Copy service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89157 Keywords=Classic Message=The Certificate Propagation service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89156 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89155 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89154 Keywords=Classic Message=The DHCP Client service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=89153 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=89152 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89151 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89150 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89149 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89148 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89147 Keywords=Classic Message=The IPsec Policy Agent service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89146 Keywords=Classic Message=The Client License Service (ClipSVC) service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89145 Keywords=Classic Message=The Distributed Link Tracking Client service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89144 Keywords=Classic Message=The Windows Time service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89143 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89142 Keywords=Classic Message=The Diagnostic System Host service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89141 Keywords=Classic Message=The Remote Desktop Services UserMode Port Redirector service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89140 Keywords=Classic Message=The Diagnostic Policy Service service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=89139 Keywords=Time Message=The system time has changed to ‎2021‎-‎03‎-‎31T11:49:33.915000000Z from ‎2021‎-‎03‎-‎31T11:49:33.916315400Z. Change Reason: An application or system component changed the time. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89138 Keywords=Classic Message=The Plug and Play service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89137 Keywords=Classic Message=The User Access Logging Service service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89136 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89135 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 03/31/2021 11:49:33 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=EC2AMAZ-FS1TSEM TaskCategory=None OpCode=None RecordNumber=89134 Keywords=Classic Message=The Event log service was stopped. 03/31/2021 11:49:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89171 Keywords=Classic Message=The Windows Defender Service service entered the stopped state. 03/31/2021 11:49:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89166 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 03/31/2021 11:49:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89165 Keywords=Classic Message=The User Profile Service service entered the stopped state. 03/31/2021 11:49:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89164 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 03/31/2021 11:49:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89173 Keywords=Classic Message=The Windows Update service entered the stopped state. 03/31/2021 11:49:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89172 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 03/31/2021 11:49:38 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=103 OpCode=Info RecordNumber=89174 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 03/31/2021 11:49:39 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=2 OpCode=Info RecordNumber=89175 Keywords=None Message=The operating system is shutting down at system time ‎2021‎-‎03‎-‎31T11:49:39.488109400Z. 03/31/2021 11:50:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89182 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 03/31/2021 11:50:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89181 Keywords=None Message=There are 0x1 boot options on this system. 03/31/2021 11:50:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=89180 Keywords=None Message=The boot menu policy was 0x0. 03/31/2021 11:50:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=89179 Keywords=None Message=The boot type was 0x0. 03/31/2021 11:50:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=89178 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 03/31/2021 11:50:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89177 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 03/31/2021 11:50:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=89176 Keywords=None Message=The operating system started at system time ‎2021‎-‎03‎-‎31T11:50:02.499585200Z. 03/31/2021 11:50:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89195 Keywords=None Message=Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:50:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89194 Keywords=None Message=Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:50:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89193 Keywords=None Message=Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:50:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89192 Keywords=None Message=Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:50:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89191 Keywords=None Message=Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:50:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89190 Keywords=None Message=Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:50:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89189 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:50:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89188 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:50:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=89187 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 03/31/2021 11:50:06 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89186 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:50:06 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89185 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:50:06 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89184 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 03/31/2021 11:50:06 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89183 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:50:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89201 Keywords=Classic Message=The DcomLaunch service entered the running state. 03/31/2021 11:50:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89200 Keywords=Classic Message=The Power service entered the running state. 03/31/2021 11:50:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89199 Keywords=Classic Message=The PlugPlay service entered the running state. 03/31/2021 11:50:08 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16977 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89198 Keywords=None Message=The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. 03/31/2021 11:50:08 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89197 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 03/31/2021 11:50:08 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89196 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89257 Keywords=Classic Message=The WpnService service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89256 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89255 Keywords=Classic Message=The StateRepository service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89254 Keywords=Classic Message=The WinRM service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89253 Keywords=Classic Message=The LanmanServer service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89252 Keywords=Classic Message=The UserManager service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89251 Keywords=Classic Message=The CryptSvc service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89250 Keywords=Classic Message=The Winmgmt service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89249 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89248 Keywords=Classic Message=The W32Time service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89247 Keywords=Classic Message=The RemoteRegistry service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89246 Keywords=Classic Message=The PcaSvc service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89245 Keywords=Classic Message=The MpsSvc service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89244 Keywords=Classic Message=The Spooler service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89243 Keywords=Classic Message=The TrkWks service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89242 Keywords=Classic Message=The Schedule service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89241 Keywords=Classic Message=The SessionEnv service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89240 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89239 Keywords=Classic Message=The SamSs service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89238 Keywords=Classic Message=The BFE service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89237 Keywords=Classic Message=The DsmSvc service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89236 Keywords=Classic Message=The NcbService service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89235 Keywords=Classic Message=The CertPropSvc service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89234 Keywords=Classic Message=The UmRdpService service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89233 Keywords=Classic Message=The netprofm service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89232 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89231 Keywords=Classic Message=The Dnscache service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89230 Keywords=Classic Message=The NlaSvc service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89229 Keywords=Classic Message=The Wcmsvc service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89228 Keywords=Classic Message=The FontCache service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89227 Keywords=Classic Message=The ShellHWDetection service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89226 Keywords=Classic Message=The gpsvc service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89225 Keywords=Classic Message=The SENS service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89224 Keywords=Classic Message=The TrustedInstaller service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89223 Keywords=Classic Message=The ProfSvc service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89222 Keywords=Classic Message=The Dhcp service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=89221 Keywords=None Message=DHCPv6 client service is started 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89220 Keywords=Classic Message=The EventSystem service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=89219 Keywords=None Message=DHCPv4 client service is started 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89218 Keywords=Classic Message=The Themes service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89217 Keywords=Classic Message=The WPDBusEnum service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89216 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89215 Keywords=Classic Message=The nsi service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89214 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89213 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89212 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2021‎-‎01‎-‎07T22:49:16.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=Info RecordNumber=89210 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89209 Keywords=Classic Message=The EventLog service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89208 Keywords=Classic Message=The lmhosts service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89207 Keywords=Classic Message=The TermService service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89206 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89205 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89204 Keywords=Classic Message=The LSM service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89203 Keywords=Classic Message=The RpcSs service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89202 Keywords=Classic Message=The RpcEptMapper service entered the running state. 03/31/2021 11:50:09 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=None RecordNumber=89170 Keywords=Classic Message=The system uptime is 6 seconds. 03/31/2021 11:50:09 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=None RecordNumber=89169 Keywords=Classic Message=The Event log service was started. 03/31/2021 11:50:09 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=None RecordNumber=89168 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 03/31/2021 11:50:09 AM LogName=System SourceName=EventLog EventCode=6011 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=None RecordNumber=89167 Keywords=Classic Message=The NetBIOS name and DNS host name of this machine have been changed from EC2AMAZ-FS1TSEM to WIN-DC-892. 03/31/2021 11:50:10 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89264 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:10.0.1.14 has been brought up. 03/31/2021 11:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89263 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 03/31/2021 11:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89262 Keywords=Classic Message=The PolicyAgent service entered the running state. 03/31/2021 11:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89261 Keywords=Classic Message=The NetSetupSvc service entered the running state. 03/31/2021 11:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89260 Keywords=Classic Message=The KeyIso service entered the running state. 03/31/2021 11:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89259 Keywords=Classic Message=The iphlpsvc service entered the running state. 03/31/2021 11:50:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89258 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 03/31/2021 11:50:10 AM LogName=System SourceName=Microsoft-Windows-TerminalServices-RemoteConnectionManager EventCode=1056 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89211 Keywords=Classic Message=A new self signed certificate to be used for RD Session Host Server authentication on SSL connections was generated. The name on this certificate is win-dc-892. The SHA1 hash of the certificate is in the event data. 03/31/2021 11:50:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89266 Keywords=Classic Message=The AmazonSSMAgent service entered the running state. 03/31/2021 11:50:11 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89265 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user WIN-DC-892\Administrator SID (S-1-5-21-4055678433-3894535204-3898404691-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/31/2021 11:50:13 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89267 Keywords=Classic Message=The wuauserv service entered the running state. 03/31/2021 11:50:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89268 Keywords=Classic Message=The NetSetupSvc service entered the stopped state. 03/31/2021 11:50:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89270 Keywords=Classic Message=The NetSetupSvc service entered the running state. 03/31/2021 11:50:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89269 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from auto start to demand start. 03/31/2021 11:51:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89271 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from demand start to auto start. 03/31/2021 11:51:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89272 Keywords=Classic Message=A service was installed in the system. Service Name: DNS Server Service File Name: %systemroot%\system32\dns.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 03/31/2021 11:51:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89273 Keywords=Classic Message=The DNS Server service entered the running state. 03/31/2021 11:51:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89276 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the running state. 03/31/2021 11:51:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89275 Keywords=Classic Message=The Volume Shadow Copy service entered the running state. 03/31/2021 11:51:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89274 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from auto start to demand start. 03/31/2021 11:51:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89277 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the running state. 03/31/2021 11:51:17 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89279 Keywords=Classic Message=The Microsoft Account Sign-in Assistant service entered the running state. 03/31/2021 11:51:17 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89278 Keywords=Classic Message=The Windows Insider Service service entered the running state. 03/31/2021 11:51:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89280 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from demand start to auto start. 03/31/2021 11:51:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89281 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from auto start to demand start. 03/31/2021 11:51:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89282 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from demand start to auto start. 03/31/2021 11:52:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89284 Keywords=Classic Message=A service was installed in the system. Service Name: Kerberos Key Distribution Center Service File Name: %SystemRoot%\System32\lsass.exe Service Type: user mode service Service Start Type: disabled Service Account: LocalSystem 03/31/2021 11:52:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89283 Keywords=Classic Message=A service was installed in the system. Service Name: Intersite Messaging Service File Name: %SystemRoot%\System32\ismserv.exe Service Type: user mode service Service Start Type: disabled Service Account: LocalSystem 03/31/2021 11:52:06 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89300 Keywords=None Message=File System Filter 'DfsrRo' (10.0, ‎2016‎-‎07‎-‎16T02:20:37.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:52:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89299 Keywords=Classic Message=The DFS Namespace service entered the running state. 03/31/2021 11:52:06 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89298 Keywords=None Message=File System Filter 'DfsDriver' (10.0, ‎2016‎-‎07‎-‎16T02:21:37.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:52:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89297 Keywords=Classic Message=The DFS Replication service entered the running state. 03/31/2021 11:52:06 AM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14531 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89295 Keywords=Classic Message=DFS server has finished initializing. 03/31/2021 11:52:06 AM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14533 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89294 Keywords=Classic Message=DFS has finished building all namespaces. 03/31/2021 11:52:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89293 Keywords=Classic Message=A service was installed in the system. Service Name: Microsoft Key Distribution Service Service File Name: %SystemRoot%\system32\lsass.exe Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem 03/31/2021 11:52:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89292 Keywords=Classic Message=A service was installed in the system. Service Name: Active Directory Web Services Service File Name: %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe Service Type: user mode service Service Start Type: disabled Service Account: LocalSystem 03/31/2021 11:52:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89291 Keywords=Classic Message=A service was installed in the system. Service Name: DFS Namespace Server Filter Driver Service File Name: system32\drivers\dfs.sys Service Type: kernel mode driver Service Start Type: system start Service Account: 03/31/2021 11:52:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89290 Keywords=Classic Message=A service was installed in the system. Service Name: File Replication Service File Name: %SystemRoot%\system32\ntfrs.exe Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem 03/31/2021 11:52:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89289 Keywords=Classic Message=A service was installed in the system. Service Name: DS Role Server Service File Name: %SystemRoot%\System32\lsass.exe Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem 03/31/2021 11:52:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89288 Keywords=Classic Message=A service was installed in the system. Service Name: DFS Replication ReadOnly Driver Service File Name: system32\drivers\dfsrro.sys Service Type: kernel mode driver Service Start Type: boot start Service Account: 03/31/2021 11:52:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89287 Keywords=Classic Message=A service was installed in the system. Service Name: DFS Namespace Service File Name: %SystemRoot%\system32\dfssvc.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 03/31/2021 11:52:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89286 Keywords=Classic Message=A service was installed in the system. Service Name: DFS Replication Service File Name: %SystemRoot%\system32\DFSRs.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 03/31/2021 11:52:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89285 Keywords=Classic Message=A service was installed in the system. Service Name: Active Directory Domain Services Service File Name: %SystemRoot%\System32\lsass.exe Service Type: user mode service Service Start Type: disabled Service Account: LocalSystem 03/31/2021 11:52:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89302 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from auto start to demand start. 03/31/2021 11:52:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89301 Keywords=Classic Message=The Virtual Disk service entered the running state. 03/31/2021 11:52:07 AM LogName=System SourceName=Virtual Disk Service EventCode=3 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=None RecordNumber=89296 Keywords=Classic Message=Service started. 03/31/2021 11:52:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89303 Keywords=Classic Message=The Portable Device Enumerator Service service entered the stopped state. 03/31/2021 11:52:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89305 Keywords=Classic Message=The Diagnostic Policy Service service entered the running state. 03/31/2021 11:52:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89304 Keywords=Classic Message=The Connected Devices Platform Service service entered the stopped state. 03/31/2021 11:52:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89307 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the running state. 03/31/2021 11:52:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89306 Keywords=Classic Message=The Downloaded Maps Manager service entered the running state. 03/31/2021 11:52:13 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89308 Keywords=Classic Message=The Software Protection service entered the running state. 03/31/2021 11:52:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89309 Keywords=Classic Message=The User Access Logging Service service entered the running state. 03/31/2021 11:52:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89310 Keywords=Classic Message=The DS Role Server service entered the running state. 03/31/2021 11:52:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89311 Keywords=Classic Message=The Downloaded Maps Manager service entered the stopped state. 03/31/2021 11:52:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89312 Keywords=Classic Message=The Network Connectivity Assistant service entered the stopped state. 03/31/2021 11:52:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89313 Keywords=Classic Message=The Software Protection service entered the stopped state. 03/31/2021 11:52:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89320 Keywords=Classic Message=The Network Connectivity Assistant service entered the stopped state. 03/31/2021 11:52:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89319 Keywords=Classic Message=The start type of the Distributed Link Tracking Client service was changed from auto start to demand start. 03/31/2021 11:52:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89318 Keywords=Classic Message=The start type of the Kerberos Key Distribution Center service was changed from disabled to auto start. 03/31/2021 11:52:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89317 Keywords=Classic Message=The start type of the Intersite Messaging service was changed from disabled to auto start. 03/31/2021 11:52:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89316 Keywords=Classic Message=The start type of the Active Directory Domain Services service was changed from disabled to auto start. 03/31/2021 11:52:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89315 Keywords=Classic Message=The start type of the Netlogon service was changed from demand start to auto start. 03/31/2021 11:52:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89322 Keywords=Classic Message=The DFS Replication service entered the stopped state. 03/31/2021 11:52:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89321 Keywords=Classic Message=The Virtual Disk service entered the stopped state. 03/31/2021 11:52:51 AM LogName=System SourceName=Virtual Disk Service EventCode=4 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=None RecordNumber=89314 Keywords=Classic Message=Service stopped. 03/31/2021 11:52:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89323 Keywords=Classic Message=The start type of the File Replication service was changed from demand start to disabled. 03/31/2021 11:52:56 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89325 Keywords=Classic Message=The start type of the SSDP Discovery service was changed from demand start to disabled. 03/31/2021 11:52:56 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89324 Keywords=Classic Message=The start type of the UPnP Device Host service was changed from demand start to disabled. 03/31/2021 11:52:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89330 Keywords=Classic Message=The Netlogon service entered the running state. 03/31/2021 11:52:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89329 Keywords=Classic Message=The start type of the Encrypting File System (EFS) service was changed from demand start to auto start. 03/31/2021 11:52:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89328 Keywords=Classic Message=The start type of the Active Directory Web Services service was changed from disabled to auto start. 03/31/2021 11:52:58 AM LogName=System SourceName=NETLOGON EventCode=5719 EventType=2 Type=Error ComputerName=win-dc-892 TaskCategory=None OpCode=Info RecordNumber=89327 Keywords=Classic Message=This computer was not able to set up a secure session with a domain controller in domain ATTACKRANGE due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. 03/31/2021 11:52:58 AM LogName=System SourceName=NETLOGON EventCode=5516 EventType=2 Type=Error ComputerName=win-dc-892 TaskCategory=None OpCode=Info RecordNumber=89326 Keywords=Classic Message=The computer or domain WIN-DC-892 trusts domain ATTACKRANGE. (This may be an indirect trust.) However, WIN-DC-892 and ATTACKRANGE have the same machine security identifier (SID). NT should be re-installed on either WIN-DC-892 or ATTACKRANGE. 03/31/2021 11:53:02 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89331 Keywords=Classic Message=The process C:\Windows\system32\shutdown.exe (WIN-DC-892) has initiated the restart of computer WIN-DC-892 on behalf of user WIN-DC-892\Administrator for the following reason: No title for this reason could be found Reason Code: 0x800000ff Shutdown Type: restart Comment: Reboot initiated by Ansible 03/31/2021 11:53:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89332 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89363 Keywords=Classic Message=The DNS Server service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89362 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89361 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89360 Keywords=Classic Message=The User Profile Service service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89359 Keywords=Classic Message=The Remote Desktop Services service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89358 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89357 Keywords=Classic Message=The Volume Shadow Copy service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89356 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89355 Keywords=Classic Message=The State Repository Service service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89354 Keywords=Classic Message=The Certificate Propagation service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89353 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89352 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89351 Keywords=Classic Message=The DHCP Client service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=89350 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89349 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89348 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=win-dc-892 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=89347 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89346 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89345 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89344 Keywords=Classic Message=The IPsec Policy Agent service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89343 Keywords=Classic Message=The Diagnostic Policy Service service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89342 Keywords=Classic Message=The Windows Insider Service service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89341 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89340 Keywords=Classic Message=The Windows Time service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89339 Keywords=Classic Message=The Distributed Link Tracking Client service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89338 Keywords=Classic Message=The Remote Desktop Services UserMode Port Redirector service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89337 Keywords=Classic Message=The Plug and Play service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89336 Keywords=Classic Message=The User Access Logging Service service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89335 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89334 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 03/31/2021 11:53:10 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=win-dc-892 TaskCategory=None OpCode=None RecordNumber=89333 Keywords=Classic Message=The Event log service was stopped. 03/31/2021 11:53:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89364 Keywords=Classic Message=The Network Setup Service service entered the stopped state. 03/31/2021 11:53:15 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=103 OpCode=Info RecordNumber=89368 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 03/31/2021 11:53:16 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=2 OpCode=Info RecordNumber=89370 Keywords=None Message=The operating system is shutting down at system time ‎2021‎-‎03‎-‎31T11:53:16.197925300Z. 03/31/2021 11:53:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89369 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the stopped state. 03/31/2021 11:53:39 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89377 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 03/31/2021 11:53:39 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89376 Keywords=None Message=There are 0x1 boot options on this system. 03/31/2021 11:53:39 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=89375 Keywords=None Message=The boot menu policy was 0x0. 03/31/2021 11:53:39 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=89374 Keywords=None Message=The boot type was 0x0. 03/31/2021 11:53:39 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=89373 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 03/31/2021 11:53:39 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89372 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 03/31/2021 11:53:39 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=89371 Keywords=None Message=The operating system started at system time ‎2021‎-‎03‎-‎31T11:53:39.488030900Z. 03/31/2021 11:53:42 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89379 Keywords=None Message=File System Filter 'DfsrRo' (10.0, ‎2016‎-‎07‎-‎16T02:20:37.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:53:42 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89378 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:53:43 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89392 Keywords=None Message=Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:53:43 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89391 Keywords=None Message=Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:53:43 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89390 Keywords=None Message=Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:53:43 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89389 Keywords=None Message=Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:53:43 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89388 Keywords=None Message=Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:53:43 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89387 Keywords=None Message=Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:53:43 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89386 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:53:43 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89385 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 11:53:43 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=89384 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 03/31/2021 11:53:43 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89383 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:53:43 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89382 Keywords=None Message=File System Filter 'DfsDriver' (10.0, ‎2016‎-‎07‎-‎16T02:21:37.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:53:43 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89381 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:53:43 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89380 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 03/31/2021 11:54:02 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89393 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 03/31/2021 11:54:03 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89394 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: . For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 03/31/2021 11:54:04 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16977 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89396 Keywords=None Message=The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. 03/31/2021 11:54:04 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16977 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89395 Keywords=None Message=The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 MinimumPasswordLengthAudit: 0 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89424 Keywords=Classic Message=The Dnscache service entered the running state. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89423 Keywords=Classic Message=The EventLog service entered the running state. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89422 Keywords=Classic Message=The lmhosts service entered the running state. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89421 Keywords=Classic Message=The nsi service entered the running state. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89420 Keywords=Classic Message=The TermService service entered the running state. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89419 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89418 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89417 Keywords=Classic Message=The LSM service entered the running state. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89416 Keywords=Classic Message=The RpcSs service entered the running state. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89415 Keywords=Classic Message=The RpcEptMapper service entered the running state. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89414 Keywords=Classic Message=The DcomLaunch service entered the running state. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89413 Keywords=Classic Message=The Power service entered the running state. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89412 Keywords=Classic Message=The PlugPlay service entered the running state. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16413 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89411 Keywords=None Message=An error occurred when trying to remove the account Network Service from the group Performance Log Users. The problem, "The system cannot find the file specified. ", occurred when trying to remove the account from the group. Please remove the member manually. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89410 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Storage Replica Administrators. Please contact PSS to recover. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89409 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Remote Management Users. Please contact PSS to recover. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89408 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Access Control Assistance Operators. Please contact PSS to recover. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89407 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Hyper-V Administrators. Please contact PSS to recover. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89406 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account RDS Management Servers. Please contact PSS to recover. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89405 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account RDS Endpoint Servers. Please contact PSS to recover. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89404 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account RDS Remote Access Servers. Please contact PSS to recover. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89403 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Certificate Service DCOM Access. Please contact PSS to recover. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89402 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Event Log Readers. Please contact PSS to recover. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16401 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89401 Keywords=None Message=An error occurred when trying to add the account INTERNET USER to the group IIS_IUSRS. The problem, "The specified local group does not exist. ", occurred when trying to open the group. Please add the account manually. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89400 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Cryptographic Operators. Please contact PSS to recover. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89399 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account IIS_IUSRS. Please contact PSS to recover. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89398 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Distributed COM Users. Please contact PSS to recover. 03/31/2021 11:54:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16937 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89397 Keywords=None Message=Secured the machine account . The builtin\account operators full control Access Control Entry was removed from the security descriptor on this object. 03/31/2021 11:54:05 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=None RecordNumber=89367 Keywords=Classic Message=The system uptime is 26 seconds. 03/31/2021 11:54:05 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=None RecordNumber=89366 Keywords=Classic Message=The Event log service was started. 03/31/2021 11:54:05 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=None RecordNumber=89365 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89466 Keywords=Classic Message=The PolicyAgent service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89465 Keywords=Classic Message=The Kdc service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89464 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:10.0.1.14 has been brought up. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=89463 Keywords=None Message=Name resolution for the name isatap.eu-central-1.compute.internal timed out after none of the configured DNS servers responded. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89462 Keywords=Classic Message=The NTDS service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89461 Keywords=Classic Message=The KeyIso service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89460 Keywords=Classic Message=The NetSetupSvc service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89459 Keywords=Classic Message=The UserManager service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89458 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89457 Keywords=Classic Message=The NcaSvc service entered the stopped state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89456 Keywords=Classic Message=The iphlpsvc service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89455 Keywords=Classic Message=The MpsSvc service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89454 Keywords=Classic Message=The SessionEnv service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89453 Keywords=Classic Message=The Schedule service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89452 Keywords=Classic Message=The Winmgmt service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89451 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-TerminalServices-RemoteConnectionManager EventCode=1056 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89450 Keywords=Classic Message=A new self signed certificate to be used for RD Session Host Server authentication on SSL connections was generated. The name on this certificate is win-dc-892.attackrange.local. The SHA1 hash of the certificate is in the event data. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89449 Keywords=Classic Message=The CertPropSvc service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89448 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89447 Keywords=Classic Message=The ShellHWDetection service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89446 Keywords=Classic Message=The FontCache service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89445 Keywords=Classic Message=The Wcmsvc service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89444 Keywords=Classic Message=The NcbService service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89443 Keywords=Classic Message=The BFE service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89442 Keywords=Classic Message=The UmRdpService service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89441 Keywords=Classic Message=The DsmSvc service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89440 Keywords=Classic Message=The netprofm service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=89439 Keywords=None Message=Name resolution for the name _ldap._tcp.dc._msdcs.attackrange.local. timed out after none of the configured DNS servers responded. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89438 Keywords=Classic Message=The gpsvc service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89437 Keywords=Classic Message=The SENS service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89436 Keywords=Classic Message=The ProfSvc service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89435 Keywords=Classic Message=The NlaSvc service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89434 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89433 Keywords=Classic Message=The EventSystem service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89432 Keywords=Classic Message=The Dhcp service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=89431 Keywords=None Message=DHCPv6 client service is started 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89430 Keywords=Classic Message=The Themes service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89429 Keywords=Classic Message=The WPDBusEnum service entered the running state. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=89428 Keywords=None Message=DHCPv4 client service is started 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89427 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89426 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:54:06 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89425 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2021‎-‎01‎-‎07T22:49:16.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:54:07 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=89467 Keywords=None Message=Name resolution for the name _ldap._tcp.dc._msdcs.attackrange.local. timed out after none of the configured DNS servers responded. 03/31/2021 11:54:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89468 Keywords=Classic Message=The wuauserv service entered the running state. 03/31/2021 11:54:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89469 Keywords=Classic Message=The TrustedInstaller service entered the running state. 03/31/2021 11:54:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89474 Keywords=Classic Message=The LanmanServer service entered the running state. 03/31/2021 11:54:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89473 Keywords=Classic Message=The SamSs service entered the running state. 03/31/2021 11:54:14 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16648 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89472 Keywords=None Message=The request for a new account-identifier pool has completed successfully. 03/31/2021 11:54:14 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16647 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89471 Keywords=None Message=The domain controller is starting a request for a new account-identifier pool. 03/31/2021 11:54:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89470 Keywords=Classic Message=The CryptSvc service entered the running state. 03/31/2021 11:54:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89492 Keywords=Classic Message=The ADWS service entered the running state. 03/31/2021 11:54:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89491 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 03/31/2021 11:54:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89490 Keywords=Classic Message=The StateRepository service entered the running state. 03/31/2021 11:54:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89489 Keywords=Classic Message=The WinRM service entered the running state. 03/31/2021 11:54:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89488 Keywords=Classic Message=The WpnService service entered the running state. 03/31/2021 11:54:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89487 Keywords=Classic Message=The EFS service entered the running state. 03/31/2021 11:54:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89486 Keywords=Classic Message=The DFSR service entered the running state. 03/31/2021 11:54:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89485 Keywords=Classic Message=The Dfs service entered the running state. 03/31/2021 11:54:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89484 Keywords=Classic Message=The IsmServ service entered the running state. 03/31/2021 11:54:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89483 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 03/31/2021 11:54:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89482 Keywords=Classic Message=The PcaSvc service entered the running state. 03/31/2021 11:54:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89481 Keywords=Classic Message=The RemoteRegistry service entered the running state. 03/31/2021 11:54:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89480 Keywords=Classic Message=The Spooler service entered the running state. 03/31/2021 11:54:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89479 Keywords=Classic Message=The Netlogon service entered the running state. 03/31/2021 11:54:21 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=Info RecordNumber=89478 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 03/31/2021 11:54:21 AM LogName=System SourceName=NETLOGON EventCode=5823 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=Info RecordNumber=89477 Keywords=Classic Message= The system successfully changed its password on the domain controller . This event is logged when the password for the computer account is changed by the system. It is logged on the computer that changed the password. 03/31/2021 11:54:21 AM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14531 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89476 Keywords=Classic Message=DFS server has finished initializing. 03/31/2021 11:54:21 AM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14533 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89475 Keywords=Classic Message=DFS has finished building all namespaces. 03/31/2021 11:54:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89497 Keywords=Classic Message=The AmazonSSMAgent service entered the running state. 03/31/2021 11:54:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89496 Keywords=Classic Message=The vds service entered the running state. 03/31/2021 11:54:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89495 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 03/31/2021 11:54:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89494 Keywords=Classic Message=The wmiApSrv service entered the running state. 03/31/2021 11:54:22 AM LogName=System SourceName=Virtual Disk Service EventCode=3 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=None RecordNumber=89493 Keywords=Classic Message=Service started. 03/31/2021 11:54:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89498 Keywords=Classic Message=The wmiApSrv service entered the stopped state. 03/31/2021 11:54:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89499 Keywords=Classic Message=The NetSetupSvc service entered the stopped state. 03/31/2021 11:54:25 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=143 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89502 Keywords=None Message=The time service has started advertising as a good time source. 03/31/2021 11:54:25 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=139 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89501 Keywords=None Message=The time service has started advertising as a time source. 03/31/2021 11:54:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89500 Keywords=Classic Message=The Windows Error Reporting Service service entered the running state. 03/31/2021 11:54:33 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10154 EventType=3 Type=Warning ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=Info RecordNumber=89503 Keywords=Classic Message=The WinRM service failed to create the following SPNs: WSMAN/win-dc-892.attackrange.local; WSMAN/win-dc-892. Additional Data The error received was 1355: %%1355. User Action The SPNs can be created by an administrator using setspn.exe utility. 03/31/2021 11:54:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89506 Keywords=Classic Message=The W32Time service entered the running state. 03/31/2021 11:54:38 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=12 EventType=3 Type=Warning ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89505 Keywords=None Message=Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient. 03/31/2021 11:54:38 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=134 EventType=3 Type=Warning ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89504 Keywords=None Message=NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x8'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9) 03/31/2021 11:54:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89507 Keywords=Classic Message=The DNS service entered the running state. 03/31/2021 11:54:45 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89508 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 03/31/2021 11:54:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89509 Keywords=Classic Message=The NetSetupSvc service entered the running state. 03/31/2021 11:54:51 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89510 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 03/31/2021 11:54:54 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=35 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89512 Keywords=None Message=The time service is now synchronizing the system time with the time source time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 03/31/2021 11:54:54 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=144 EventType=3 Type=Warning ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89511 Keywords=None Message=The time service has stopped advertising as a good time source. 03/31/2021 11:54:56 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89513 Keywords=Classic Message=The NetSetupSvc service entered the stopped state. 03/31/2021 11:55:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89514 Keywords=Classic Message=The DsmSvc service entered the stopped state. 03/31/2021 11:56:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89515 Keywords=Classic Message=The WPDBusEnum service entered the stopped state. 03/31/2021 11:56:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89516 Keywords=Classic Message=The TrustedInstaller service entered the stopped state. 03/31/2021 11:56:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89521 Keywords=Classic Message=The sppsvc service entered the running state. 03/31/2021 11:56:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89520 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the running state. 03/31/2021 11:56:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89519 Keywords=Classic Message=The MapsBroker service entered the running state. 03/31/2021 11:56:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89518 Keywords=Classic Message=The DPS service entered the running state. 03/31/2021 11:56:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89517 Keywords=Classic Message=The Connected Devices Platform Service service entered the stopped state. 03/31/2021 11:56:25 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89522 Keywords=Classic Message=The UALSVC service entered the running state. 03/31/2021 11:56:26 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89523 Keywords=Classic Message=The Windows Error Reporting Service service entered the stopped state. 03/31/2021 11:56:33 AM LogName=System SourceName=Microsoft-Windows-TerminalServices-RemoteConnectionManager EventCode=1067 EventType=3 Type=Warning ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89525 Keywords=Classic Message=The RD Session Host server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. . 03/31/2021 11:56:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89524 Keywords=Classic Message=The MapsBroker service entered the stopped state. 03/31/2021 11:56:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89526 Keywords=Classic Message=The sppsvc service entered the stopped state. 03/31/2021 11:57:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89527 Keywords=Classic Message=The UsoSvc service entered the running state. 03/31/2021 11:57:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89528 Keywords=Classic Message=The wisvc service entered the running state. 03/31/2021 11:58:02 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89529 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user ATTACKRANGE\Administrator SID (S-1-5-21-4055678433-3894535204-3898404691-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/31/2021 11:58:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89530 Keywords=Classic Message=The wisvc service entered the stopped state. 03/31/2021 11:58:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89531 Keywords=Classic Message=The msiserver service entered the running state. 03/31/2021 11:58:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89532 Keywords=Classic Message=The WdiSystemHost service entered the running state. 03/31/2021 11:58:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89533 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the stopped state. 03/31/2021 11:58:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89536 Keywords=Classic Message=A service was installed in the system. Service Name: SplunkMonitorNoHandle Service File Name: system32\DRIVERS\SplunkMonitorNoHandleDrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 03/31/2021 11:58:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89535 Keywords=Classic Message=A service was installed in the system. Service Name: splknetdrv Service File Name: \SystemRoot\system32\DRIVERS\splknetdrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 03/31/2021 11:58:15 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89534 Keywords=Classic Message=A service was installed in the system. Service Name: Splunk Trace Kernel Mode Driver Service File Name: \SystemRoot\system32\DRIVERS\splunkdrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 03/31/2021 11:58:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89537 Keywords=Classic Message=A service was installed in the system. Service Name: SplunkForwarder Service Service File Name: "C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 03/31/2021 11:58:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89538 Keywords=Classic Message=The SplunkForwarder Service service entered the running state. 03/31/2021 11:59:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89540 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 03/31/2021 11:59:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89539 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 03/31/2021 11:59:17 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89541 Keywords=Classic Message=The SplunkForwarder Service service entered the running state. 03/31/2021 11:59:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89543 Keywords=Classic Message=The Network Setup Service service entered the running state. 03/31/2021 11:59:33 AM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1129 EventType=2 Type=Error ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89542 Keywords=None Message=The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator. 03/31/2021 11:59:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89544 Keywords=Classic Message=The Windows Modules Installer service entered the running state. 03/31/2021 11:59:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89548 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the running state. 03/31/2021 11:59:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89547 Keywords=Classic Message=The Volume Shadow Copy service entered the running state. 03/31/2021 11:59:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89546 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from auto start to demand start. 03/31/2021 11:59:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89545 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from demand start to auto start. 03/31/2021 11:59:51 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89551 Keywords=None Message=File System Filter 'SysmonDrv' (0.0, ‎2021‎-‎01‎-‎12T18:00:46.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 11:59:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89550 Keywords=Classic Message=A service was installed in the system. Service Name: SysmonDrv Service File Name: C:\Windows\SysmonDrv.sys Service Type: kernel mode driver Service Start Type: boot start Service Account: 03/31/2021 11:59:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89549 Keywords=Classic Message=A service was installed in the system. Service Name: sysmon64 Service File Name: C:\Windows\sysmon64.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 03/31/2021 11:59:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89552 Keywords=Classic Message=The sysmon64 service entered the running state. 03/31/2021 12:00:01 PM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=None RecordNumber=89553 Keywords=Classic Message=The system uptime is 381 seconds. 03/31/2021 12:00:02 PM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89554 Keywords=Classic Message=The process C:\Windows\system32\shutdown.exe (WIN-DC-892) has initiated the restart of computer WIN-DC-892 on behalf of user ATTACKRANGE\Administrator for the following reason: No title for this reason could be found Reason Code: 0x800000ff Shutdown Type: restart Comment: Reboot initiated by Ansible 03/31/2021 12:00:04 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89556 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89592 Keywords=Classic Message=The DNS Server service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89591 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89590 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89589 Keywords=Classic Message=The DFS Replication service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89588 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89587 Keywords=Classic Message=The User Profile Service service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89586 Keywords=Classic Message=The Windows Update service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89585 Keywords=Classic Message=The Remote Desktop Services service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89584 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89583 Keywords=Classic Message=The State Repository Service service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89582 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89581 Keywords=Classic Message=The Volume Shadow Copy service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89580 Keywords=Classic Message=The DHCP Client service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=89579 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=89578 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89577 Keywords=Classic Message=The Virtual Disk service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89576 Keywords=Classic Message=The Certificate Propagation service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89575 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89574 Keywords=Classic Message=The Windows Installer service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89573 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89572 Keywords=Classic Message=The Diagnostic Policy Service service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89571 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89570 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89569 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89568 Keywords=Classic Message=The Diagnostic System Host service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89567 Keywords=Classic Message=The Intersite Messaging service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89566 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89565 Keywords=Classic Message=The Active Directory Web Services service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89564 Keywords=Classic Message=The Windows Time service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89563 Keywords=Classic Message=The IPsec Policy Agent service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89562 Keywords=Classic Message=The Remote Desktop Services UserMode Port Redirector service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=89561 Keywords=Time Message=The system time has changed to ‎2021‎-‎03‎-‎31T12:00:05.426000000Z from ‎2021‎-‎03‎-‎31T12:00:05.426804400Z. Change Reason: An application or system component changed the time. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89560 Keywords=Classic Message=The Plug and Play service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89559 Keywords=Classic Message=The User Access Logging Service service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89558 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89557 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 03/31/2021 12:00:05 PM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=None RecordNumber=89555 Keywords=Classic Message=The Event log service was stopped. 03/31/2021 12:00:06 PM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=89597 Keywords=None Message=Name resolution for the name 255.1.0.10.in-addr.arpa. timed out after none of the configured DNS servers responded. 03/31/2021 12:00:06 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89596 Keywords=Classic Message=The Active Directory Domain Services service entered the stopped state. 03/31/2021 12:00:07 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89599 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 03/31/2021 12:00:07 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89598 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 03/31/2021 12:00:10 PM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=2 OpCode=Info RecordNumber=89601 Keywords=None Message=The operating system is shutting down at system time ‎2021‎-‎03‎-‎31T12:00:10.829932900Z. 03/31/2021 12:00:10 PM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=103 OpCode=Info RecordNumber=89600 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 03/31/2021 12:00:35 PM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89608 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 03/31/2021 12:00:35 PM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89607 Keywords=None Message=There are 0x1 boot options on this system. 03/31/2021 12:00:35 PM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=89606 Keywords=None Message=The boot menu policy was 0x0. 03/31/2021 12:00:35 PM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=89605 Keywords=None Message=The boot type was 0x0. 03/31/2021 12:00:35 PM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=89604 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 03/31/2021 12:00:35 PM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89603 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 03/31/2021 12:00:35 PM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=89602 Keywords=None Message=The operating system started at system time ‎2021‎-‎03‎-‎31T12:00:35.493688600Z. 03/31/2021 12:00:39 PM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89624 Keywords=None Message=Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 12:00:39 PM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89623 Keywords=None Message=Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 12:00:39 PM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89622 Keywords=None Message=Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 12:00:39 PM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89621 Keywords=None Message=Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 12:00:39 PM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89620 Keywords=None Message=Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 12:00:39 PM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89619 Keywords=None Message=Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 12:00:39 PM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89618 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 12:00:39 PM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89617 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/31/2021 12:00:39 PM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=89616 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 03/31/2021 12:00:39 PM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89615 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 12:00:39 PM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89614 Keywords=None Message=File System Filter 'DfsDriver' (10.0, ‎2016‎-‎07‎-‎16T02:21:37.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 12:00:39 PM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89613 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 12:00:39 PM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89612 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 03/31/2021 12:00:39 PM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89611 Keywords=None Message=File System Filter 'SysmonDrv' (0.0, ‎2021‎-‎01‎-‎12T18:00:46.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 12:00:39 PM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89610 Keywords=None Message=File System Filter 'DfsrRo' (10.0, ‎2016‎-‎07‎-‎16T02:20:37.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 12:00:39 PM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89609 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 12:00:42 PM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89626 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: . For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 03/31/2021 12:00:42 PM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89625 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89664 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89663 Keywords=Classic Message=The NcbService service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89662 Keywords=Classic Message=The CertPropSvc service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89661 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89660 Keywords=Classic Message=The BFE service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89659 Keywords=Classic Message=The UmRdpService service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89658 Keywords=Classic Message=The SENS service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89657 Keywords=Classic Message=The netprofm service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89656 Keywords=Classic Message=The gpsvc service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89655 Keywords=Classic Message=The ProfSvc service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=89654 Keywords=None Message=Name resolution for the name _ldap._tcp.dc._msdcs.attackrange.local. timed out after none of the configured DNS servers responded. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89653 Keywords=Classic Message=The EventSystem service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89652 Keywords=Classic Message=The NlaSvc service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89651 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89650 Keywords=Classic Message=The WPDBusEnum service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89649 Keywords=Classic Message=The Themes service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89648 Keywords=Classic Message=The NTDS service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89647 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89646 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89645 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2021‎-‎01‎-‎07T22:49:16.000000000Z) has successfully loaded and registered with Filter Manager. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89644 Keywords=Classic Message=The Dnscache service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89643 Keywords=Classic Message=The Dhcp service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89642 Keywords=Classic Message=The EventLog service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=89641 Keywords=None Message=DHCPv6 client service is started 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89640 Keywords=Classic Message=The lmhosts service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=89639 Keywords=None Message=DHCPv4 client service is started 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89638 Keywords=Classic Message=The nsi service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89637 Keywords=Classic Message=The TermService service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89636 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89635 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89634 Keywords=Classic Message=The LSM service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89633 Keywords=Classic Message=The RpcSs service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89632 Keywords=Classic Message=The RpcEptMapper service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89631 Keywords=Classic Message=The DcomLaunch service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89630 Keywords=Classic Message=The Power service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89629 Keywords=Classic Message=The PlugPlay service entered the running state. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16977 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89628 Keywords=None Message=The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. 03/31/2021 12:00:44 PM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16977 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89627 Keywords=None Message=The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 MinimumPasswordLengthAudit: 0 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. 03/31/2021 12:00:44 PM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=None RecordNumber=89595 Keywords=Classic Message=The system uptime is 9 seconds. 03/31/2021 12:00:44 PM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=None RecordNumber=89594 Keywords=Classic Message=The Event log service was started. 03/31/2021 12:00:44 PM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=None RecordNumber=89593 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 03/31/2021 12:00:45 PM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=89676 Keywords=None Message=Name resolution for the name _ldap._tcp.dc._msdcs.attackrange.local. timed out after none of the configured DNS servers responded. 03/31/2021 12:00:45 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89675 Keywords=Classic Message=The PolicyAgent service entered the running state. 03/31/2021 12:00:45 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89674 Keywords=Classic Message=The Schedule service entered the running state. 03/31/2021 12:00:45 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89673 Keywords=Classic Message=The MpsSvc service entered the running state. 03/31/2021 12:00:45 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89672 Keywords=Classic Message=The SessionEnv service entered the running state. 03/31/2021 12:00:45 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89671 Keywords=Classic Message=The Kdc service entered the running state. 03/31/2021 12:00:45 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89670 Keywords=Classic Message=The ShellHWDetection service entered the running state. 03/31/2021 12:00:45 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89669 Keywords=Classic Message=The FontCache service entered the running state. 03/31/2021 12:00:45 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89668 Keywords=Classic Message=The Winmgmt service entered the running state. 03/31/2021 12:00:45 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89667 Keywords=Classic Message=The Wcmsvc service entered the running state. 03/31/2021 12:00:45 PM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=89666 Keywords=None Message=Name resolution for the name _ldap._tcp.dc._msdcs.attackrange.local. timed out after none of the configured DNS servers responded. 03/31/2021 12:00:45 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89665 Keywords=Classic Message=The DsmSvc service entered the running state. 03/31/2021 12:00:46 PM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89682 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:10.0.1.14 has been brought up. 03/31/2021 12:00:46 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89681 Keywords=Classic Message=The NetSetupSvc service entered the running state. 03/31/2021 12:00:46 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89680 Keywords=Classic Message=The UserManager service entered the running state. 03/31/2021 12:00:46 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89679 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 03/31/2021 12:00:46 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89678 Keywords=Classic Message=The NcaSvc service entered the stopped state. 03/31/2021 12:00:46 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89677 Keywords=Classic Message=The iphlpsvc service entered the running state. 03/31/2021 12:00:48 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89683 Keywords=Classic Message=The CryptSvc service entered the running state. 03/31/2021 12:00:49 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89684 Keywords=Classic Message=The wuauserv service entered the running state. 03/31/2021 12:00:50 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89685 Keywords=Classic Message=The TrustedInstaller service entered the running state. 03/31/2021 12:00:54 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89687 Keywords=Classic Message=The LanmanServer service entered the running state. 03/31/2021 12:00:54 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89686 Keywords=Classic Message=The SamSs service entered the running state. 03/31/2021 12:01:00 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89692 Keywords=Classic Message=The Netlogon service entered the running state. 03/31/2021 12:01:01 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89708 Keywords=Classic Message=The ADWS service entered the running state. 03/31/2021 12:01:01 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89707 Keywords=Classic Message=The vds service entered the running state. 03/31/2021 12:01:01 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89706 Keywords=Classic Message=The sysmon64 service entered the running state. 03/31/2021 12:01:01 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89705 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 03/31/2021 12:01:01 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89704 Keywords=Classic Message=The StateRepository service entered the running state. 03/31/2021 12:01:01 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89703 Keywords=Classic Message=The WpnService service entered the running state. 03/31/2021 12:01:01 PM LogName=System SourceName=Virtual Disk Service EventCode=3 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=None RecordNumber=89702 Keywords=Classic Message=Service started. 03/31/2021 12:01:01 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89701 Keywords=Classic Message=The WinRM service entered the running state. 03/31/2021 12:01:01 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89700 Keywords=Classic Message=The DFSR service entered the running state. 03/31/2021 12:01:01 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89699 Keywords=Classic Message=The Dfs service entered the running state. 03/31/2021 12:01:01 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89698 Keywords=Classic Message=The IsmServ service entered the running state. 03/31/2021 12:01:01 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89697 Keywords=Classic Message=The EFS service entered the running state. 03/31/2021 12:01:01 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89696 Keywords=Classic Message=The PcaSvc service entered the running state. 03/31/2021 12:01:01 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89695 Keywords=Classic Message=The RemoteRegistry service entered the running state. 03/31/2021 12:01:01 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89694 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 03/31/2021 12:01:01 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89693 Keywords=Classic Message=The Spooler service entered the running state. 03/31/2021 12:01:01 PM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10154 EventType=3 Type=Warning ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=Info RecordNumber=89691 Keywords=Classic Message=The WinRM service failed to create the following SPNs: WSMAN/win-dc-892.attackrange.local; WSMAN/win-dc-892. Additional Data The error received was 10054: %%10054. User Action The SPNs can be created by an administrator using setspn.exe utility. 03/31/2021 12:01:01 PM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14531 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89690 Keywords=Classic Message=DFS server has finished initializing. 03/31/2021 12:01:01 PM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=Info RecordNumber=89689 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 03/31/2021 12:01:01 PM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14533 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89688 Keywords=Classic Message=DFS has finished building all namespaces. 03/31/2021 12:01:02 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89710 Keywords=Classic Message=The AmazonSSMAgent service entered the running state. 03/31/2021 12:01:02 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89709 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 03/31/2021 12:01:03 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89711 Keywords=Classic Message=The NetSetupSvc service entered the stopped state. 03/31/2021 12:01:04 PM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=143 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89713 Keywords=None Message=The time service has started advertising as a good time source. 03/31/2021 12:01:04 PM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=139 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89712 Keywords=None Message=The time service has started advertising as a time source. 03/31/2021 12:01:07 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89714 Keywords=Classic Message=The SplunkForwarder service entered the running state. 03/31/2021 12:01:14 PM LogName=System SourceName=Microsoft-Windows-LSA EventCode=6038 EventType=3 Type=Warning ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=Info RecordNumber=89715 Keywords=Classic Message=Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server. NTLM is a weaker authentication mechanism. Please check: Which applications are using NTLM authentication? Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication? If NTLM must be supported, is Extended Protection configured? Details on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699. 03/31/2021 12:01:16 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89718 Keywords=Classic Message=The W32Time service entered the running state. 03/31/2021 12:01:16 PM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=12 EventType=3 Type=Warning ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89717 Keywords=None Message=Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient. 03/31/2021 12:01:16 PM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=134 EventType=3 Type=Warning ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89716 Keywords=None Message=NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x8'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9) 03/31/2021 12:01:24 PM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89722 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user ATTACKRANGE\Administrator SID (S-1-5-21-4055678433-3894535204-3898404691-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/31/2021 12:01:24 PM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=89721 Keywords=None Message=Name resolution for the name attackrange.local timed out after none of the configured DNS servers responded. 03/31/2021 12:01:24 PM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=134 EventType=3 Type=Warning ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89720 Keywords=None Message=NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x8'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9) 03/31/2021 12:01:24 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89719 Keywords=Classic Message=The DNS service entered the running state. 03/31/2021 12:01:25 PM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=89728 Keywords=None Message=Name resolution for the name 12.1.0.10.in-addr.arpa. timed out after none of the configured DNS servers responded. 03/31/2021 12:01:25 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89727 Keywords=Classic Message=The NetSetupSvc service entered the running state. 03/31/2021 12:01:25 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89726 Keywords=Classic Message=The NcaSvc service entered the stopped state. 03/31/2021 12:01:25 PM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1502 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Start RecordNumber=89725 Keywords=None Message=The Group Policy settings for the computer were processed successfully. New settings from 2 Group Policy objects were detected and applied. 03/31/2021 12:01:25 PM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16977 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89724 Keywords=None Message=The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 7 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. 03/31/2021 12:01:25 PM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16977 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89723 Keywords=None Message=The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 7 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. 03/31/2021 12:01:27 PM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89729 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user ATTACKRANGE\Administrator SID (S-1-5-21-4055678433-3894535204-3898404691-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/31/2021 12:01:40 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89730 Keywords=Classic Message=The DsmSvc service entered the stopped state. 03/31/2021 12:02:05 PM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=35 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89734 Keywords=None Message=The time service is now synchronizing the system time with the time source time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 03/31/2021 12:02:05 PM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=144 EventType=3 Type=Warning ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89733 Keywords=None Message=The time service has stopped advertising as a good time source. 03/31/2021 12:02:05 PM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89732 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 03/31/2021 12:02:05 PM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=12 EventType=3 Type=Warning ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89731 Keywords=None Message=Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient. 03/31/2021 12:02:09 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89735 Keywords=Classic Message=The Device Setup Manager service entered the running state. 03/31/2021 12:02:11 PM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1501 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Start RecordNumber=89738 Keywords=None Message=The Group Policy settings for the user were processed successfully. There were no changes detected since the last successful processing of Group Policy. 03/31/2021 12:02:11 PM LogName=System SourceName=Microsoft-Windows-Winlogon EventCode=7001 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1101 OpCode=Info RecordNumber=89737 Keywords=None Message=User Logon Notification for Customer Experience Improvement Program 03/31/2021 12:02:11 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89736 Keywords=Classic Message=The ScDeviceEnum service entered the running state. 03/31/2021 12:02:12 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89744 Keywords=Classic Message=The NcaSvc service entered the stopped state. 03/31/2021 12:02:12 PM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1502 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Start RecordNumber=89743 Keywords=None Message=The Group Policy settings for the computer were processed successfully. New settings from 2 Group Policy objects were detected and applied. 03/31/2021 12:02:12 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89742 Keywords=Classic Message=The start type of the Encrypting File System (EFS) service was changed from auto start to demand start. 03/31/2021 12:02:12 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89741 Keywords=Classic Message=The CDPUserSvc_b6adb service entered the running state. 03/31/2021 12:02:12 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89740 Keywords=Classic Message=The NgcCtnrSvc service entered the running state. 03/31/2021 12:02:12 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89739 Keywords=Classic Message=The NgcSvc service entered the running state. 03/31/2021 12:02:14 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89747 Keywords=Classic Message=The ClipSVC service entered the running state. 03/31/2021 12:02:14 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89746 Keywords=Classic Message=The AppXSvc service entered the running state. 03/31/2021 12:02:14 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89745 Keywords=Classic Message=The AppReadiness service entered the running state. 03/31/2021 12:02:16 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89748 Keywords=Classic Message=The Connected Devices Platform Service service entered the stopped state. 03/31/2021 12:02:25 PM LogName=System SourceName=Lfsvc EventCode=2 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=Info RecordNumber=89749 Keywords=Classic Message=Geolocation positioning has been disabled by the user. 03/31/2021 12:02:26 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89750 Keywords=Classic Message=The lfsvc service entered the running state. 03/31/2021 12:02:29 PM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89752 Keywords=None Message=The access history in hive \??\C:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. 03/31/2021 12:02:29 PM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-4055678433-3894535204-3898404691-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89751 Keywords=None Message=The access history in hive \??\C:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. 03/31/2021 12:02:33 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89754 Keywords=Classic Message=The KeyIso service entered the running state. 03/31/2021 12:02:33 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89753 Keywords=Classic Message=The wlidsvc service entered the running state. 03/31/2021 12:02:52 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89756 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 03/31/2021 12:02:52 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89755 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 03/31/2021 12:03:00 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89757 Keywords=Classic Message=The SplunkForwarder Service service entered the running state. 03/31/2021 12:03:02 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89761 Keywords=Classic Message=The MapsBroker service entered the running state. 03/31/2021 12:03:02 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89760 Keywords=Classic Message=The WdiSystemHost service entered the running state. 03/31/2021 12:03:02 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89759 Keywords=Classic Message=The DPS service entered the running state. 03/31/2021 12:03:02 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89758 Keywords=Classic Message=The Connected Devices Platform Service service entered the running state. 03/31/2021 12:03:03 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89764 Keywords=Classic Message=The Software Protection service entered the running state. 03/31/2021 12:03:03 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89763 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the running state. 03/31/2021 12:03:03 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89762 Keywords=Classic Message=A service was installed in the system. Service Name: npf Service File Name: C:/Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\npf.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 03/31/2021 12:03:05 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89765 Keywords=Classic Message=The User Access Logging Service service entered the running state. 03/31/2021 12:03:06 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89767 Keywords=Classic Message=The Credential Manager service entered the running state. 03/31/2021 12:03:06 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89766 Keywords=Classic Message=The Sync Host_b6adb service entered the running state. 03/31/2021 12:03:09 PM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89768 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 03/31/2021 12:03:12 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89769 Keywords=Classic Message=The Downloaded Maps Manager service entered the stopped state. 03/31/2021 12:03:35 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89770 Keywords=Classic Message=The Software Protection service entered the stopped state. 03/31/2021 12:03:37 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89771 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 03/31/2021 12:03:45 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89772 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the running state. 03/31/2021 12:03:46 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89773 Keywords=Classic Message=The Windows Insider Service service entered the running state. 03/31/2021 12:03:47 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89774 Keywords=Classic Message=The Network Setup Service service entered the stopped state. 03/31/2021 12:04:11 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89775 Keywords=Classic Message=The Microsoft Passport service entered the stopped state. 03/31/2021 12:04:12 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89776 Keywords=Classic Message=The Portable Device Enumerator Service service entered the stopped state. 03/31/2021 12:04:39 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89778 Keywords=Classic Message=The IKE and AuthIP IPsec Keying Modules service entered the running state. 03/31/2021 12:04:39 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89777 Keywords=Classic Message=The start type of the IKE and AuthIP IPsec Keying Modules service was changed from demand start to auto start. 03/31/2021 12:04:46 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89779 Keywords=Classic Message=The Windows Insider Service service entered the stopped state. 03/31/2021 12:04:51 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89780 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the stopped state. 03/31/2021 12:04:53 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89781 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 03/31/2021 12:05:33 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89782 Keywords=Classic Message=The Microsoft Account Sign-in Assistant service entered the stopped state. 03/31/2021 12:07:18 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89784 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the stopped state. 03/31/2021 12:07:18 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89783 Keywords=Classic Message=The Client License Service (ClipSVC) service entered the stopped state. 03/31/2021 12:11:00 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-892.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89785 Keywords=Classic Message=The Remote Registry service entered the stopped state.