03/16/2021 07:32:52 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88699 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 03/16/2021 07:32:52 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88698 Keywords=None Message=There are 0x1 boot options on this system. 03/16/2021 07:32:52 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=88697 Keywords=None Message=The boot menu policy was 0x0. 03/16/2021 07:32:52 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=88696 Keywords=None Message=The boot type was 0x0. 03/16/2021 07:32:52 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=88695 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 03/16/2021 07:32:52 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88694 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 03/16/2021 07:32:52 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=88693 Keywords=None Message=The operating system started at system time ‎2021‎-‎03‎-‎16T07:32:52.494536000Z. 03/16/2021 07:32:57 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88702 Keywords=None Message=Volume \\?\Volume{69825a4f-0000-0000-0000-100000000000} (\Device\HarddiskVolume1) is healthy. No action is needed. 03/16/2021 07:32:57 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88701 Keywords=None Message=File System Filter 'WdFilter' (10.0, ‎2096‎-‎03‎-‎30T23:06:20.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 07:32:57 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88700 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 07:33:10 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=88705 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 03/16/2021 07:33:10 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88704 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 07:33:10 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88703 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 07:33:11 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=88707 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 07:33:11 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=88706 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 07:33:33 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88708 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 03/16/2021 07:33:36 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88716 Keywords=Classic Message=The LSM service entered the running state. 03/16/2021 07:33:36 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88715 Keywords=Classic Message=The RpcSs service entered the running state. 03/16/2021 07:33:36 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88714 Keywords=Classic Message=The RpcEptMapper service entered the running state. 03/16/2021 07:33:36 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88713 Keywords=Classic Message=The DcomLaunch service entered the running state. 03/16/2021 07:33:36 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88712 Keywords=Classic Message=The Power service entered the running state. 03/16/2021 07:33:36 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88711 Keywords=Classic Message=The PlugPlay service entered the running state. 03/16/2021 07:33:36 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16977 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88710 Keywords=None Message=The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. 03/16/2021 07:33:36 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88709 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 03/16/2021 07:33:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88720 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 03/16/2021 07:33:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88719 Keywords=Classic Message=The DeviceInstall service entered the running state. 03/16/2021 07:33:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88718 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 03/16/2021 07:33:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88717 Keywords=Classic Message=The sppsvc service entered the running state. 03/16/2021 07:33:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88724 Keywords=Classic Message=The AppXSvc service entered the running state. 03/16/2021 07:33:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88723 Keywords=Classic Message=The StateRepository service entered the running state. 03/16/2021 07:33:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88722 Keywords=Classic Message=The NetSetupSvc service entered the running state. 03/16/2021 07:33:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88721 Keywords=Classic Message=The dmwappushservice service entered the running state. 03/16/2021 07:33:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88725 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88752 Keywords=Classic Message=The SamSs service entered the running state. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88751 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88750 Keywords=Classic Message=The BFE service entered the running state. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88749 Keywords=Classic Message=The ProfSvc service entered the running state. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88748 Keywords=Classic Message=The SENS service entered the running state. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88747 Keywords=Classic Message=The FontCache service entered the running state. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88746 Keywords=Classic Message=The ShellHWDetection service entered the running state. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7023 EventType=2 Type=Error ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88745 Keywords=Classic Message=The netprofm service terminated with the following error: The device is not ready. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88744 Keywords=Classic Message=The netprofm service entered the stopped state. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88743 Keywords=Classic Message=The Wcmsvc service entered the running state. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88742 Keywords=Classic Message=The NlaSvc service entered the running state. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88741 Keywords=Classic Message=The Dnscache service entered the running state. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88740 Keywords=Classic Message=The gpsvc service entered the running state. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88739 Keywords=Classic Message=The Themes service entered the running state. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88738 Keywords=Classic Message=The Dhcp service entered the running state. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=88737 Keywords=None Message=DHCPv6 client service is started 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88736 Keywords=Classic Message=The EventSystem service entered the running state. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=88735 Keywords=None Message=DHCPv4 client service is started 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88733 Keywords=Classic Message=The nsi service entered the running state. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88732 Keywords=Classic Message=The EventLog service entered the running state. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88731 Keywords=Classic Message=The WPDBusEnum service entered the running state. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88730 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88729 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2021‎-‎01‎-‎07T22:49:16.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88728 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88727 Keywords=Classic Message=The DsmSvc service entered the running state. 03/16/2021 07:33:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88726 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 03/16/2021 07:33:43 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=None RecordNumber=88689 Keywords=Classic Message=The Event log service was started. 03/16/2021 07:33:43 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=None RecordNumber=88688 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 03/16/2021 07:33:43 AM LogName=System SourceName=EventLog EventCode=6011 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=None RecordNumber=88687 Keywords=Classic Message=The NetBIOS name and DNS host name of this machine have been changed from EC2AMAZ-4AGFDD4 to WIN-VT1OGARL9FP. 03/16/2021 07:33:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7023 EventType=2 Type=Error ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88771 Keywords=Classic Message=The IP Helper service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 03/16/2021 07:33:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88770 Keywords=Classic Message=The iphlpsvc service entered the stopped state. 03/16/2021 07:33:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88769 Keywords=Classic Message=The WpnService service entered the running state. 03/16/2021 07:33:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88768 Keywords=Classic Message=The WinDefend service entered the running state. 03/16/2021 07:33:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88767 Keywords=Classic Message=The Schedule service entered the running state. 03/16/2021 07:33:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88766 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 03/16/2021 07:33:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88765 Keywords=Classic Message=The LanmanServer service entered the running state. 03/16/2021 07:33:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88764 Keywords=Classic Message=The WinRM service entered the running state. 03/16/2021 07:33:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88763 Keywords=Classic Message=The UserManager service entered the running state. 03/16/2021 07:33:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88762 Keywords=Classic Message=The Winmgmt service entered the running state. 03/16/2021 07:33:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88761 Keywords=Classic Message=The W32Time service entered the running state. 03/16/2021 07:33:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88760 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 03/16/2021 07:33:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88759 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 03/16/2021 07:33:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88758 Keywords=Classic Message=The MpsSvc service entered the running state. 03/16/2021 07:33:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88757 Keywords=Classic Message=The RemoteRegistry service entered the running state. 03/16/2021 07:33:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88756 Keywords=Classic Message=The TrkWks service entered the running state. 03/16/2021 07:33:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88755 Keywords=Classic Message=The PcaSvc service entered the running state. 03/16/2021 07:33:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88754 Keywords=Classic Message=The CryptSvc service entered the running state. 03/16/2021 07:33:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88753 Keywords=Classic Message=The Spooler service entered the running state. 03/16/2021 07:33:44 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=Info RecordNumber=88734 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 03/16/2021 07:33:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88772 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 03/16/2021 07:33:46 AM LogName=System SourceName=Microsoft-Windows-UserPnp EventCode=20003 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=7005 OpCode=Info RecordNumber=88773 Keywords=None Message=Driver Management has concluded the process to add Service vxn for Device Instance ID PCI\VEN_8086&DEV_10ED&SUBSYS_00000000&REV_01\3&267A616A&2&18 with the following status: 0. 03/16/2021 07:33:47 AM LogName=System SourceName=Microsoft-Windows-UserPnp EventCode=20001 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=7005 OpCode=Info RecordNumber=88774 Keywords=None Message=Driver Management concluded the process to install driver vxn65x64.inf_amd64_c69f09961e9fb531\vxn65x64.inf for Device Instance ID PCI\VEN_8086&DEV_10ED&SUBSYS_00000000&REV_01\3&267A616A&2&18 with the following status: 0x0. 03/16/2021 07:33:48 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88775 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/16/2021 07:33:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88784 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/16/2021 07:33:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88783 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.AssignedAccessLockApp_1000.14393.2068.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/16/2021 07:33:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88782 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Apprep.ChxApp_1000.14393.2969.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/16/2021 07:33:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88781 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.LockApp_10.0.14393.2068_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/16/2021 07:33:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88780 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.BioEnrollment_10.0.14393.0_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/16/2021 07:33:49 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88779 Keywords=Classic Message=The TCP/IP NetBIOS Helper service entered the running state. 03/16/2021 07:33:49 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88778 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 03/16/2021 07:33:49 AM LogName=System SourceName=vxn EventCode=31 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=None RecordNumber=88777 Keywords=Classic Message=Intel(R) 82599 Virtual Function Network link has been established at 10Gbps full duplex. 03/16/2021 07:33:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88776 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.AccountsControl_10.0.14393.2068_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/16/2021 07:33:50 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88788 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/16/2021 07:33:50 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88787 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.2068_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/16/2021 07:33:50 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88786 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.SecondaryTileExperience_10.0.0.0_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/16/2021 07:33:50 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88785 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/16/2021 07:33:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88792 Keywords=Classic Message=The Windows Defender Network Inspection Service service entered the running state. 03/16/2021 07:33:51 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88791 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Windows.PrintDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/16/2021 07:33:51 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88790 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Windows.MiracastView_6.3.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/16/2021 07:33:51 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88789 Keywords=None Message=The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. 03/16/2021 07:34:12 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=88794 Keywords=Time Message=The system time has changed to ‎2021‎-‎03‎-‎16T07:34:12.395000000Z from ‎2021‎-‎03‎-‎16T07:34:12.405446600Z. Change Reason: An application or system component changed the time. 03/16/2021 07:34:12 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=88793 Keywords=Time Message=The system time has changed to ‎2021‎-‎03‎-‎16T07:34:12.395366800Z from ‎2021‎-‎03‎-‎16T07:34:12.395366800Z. Change Reason: System time adjusted to the new time zone. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88826 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88825 Keywords=Classic Message=The State Repository Service service entered the stopped state. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88824 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88823 Keywords=Classic Message=The Windows Defender Service service entered the stopped state. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88818 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88817 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88816 Keywords=Classic Message=The DHCP Client service entered the stopped state. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=88815 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88814 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88813 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88812 Keywords=Classic Message=The User Profile Service service entered the stopped state. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88811 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=88810 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88809 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88808 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the stopped state. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88807 Keywords=Classic Message=The Distributed Link Tracking Client service entered the stopped state. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88806 Keywords=Classic Message=The Device Install Service service entered the stopped state. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88805 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88804 Keywords=Classic Message=The Software Protection service entered the stopped state. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88803 Keywords=Classic Message=The Windows Time service entered the stopped state. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88802 Keywords=Classic Message=The Plug and Play service entered the stopped state. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88801 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88800 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88799 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 03/16/2021 07:34:18 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88798 Keywords=Classic Message=The process C:\Windows\system32\winlogon.exe (EC2AMAZ-4AGFDD4) has initiated the restart of computer WIN-VT1OGARL9FP on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Upgrade (Planned) Reason Code: 0x80020003 Shutdown Type: restart Comment: 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Setup EventCode=2004 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=OS information OpCode=Info RecordNumber=88797 Keywords=None Message=Successfully logged OS information 03/16/2021 07:34:18 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=None RecordNumber=88796 Keywords=Classic Message=The Event log service was stopped. 03/16/2021 07:34:18 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10149 EventType=3 Type=Warning ComputerName=EC2AMAZ-4AGFDD4 TaskCategory=None OpCode=Info RecordNumber=88795 Keywords=Classic Message=The WinRM service is not listening for WS-Management requests. User Action If you did not intentionally stop the service, use the following command to see the WinRM configuration: winrm enumerate winrm/config/listener 03/16/2021 07:34:19 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=103 OpCode=Info RecordNumber=88827 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 03/16/2021 07:34:20 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=2 OpCode=Info RecordNumber=88828 Keywords=None Message=The operating system is shutting down at system time ‎2021‎-‎03‎-‎16T07:34:20.988212500Z. 03/16/2021 07:34:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88835 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 03/16/2021 07:34:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88834 Keywords=None Message=There are 0x1 boot options on this system. 03/16/2021 07:34:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=88833 Keywords=None Message=The boot menu policy was 0x0. 03/16/2021 07:34:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=88832 Keywords=None Message=The boot type was 0x0. 03/16/2021 07:34:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=88831 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 03/16/2021 07:34:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88830 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 03/16/2021 07:34:49 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=88829 Keywords=None Message=The operating system started at system time ‎2021‎-‎03‎-‎16T07:34:49.490950800Z. 03/16/2021 07:34:53 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=88843 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 07:34:53 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=88842 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2300 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 07:34:53 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=88841 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 03/16/2021 07:34:53 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88840 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 07:34:53 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88839 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 07:34:53 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88838 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 03/16/2021 07:34:53 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88837 Keywords=None Message=File System Filter 'WdFilter' (10.0, ‎2096‎-‎03‎-‎30T23:06:20.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 07:34:53 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88836 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 07:34:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88853 Keywords=Classic Message=The LSM service entered the running state. 03/16/2021 07:34:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88852 Keywords=Classic Message=The RpcSs service entered the running state. 03/16/2021 07:34:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88851 Keywords=Classic Message=The RpcEptMapper service entered the running state. 03/16/2021 07:34:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88850 Keywords=Classic Message=The DcomLaunch service entered the running state. 03/16/2021 07:34:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88849 Keywords=Classic Message=The Power service entered the running state. 03/16/2021 07:34:55 AM LogName=System SourceName=vxn EventCode=31 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=None RecordNumber=88848 Keywords=Classic Message=Intel(R) 82599 Virtual Function Network link has been established at 10Gbps full duplex. 03/16/2021 07:34:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88847 Keywords=Classic Message=The PlugPlay service entered the running state. 03/16/2021 07:34:55 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16977 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88846 Keywords=None Message=The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. 03/16/2021 07:34:55 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88845 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 03/16/2021 07:34:55 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88844 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 03/16/2021 07:34:56 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88862 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 03/16/2021 07:34:56 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88861 Keywords=Classic Message=The AppXSvc service entered the running state. 03/16/2021 07:34:56 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88860 Keywords=Classic Message=The StateRepository service entered the running state. 03/16/2021 07:34:56 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88859 Keywords=Classic Message=The dmwappushservice service entered the running state. 03/16/2021 07:34:56 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88858 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 03/16/2021 07:34:56 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88857 Keywords=Classic Message=The NetSetupSvc service entered the running state. 03/16/2021 07:34:56 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88856 Keywords=Classic Message=The DeviceInstall service entered the running state. 03/16/2021 07:34:56 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88855 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 03/16/2021 07:34:56 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88854 Keywords=Classic Message=The sppsvc service entered the running state. 03/16/2021 07:35:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88865 Keywords=Classic Message=The CryptSvc service entered the running state. 03/16/2021 07:35:01 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=88864 Keywords=Time Message=The system time has changed to ‎2021‎-‎03‎-‎16T07:35:01.372000000Z from ‎2021‎-‎03‎-‎16T07:35:01.386500300Z. Change Reason: An application or system component changed the time. 03/16/2021 07:35:01 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=88863 Keywords=Time Message=The system time has changed to ‎2021‎-‎03‎-‎16T07:35:01.372534800Z from ‎2021‎-‎03‎-‎16T07:35:01.372534800Z. Change Reason: System time adjusted to the new time zone. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88895 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88894 Keywords=Classic Message=The UserManager service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88893 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88892 Keywords=Classic Message=The Wcmsvc service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88891 Keywords=Classic Message=The FontCache service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88890 Keywords=Classic Message=The ShellHWDetection service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88889 Keywords=Classic Message=The ProfSvc service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88888 Keywords=Classic Message=The Schedule service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88887 Keywords=Classic Message=The SENS service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88886 Keywords=Classic Message=The gpsvc service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88885 Keywords=Classic Message=The EventSystem service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88884 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88883 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88882 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88881 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2021‎-‎01‎-‎07T22:49:16.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88880 Keywords=Classic Message=The WPDBusEnum service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88879 Keywords=Classic Message=The NcbService service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88878 Keywords=Classic Message=The DsmSvc service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88877 Keywords=Classic Message=The Themes service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88876 Keywords=Classic Message=The netprofm service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88875 Keywords=Classic Message=The Dnscache service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88874 Keywords=Classic Message=The lmhosts service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88873 Keywords=Classic Message=The NlaSvc service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88872 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88871 Keywords=Classic Message=The Dhcp service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=88870 Keywords=None Message=DHCPv6 client service is started 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=88869 Keywords=None Message=DHCPv4 client service is started 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88868 Keywords=Classic Message=The nsi service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88867 Keywords=Classic Message=The EventLog service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88866 Keywords=Classic Message=The W32Time service entered the running state. 03/16/2021 07:35:03 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=None RecordNumber=88822 Keywords=Classic Message=The system uptime is 13 seconds. 03/16/2021 07:35:03 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=None RecordNumber=88821 Keywords=Classic Message=The Event log service was started. 03/16/2021 07:35:03 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=None RecordNumber=88820 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 03/16/2021 07:35:03 AM LogName=System SourceName=EventLog EventCode=6011 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=None RecordNumber=88819 Keywords=Classic Message=The NetBIOS name and DNS host name of this machine have been changed from WIN-VT1OGARL9FP to EC2AMAZ-4COQ7T5. 03/16/2021 07:35:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88911 Keywords=Classic Message=The WinDefend service entered the running state. 03/16/2021 07:35:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88910 Keywords=Classic Message=The iphlpsvc service entered the running state. 03/16/2021 07:35:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88909 Keywords=Classic Message=The LanmanServer service entered the running state. 03/16/2021 07:35:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88908 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 03/16/2021 07:35:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88907 Keywords=Classic Message=The WpnService service entered the running state. 03/16/2021 07:35:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88906 Keywords=Classic Message=The WinRM service entered the running state. 03/16/2021 07:35:04 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=Info RecordNumber=88905 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 03/16/2021 07:35:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88904 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 03/16/2021 07:35:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88903 Keywords=Classic Message=The Winmgmt service entered the running state. 03/16/2021 07:35:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88902 Keywords=Classic Message=The TrkWks service entered the running state. 03/16/2021 07:35:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88901 Keywords=Classic Message=The PcaSvc service entered the running state. 03/16/2021 07:35:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88900 Keywords=Classic Message=The RemoteRegistry service entered the running state. 03/16/2021 07:35:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88899 Keywords=Classic Message=The Spooler service entered the running state. 03/16/2021 07:35:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88898 Keywords=Classic Message=The SamSs service entered the running state. 03/16/2021 07:35:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88897 Keywords=Classic Message=The MpsSvc service entered the running state. 03/16/2021 07:35:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88896 Keywords=Classic Message=The BFE service entered the running state. 03/16/2021 07:35:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88917 Keywords=Classic Message=The DmEnrollmentSvc service entered the running state. 03/16/2021 07:35:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88916 Keywords=Classic Message=The wlidsvc service entered the running state. 03/16/2021 07:35:05 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=88915 Keywords=Time Message=The system time has changed to ‎2021‎-‎03‎-‎16T07:35:05.719074500Z from ‎2021‎-‎03‎-‎16T07:35:05.719074500Z. Change Reason: System time adjusted to the new time zone. 03/16/2021 07:35:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88914 Keywords=Classic Message=The AppReadiness service entered the running state. 03/16/2021 07:35:05 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=35 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88913 Keywords=None Message=The time service is now synchronizing the system time with the time source 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 03/16/2021 07:35:05 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88912 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 03/16/2021 07:35:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88919 Keywords=Classic Message=The TermService service entered the running state. 03/16/2021 07:35:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88918 Keywords=Classic Message=The DmEnrollmentSvc service entered the stopped state. 03/16/2021 07:35:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88923 Keywords=Classic Message=The SessionEnv service entered the running state. 03/16/2021 07:35:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88922 Keywords=Classic Message=The CertPropSvc service entered the running state. 03/16/2021 07:35:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88921 Keywords=Classic Message=The UmRdpService service entered the running state. 03/16/2021 07:35:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88920 Keywords=Classic Message=The WdNisSvc service entered the running state. 03/16/2021 07:35:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88926 Keywords=Classic Message=The KeyIso service entered the running state. 03/16/2021 07:35:08 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88925 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:172.31.37.169 has been brought up. 03/16/2021 07:35:08 AM LogName=System SourceName=Microsoft-Windows-TerminalServices-RemoteConnectionManager EventCode=1056 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88924 Keywords=Classic Message=A new self signed certificate to be used for RD Session Host Server authentication on SSL connections was generated. The name on this certificate is EC2AMAZ-4COQ7T5. The SHA1 hash of the certificate is in the event data. 03/16/2021 07:35:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88927 Keywords=Classic Message=The wuauserv service entered the running state. 03/16/2021 07:35:11 AM LogName=System SourceName=Microsoft-Windows-TPM-WMI EventCode=1282 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88929 Keywords=None Message=The TBS device identifier has been generated. 03/16/2021 07:35:11 AM LogName=System SourceName=Microsoft-Windows-TPM-WMI EventCode=1281 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88928 Keywords=None Message=This event triggers the TBS device identifier generation. 03/16/2021 07:35:17 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88930 Keywords=Classic Message=The TrustedInstaller service entered the running state. 03/16/2021 07:35:20 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88932 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 03/16/2021 07:35:20 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=88931 Keywords=Time Message=The system time has changed to ‎2021‎-‎03‎-‎16T07:35:20.676000000Z from ‎2021‎-‎03‎-‎16T07:35:20.683223200Z. Change Reason: An application or system component changed the time. 03/16/2021 07:35:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88934 Keywords=Classic Message=The vds service entered the running state. 03/16/2021 07:35:30 AM LogName=System SourceName=Virtual Disk Service EventCode=3 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=None RecordNumber=88933 Keywords=Classic Message=Service started. 03/16/2021 07:35:34 AM LogName=System SourceName=Microsoft-Windows-UserModePowerService EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=10 OpCode=Info RecordNumber=88935 Keywords=None Message=Process C:\Windows\System32\powercfg.exe (process ID:3164) reset policy scheme from {8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C} to {8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C} 03/16/2021 07:35:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88936 Keywords=Classic Message=The start type of the Amazon SSM Agent service was changed from disabled to auto start. 03/16/2021 07:35:46 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88937 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-4COQ7T5\Administrator SID (S-1-5-21-3730028101-1805993102-2296611634-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/16/2021 07:35:49 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88938 Keywords=Classic Message=The start type of the Amazon SSM Agent service was changed from auto start to disabled. 03/16/2021 07:35:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88961 Keywords=Classic Message=The State Repository Service service entered the stopped state. 03/16/2021 07:35:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88960 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 03/16/2021 07:35:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88959 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 03/16/2021 07:35:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88958 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 03/16/2021 07:35:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88956 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 03/16/2021 07:35:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88955 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the stopped state. 03/16/2021 07:35:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88954 Keywords=Classic Message=The Software Protection service entered the stopped state. 03/16/2021 07:35:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88953 Keywords=Classic Message=The Device Install Service service entered the stopped state. 03/16/2021 07:35:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88952 Keywords=Classic Message=The Distributed Link Tracking Client service entered the stopped state. 03/16/2021 07:35:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88951 Keywords=Classic Message=The Remote Desktop Services UserMode Port Redirector service entered the stopped state. 03/16/2021 07:35:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88950 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 03/16/2021 07:35:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88949 Keywords=Classic Message=The Plug and Play service entered the stopped state. 03/16/2021 07:35:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88948 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 03/16/2021 07:35:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88947 Keywords=Classic Message=The Windows Time service entered the stopped state. 03/16/2021 07:35:50 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=88946 Keywords=Time Message=The system time has changed to ‎2021‎-‎03‎-‎16T07:35:50.865000000Z from ‎2021‎-‎03‎-‎16T07:35:50.876276600Z. Change Reason: An application or system component changed the time. 03/16/2021 07:35:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7023 EventType=2 Type=Error ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88945 Keywords=Classic Message=The Tile Data model server service terminated with the following error: A system shutdown is in progress. 03/16/2021 07:35:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88944 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 03/16/2021 07:35:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88943 Keywords=Classic Message=The App Readiness service entered the stopped state. 03/16/2021 07:35:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88942 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 03/16/2021 07:35:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88941 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 03/16/2021 07:35:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88940 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 03/16/2021 07:35:50 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88939 Keywords=Classic Message=The process C:\Windows\system32\shutdown.exe (EC2AMAZ-4COQ7T5) has initiated the shutdown of computer EC2AMAZ-4COQ7T5 on behalf of user EC2AMAZ-4COQ7T5\Administrator for the following reason: No title for this reason could be found Reason Code: 0x800000ff Shutdown Type: shutdown Comment: 03/16/2021 07:35:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88974 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 03/16/2021 07:35:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88973 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 03/16/2021 07:35:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88972 Keywords=Classic Message=The Windows Update service entered the stopped state. 03/16/2021 07:35:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88971 Keywords=Classic Message=The Windows Defender Service service entered the stopped state. 03/16/2021 07:35:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88970 Keywords=Classic Message=The DHCP Client service entered the stopped state. 03/16/2021 07:35:51 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=88969 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 03/16/2021 07:35:51 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=88965 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 03/16/2021 07:35:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88964 Keywords=Classic Message=The Certificate Propagation service entered the stopped state. 03/16/2021 07:35:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88963 Keywords=Classic Message=The Remote Desktop Services service entered the stopped state. 03/16/2021 07:35:51 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88962 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 03/16/2021 07:35:51 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=None RecordNumber=88957 Keywords=Classic Message=The Event log service was stopped. 03/16/2021 07:35:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=88975 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 03/16/2021 07:35:55 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=103 OpCode=Info RecordNumber=88976 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 03/16/2021 07:35:56 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=2 OpCode=Info RecordNumber=88977 Keywords=None Message=The operating system is shutting down at system time ‎2021‎-‎03‎-‎16T07:35:56.543400900Z. 03/16/2021 08:22:14 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88984 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 03/16/2021 08:22:14 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88983 Keywords=None Message=There are 0x1 boot options on this system. 03/16/2021 08:22:14 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=88982 Keywords=None Message=The boot menu policy was 0x0. 03/16/2021 08:22:14 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=88981 Keywords=None Message=The boot type was 0x0. 03/16/2021 08:22:14 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=88980 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 03/16/2021 08:22:14 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88979 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 03/16/2021 08:22:14 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=88978 Keywords=None Message=The operating system started at system time ‎2021‎-‎03‎-‎16T08:22:14.491305300Z. 03/16/2021 08:22:18 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88986 Keywords=None Message=File System Filter 'WdFilter' (10.0, ‎2096‎-‎03‎-‎30T23:06:20.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:22:18 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88985 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:22:19 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88988 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 03/16/2021 08:22:20 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88989 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:22:21 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=88999 Keywords=None Message=Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2394 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:22:21 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=88998 Keywords=None Message=Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2394 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:22:21 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=88997 Keywords=None Message=Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2394 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:22:21 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=88996 Keywords=None Message=Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2394 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:22:21 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=88995 Keywords=None Message=Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2394 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:22:21 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=88994 Keywords=None Message=Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2394 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:22:21 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=88993 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2394 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:22:21 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=88992 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2394 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:22:21 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=88991 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 03/16/2021 08:22:21 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=88990 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:22:26 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89000 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 03/16/2021 08:22:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89007 Keywords=Classic Message=The RpcSs service entered the running state. 03/16/2021 08:22:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89006 Keywords=Classic Message=The RpcEptMapper service entered the running state. 03/16/2021 08:22:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89005 Keywords=Classic Message=The DcomLaunch service entered the running state. 03/16/2021 08:22:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89004 Keywords=Classic Message=The Power service entered the running state. 03/16/2021 08:22:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89003 Keywords=Classic Message=The PlugPlay service entered the running state. 03/16/2021 08:22:27 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16977 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89002 Keywords=None Message=The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. 03/16/2021 08:22:27 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89001 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89038 Keywords=Classic Message=The Schedule service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89037 Keywords=Classic Message=The UmRdpService service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89036 Keywords=Classic Message=The FontCache service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89035 Keywords=Classic Message=The DsmSvc service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89034 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89033 Keywords=Classic Message=The NcbService service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89032 Keywords=Classic Message=The netprofm service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89031 Keywords=Classic Message=The ShellHWDetection service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89030 Keywords=Classic Message=The SENS service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89029 Keywords=Classic Message=The Dnscache service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89028 Keywords=Classic Message=The NlaSvc service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89027 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89026 Keywords=Classic Message=The Wcmsvc service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89025 Keywords=Classic Message=The ProfSvc service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89024 Keywords=Classic Message=The Dhcp service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=89023 Keywords=None Message=DHCPv6 client service is started 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89022 Keywords=Classic Message=The gpsvc service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89021 Keywords=Classic Message=The Themes service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=89020 Keywords=None Message=DHCPv4 client service is started 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89019 Keywords=Classic Message=The EventSystem service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89018 Keywords=Classic Message=The nsi service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89017 Keywords=Classic Message=The EventLog service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89016 Keywords=Classic Message=The WPDBusEnum service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89015 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89014 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89013 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2021‎-‎01‎-‎07T22:49:16.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89012 Keywords=Classic Message=The lmhosts service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89011 Keywords=Classic Message=The TermService service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89010 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89009 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89008 Keywords=Classic Message=The LSM service entered the running state. 03/16/2021 08:22:28 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=None RecordNumber=88968 Keywords=Classic Message=The system uptime is 13 seconds. 03/16/2021 08:22:28 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=None RecordNumber=88967 Keywords=Classic Message=The Event log service was started. 03/16/2021 08:22:28 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=None RecordNumber=88966 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 03/16/2021 08:22:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89059 Keywords=Classic Message=The StateRepository service entered the running state. 03/16/2021 08:22:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89058 Keywords=Classic Message=The Winmgmt service entered the running state. 03/16/2021 08:22:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89057 Keywords=Classic Message=The WpnService service entered the running state. 03/16/2021 08:22:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89056 Keywords=Classic Message=The WinRM service entered the running state. 03/16/2021 08:22:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89055 Keywords=Classic Message=The LanmanServer service entered the running state. 03/16/2021 08:22:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89054 Keywords=Classic Message=The CryptSvc service entered the running state. 03/16/2021 08:22:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89053 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 03/16/2021 08:22:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89052 Keywords=Classic Message=The W32Time service entered the running state. 03/16/2021 08:22:29 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89051 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 03/16/2021 08:22:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89050 Keywords=Classic Message=The RemoteRegistry service entered the running state. 03/16/2021 08:22:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89049 Keywords=Classic Message=The TrkWks service entered the running state. 03/16/2021 08:22:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89048 Keywords=Classic Message=The PcaSvc service entered the running state. 03/16/2021 08:22:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89047 Keywords=Classic Message=The Spooler service entered the running state. 03/16/2021 08:22:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89046 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 03/16/2021 08:22:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89045 Keywords=Classic Message=The SamSs service entered the running state. 03/16/2021 08:22:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89044 Keywords=Classic Message=The MpsSvc service entered the running state. 03/16/2021 08:22:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89043 Keywords=Classic Message=The BFE service entered the running state. 03/16/2021 08:22:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89042 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 03/16/2021 08:22:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89041 Keywords=Classic Message=The UserManager service entered the running state. 03/16/2021 08:22:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89040 Keywords=Classic Message=The SessionEnv service entered the running state. 03/16/2021 08:22:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89039 Keywords=Classic Message=The CertPropSvc service entered the running state. 03/16/2021 08:22:29 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=Info RecordNumber=88987 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 03/16/2021 08:22:30 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4202 EventType=2 Type=Error ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89065 Keywords=None Message=Unable to update the IP address on Isatap interface isatap.eu-central-1.compute.internal. Update Type: 1. Error Code: 0x490. 03/16/2021 08:22:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89064 Keywords=Classic Message=The NetSetupSvc service entered the running state. 03/16/2021 08:22:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89063 Keywords=Classic Message=The WinDefend service entered the running state. 03/16/2021 08:22:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89062 Keywords=Classic Message=The iphlpsvc service entered the running state. 03/16/2021 08:22:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89061 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 03/16/2021 08:22:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89060 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 03/16/2021 08:22:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89067 Keywords=Classic Message=The wuauserv service entered the running state. 03/16/2021 08:22:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89066 Keywords=Classic Message=The DeviceInstall service entered the running state. 03/16/2021 08:22:36 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89069 Keywords=Classic Message=The WdNisSvc service entered the running state. 03/16/2021 08:22:36 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89068 Keywords=Classic Message=The TrustedInstaller service entered the running state. 03/16/2021 08:22:53 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89070 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 03/16/2021 08:23:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89072 Keywords=Classic Message=The vds service entered the running state. 03/16/2021 08:23:02 AM LogName=System SourceName=Virtual Disk Service EventCode=3 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=None RecordNumber=89071 Keywords=Classic Message=Service started. 03/16/2021 08:23:04 AM LogName=System SourceName=Microsoft-Windows-UserModePowerService EventCode=12 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=10 OpCode=Info RecordNumber=89073 Keywords=None Message=Process C:\Windows\System32\powercfg.exe (process ID:4004) reset policy scheme from {8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C} to {8C5E7FDA-E8BF-4A96-9A85-A6E23A8C635C} 03/16/2021 08:23:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89074 Keywords=Classic Message=The start type of the Amazon SSM Agent service was changed from disabled to auto start. 03/16/2021 08:23:09 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=35 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89075 Keywords=None Message=The time service is now synchronizing the system time with the time source 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 03/16/2021 08:23:13 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89076 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-4COQ7T5\Administrator SID (S-1-5-21-3730028101-1805993102-2296611634-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/16/2021 08:23:17 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89078 Keywords=Classic Message=The Microsoft Passport service entered the running state. 03/16/2021 08:23:17 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89077 Keywords=Classic Message=The CNG Key Isolation service entered the running state. 03/16/2021 08:23:18 AM LogName=System SourceName=Microsoft-Windows-HttpEvent EventCode=15301 EventType=3 Type=Warning ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89081 Keywords=Classic Message=SSL Certificate Settings created by an admin process for endpoint : 0.0.0.0:5986 . 03/16/2021 08:23:18 AM LogName=System SourceName=Microsoft-Windows-HttpEvent EventCode=15007 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89080 Keywords=Classic Message=Reservation for namespace identified by URL prefix https://+:5986/wsman/ was successfully added. 03/16/2021 08:23:18 AM LogName=System SourceName=Microsoft-Windows-HttpEvent EventCode=15008 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89079 Keywords=Classic Message=Reservation for namespace identified by URL prefix https://+:5986/wsman/ was successfully deleted. 03/16/2021 08:23:19 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89083 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-4COQ7T5\Administrator SID (S-1-5-21-3730028101-1805993102-2296611634-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/16/2021 08:23:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89082 Keywords=Classic Message=The IPsec Policy Agent service entered the running state. 03/16/2021 08:23:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89084 Keywords=Classic Message=The Amazon SSM Agent service entered the running state. 03/16/2021 08:23:26 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89087 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-4COQ7T5\Administrator SID (S-1-5-21-3730028101-1805993102-2296611634-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/16/2021 08:23:26 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89086 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-4COQ7T5\Administrator SID (S-1-5-21-3730028101-1805993102-2296611634-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/16/2021 08:23:26 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89085 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-4COQ7T5\Administrator SID (S-1-5-21-3730028101-1805993102-2296611634-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/16/2021 08:23:27 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89091 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-4COQ7T5\Administrator SID (S-1-5-21-3730028101-1805993102-2296611634-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/16/2021 08:23:27 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89090 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-4COQ7T5\Administrator SID (S-1-5-21-3730028101-1805993102-2296611634-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/16/2021 08:23:27 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89089 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-4COQ7T5\Administrator SID (S-1-5-21-3730028101-1805993102-2296611634-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/16/2021 08:23:27 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89088 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-4COQ7T5\Administrator SID (S-1-5-21-3730028101-1805993102-2296611634-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/16/2021 08:23:28 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89092 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-4COQ7T5\Administrator SID (S-1-5-21-3730028101-1805993102-2296611634-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/16/2021 08:23:30 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89093 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-4COQ7T5\Administrator SID (S-1-5-21-3730028101-1805993102-2296611634-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/16/2021 08:23:49 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89094 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-4COQ7T5\Administrator SID (S-1-5-21-3730028101-1805993102-2296611634-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/16/2021 08:23:51 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89095 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-4COQ7T5\Administrator SID (S-1-5-21-3730028101-1805993102-2296611634-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/16/2021 08:24:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89096 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from demand start to auto start. 03/16/2021 08:24:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89098 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the running state. 03/16/2021 08:24:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89097 Keywords=Classic Message=The Volume Shadow Copy service entered the running state. 03/16/2021 08:24:26 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89099 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-4COQ7T5\Administrator SID (S-1-5-21-3730028101-1805993102-2296611634-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/16/2021 08:24:27 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89100 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-4COQ7T5\Administrator SID (S-1-5-21-3730028101-1805993102-2296611634-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/16/2021 08:24:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89101 Keywords=Classic Message=The Portable Device Enumerator Service service entered the stopped state. 03/16/2021 08:24:29 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89102 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EC2AMAZ-4COQ7T5\Administrator SID (S-1-5-21-3730028101-1805993102-2296611634-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/16/2021 08:24:30 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89103 Keywords=Classic Message=The process C:\Windows\system32\shutdown.exe (EC2AMAZ-4COQ7T5) has initiated the restart of computer EC2AMAZ-4COQ7T5 on behalf of user EC2AMAZ-4COQ7T5\Administrator for the following reason: No title for this reason could be found Reason Code: 0x800000ff Shutdown Type: restart Comment: Reboot initiated by Ansible 03/16/2021 08:24:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89107 Keywords=Classic Message=The Downloaded Maps Manager service entered the running state. 03/16/2021 08:24:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89106 Keywords=Classic Message=The Diagnostic System Host service entered the running state. 03/16/2021 08:24:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89105 Keywords=Classic Message=The Diagnostic Policy Service service entered the running state. 03/16/2021 08:24:31 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89104 Keywords=Classic Message=The Connected Devices Platform Service service entered the stopped state. 03/16/2021 08:24:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89109 Keywords=Classic Message=The Software Protection service entered the running state. 03/16/2021 08:24:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89108 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 03/16/2021 08:24:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89110 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the running state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89147 Keywords=Classic Message=The Windows Defender Service service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89142 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89141 Keywords=Classic Message=The User Access Logging Service service entered the running state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89140 Keywords=Classic Message=The Remote Desktop Services service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89139 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89138 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89137 Keywords=Classic Message=The State Repository Service service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89136 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89135 Keywords=Classic Message=The Volume Shadow Copy service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89134 Keywords=Classic Message=The Certificate Propagation service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89133 Keywords=Classic Message=The DHCP Client service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=89132 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=89131 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89130 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89129 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89128 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89127 Keywords=Classic Message=The User Profile Service service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89126 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89125 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89124 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89123 Keywords=Classic Message=The Diagnostic System Host service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89122 Keywords=Classic Message=The IPsec Policy Agent service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89121 Keywords=Classic Message=The Diagnostic Policy Service service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89120 Keywords=Classic Message=The Windows Time service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89119 Keywords=Classic Message=The Device Install Service service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89118 Keywords=Classic Message=The Distributed Link Tracking Client service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=89117 Keywords=Time Message=The system time has changed to ‎2021‎-‎03‎-‎16T08:24:34.227000000Z from ‎2021‎-‎03‎-‎16T08:24:34.227845500Z. Change Reason: An application or system component changed the time. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89116 Keywords=Classic Message=The Remote Desktop Services UserMode Port Redirector service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89115 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89114 Keywords=Classic Message=The Plug and Play service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89113 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89112 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 03/16/2021 08:24:34 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=EC2AMAZ-4COQ7T5 TaskCategory=None OpCode=None RecordNumber=89111 Keywords=Classic Message=The Event log service was stopped. 03/16/2021 08:24:35 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89148 Keywords=Classic Message=The Software Protection service entered the stopped state. 03/16/2021 08:24:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89150 Keywords=Classic Message=The Windows Update service entered the stopped state. 03/16/2021 08:24:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89149 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 03/16/2021 08:24:39 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=2 OpCode=Info RecordNumber=89152 Keywords=None Message=The operating system is shutting down at system time ‎2021‎-‎03‎-‎16T08:24:39.990166700Z. 03/16/2021 08:24:39 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=103 OpCode=Info RecordNumber=89151 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 03/16/2021 08:24:59 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89159 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 03/16/2021 08:24:59 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89158 Keywords=None Message=There are 0x1 boot options on this system. 03/16/2021 08:24:59 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=89157 Keywords=None Message=The boot menu policy was 0x0. 03/16/2021 08:24:59 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=89156 Keywords=None Message=The boot type was 0x0. 03/16/2021 08:24:59 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=89155 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 03/16/2021 08:24:59 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89154 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 03/16/2021 08:24:59 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=89153 Keywords=None Message=The operating system started at system time ‎2021‎-‎03‎-‎16T08:24:59.495855100Z. 03/16/2021 08:25:02 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89160 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:25:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89172 Keywords=None Message=Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:25:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89171 Keywords=None Message=Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:25:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89170 Keywords=None Message=Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:25:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89169 Keywords=None Message=Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:25:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89168 Keywords=None Message=Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:25:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89167 Keywords=None Message=Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:25:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89166 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:25:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89165 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:25:03 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=89164 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 03/16/2021 08:25:03 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89163 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:25:03 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89162 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:25:03 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89161 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 03/16/2021 08:25:04 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89173 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89236 Keywords=Classic Message=The iphlpsvc service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89235 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89234 Keywords=Classic Message=The StateRepository service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89233 Keywords=Classic Message=The WpnService service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89232 Keywords=Classic Message=The WinRM service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89231 Keywords=Classic Message=The LanmanServer service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89230 Keywords=Classic Message=The MpsSvc service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89229 Keywords=Classic Message=The Winmgmt service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89228 Keywords=Classic Message=The W32Time service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89227 Keywords=Classic Message=The Spooler service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89226 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=Info RecordNumber=89224 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89223 Keywords=Classic Message=The TrkWks service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89222 Keywords=Classic Message=The RemoteRegistry service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89221 Keywords=Classic Message=The CryptSvc service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89220 Keywords=Classic Message=The PcaSvc service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89219 Keywords=Classic Message=The UserManager service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89218 Keywords=Classic Message=The SamSs service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89217 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89216 Keywords=Classic Message=The BFE service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89215 Keywords=Classic Message=The SessionEnv service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89214 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89213 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89212 Keywords=Classic Message=The NcbService service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89211 Keywords=Classic Message=The DsmSvc service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89210 Keywords=Classic Message=The netprofm service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89209 Keywords=Classic Message=The Schedule service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89208 Keywords=Classic Message=The FontCache service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89207 Keywords=Classic Message=The CertPropSvc service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89206 Keywords=Classic Message=The ShellHWDetection service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89205 Keywords=Classic Message=The Wcmsvc service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89204 Keywords=Classic Message=The Dnscache service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89203 Keywords=Classic Message=The NlaSvc service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89202 Keywords=Classic Message=The UmRdpService service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89201 Keywords=Classic Message=The TrustedInstaller service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89200 Keywords=Classic Message=The SENS service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89199 Keywords=Classic Message=The ProfSvc service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89198 Keywords=Classic Message=The gpsvc service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89197 Keywords=Classic Message=The Dhcp service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=89196 Keywords=None Message=DHCPv6 client service is started 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89195 Keywords=Classic Message=The EventSystem service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89194 Keywords=Classic Message=The WPDBusEnum service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=89193 Keywords=None Message=DHCPv4 client service is started 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89192 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89191 Keywords=Classic Message=The Themes service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89190 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89189 Keywords=Classic Message=The nsi service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89188 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89187 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2021‎-‎01‎-‎07T22:49:16.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89186 Keywords=Classic Message=The EventLog service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89185 Keywords=Classic Message=The lmhosts service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89184 Keywords=Classic Message=The TermService service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89183 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89182 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89181 Keywords=Classic Message=The LSM service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89180 Keywords=Classic Message=The RpcSs service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89179 Keywords=Classic Message=The RpcEptMapper service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89178 Keywords=Classic Message=The DcomLaunch service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89177 Keywords=Classic Message=The Power service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89176 Keywords=Classic Message=The PlugPlay service entered the running state. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16977 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89175 Keywords=None Message=The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. 03/16/2021 08:25:05 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89174 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 03/16/2021 08:25:05 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=None RecordNumber=89146 Keywords=Classic Message=The system uptime is 5 seconds. 03/16/2021 08:25:05 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=None RecordNumber=89145 Keywords=Classic Message=The Event log service was started. 03/16/2021 08:25:05 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=None RecordNumber=89144 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 03/16/2021 08:25:05 AM LogName=System SourceName=EventLog EventCode=6011 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=None RecordNumber=89143 Keywords=Classic Message=The NetBIOS name and DNS host name of this machine have been changed from EC2AMAZ-4COQ7T5 to WIN-DC-983. 03/16/2021 08:25:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89241 Keywords=Classic Message=The PolicyAgent service entered the running state. 03/16/2021 08:25:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89240 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 03/16/2021 08:25:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89239 Keywords=Classic Message=The KeyIso service entered the running state. 03/16/2021 08:25:06 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89238 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:10.0.1.14 has been brought up. 03/16/2021 08:25:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89237 Keywords=Classic Message=The NetSetupSvc service entered the running state. 03/16/2021 08:25:06 AM LogName=System SourceName=Microsoft-Windows-TerminalServices-RemoteConnectionManager EventCode=1056 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89225 Keywords=Classic Message=A new self signed certificate to be used for RD Session Host Server authentication on SSL connections was generated. The name on this certificate is win-dc-983. The SHA1 hash of the certificate is in the event data. 03/16/2021 08:25:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89242 Keywords=Classic Message=The AmazonSSMAgent service entered the running state. 03/16/2021 08:25:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89243 Keywords=Classic Message=The wuauserv service entered the running state. 03/16/2021 08:25:12 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89244 Keywords=Classic Message=The NetSetupSvc service entered the stopped state. 03/16/2021 08:25:13 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89245 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user WIN-DC-983\Administrator SID (S-1-5-21-3730028101-1805993102-2296611634-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/16/2021 08:25:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89247 Keywords=Classic Message=The NetSetupSvc service entered the running state. 03/16/2021 08:25:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89246 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from auto start to demand start. 03/16/2021 08:25:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89248 Keywords=Classic Message=A service was installed in the system. Service Name: Mozilla Maintenance Service Service File Name: "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem 03/16/2021 08:26:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89249 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from demand start to auto start. 03/16/2021 08:26:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89250 Keywords=Classic Message=A service was installed in the system. Service Name: DNS Server Service File Name: %systemroot%\system32\dns.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 03/16/2021 08:26:49 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89251 Keywords=Classic Message=The DNS Server service entered the running state. 03/16/2021 08:26:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89254 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the running state. 03/16/2021 08:26:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89253 Keywords=Classic Message=The Volume Shadow Copy service entered the running state. 03/16/2021 08:26:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89252 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from auto start to demand start. 03/16/2021 08:26:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89255 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the running state. 03/16/2021 08:26:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89258 Keywords=Classic Message=The Client License Service (ClipSVC) service entered the running state. 03/16/2021 08:26:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89257 Keywords=Classic Message=The Microsoft Account Sign-in Assistant service entered the running state. 03/16/2021 08:26:54 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89256 Keywords=Classic Message=The Windows Insider Service service entered the running state. 03/16/2021 08:27:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89259 Keywords=Classic Message=The Portable Device Enumerator Service service entered the stopped state. 03/16/2021 08:27:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89263 Keywords=Classic Message=The Downloaded Maps Manager service entered the running state. 03/16/2021 08:27:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89262 Keywords=Classic Message=The Diagnostic System Host service entered the running state. 03/16/2021 08:27:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89261 Keywords=Classic Message=The Diagnostic Policy Service service entered the running state. 03/16/2021 08:27:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89260 Keywords=Classic Message=The Connected Devices Platform Service service entered the stopped state. 03/16/2021 08:27:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89265 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from demand start to auto start. 03/16/2021 08:27:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89264 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the running state. 03/16/2021 08:27:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89266 Keywords=Classic Message=The Software Protection service entered the running state. 03/16/2021 08:27:10 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89267 Keywords=Classic Message=The Windows License Manager Service service entered the running state. 03/16/2021 08:27:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89268 Keywords=Classic Message=The User Access Logging Service service entered the running state. 03/16/2021 08:27:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89269 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from auto start to demand start. 03/16/2021 08:27:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89270 Keywords=Classic Message=The Downloaded Maps Manager service entered the stopped state. 03/16/2021 08:27:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89271 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from demand start to auto start. 03/16/2021 08:27:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89284 Keywords=Classic Message=A service was installed in the system. Service Name: Microsoft Key Distribution Service Service File Name: %SystemRoot%\system32\lsass.exe Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem 03/16/2021 08:27:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89283 Keywords=Classic Message=A service was installed in the system. Service Name: Active Directory Web Services Service File Name: %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe Service Type: user mode service Service Start Type: disabled Service Account: LocalSystem 03/16/2021 08:27:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89282 Keywords=Classic Message=A service was installed in the system. Service Name: DFS Namespace Server Filter Driver Service File Name: system32\drivers\dfs.sys Service Type: kernel mode driver Service Start Type: system start Service Account: 03/16/2021 08:27:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89281 Keywords=Classic Message=A service was installed in the system. Service Name: File Replication Service File Name: %SystemRoot%\system32\ntfrs.exe Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem 03/16/2021 08:27:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89280 Keywords=Classic Message=A service was installed in the system. Service Name: DS Role Server Service File Name: %SystemRoot%\System32\lsass.exe Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem 03/16/2021 08:27:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89279 Keywords=Classic Message=A service was installed in the system. Service Name: DFS Replication ReadOnly Driver Service File Name: system32\drivers\dfsrro.sys Service Type: kernel mode driver Service Start Type: boot start Service Account: 03/16/2021 08:27:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89278 Keywords=Classic Message=A service was installed in the system. Service Name: DFS Namespace Service File Name: %SystemRoot%\system32\dfssvc.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 03/16/2021 08:27:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89277 Keywords=Classic Message=A service was installed in the system. Service Name: DFS Replication Service File Name: %SystemRoot%\system32\DFSRs.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 03/16/2021 08:27:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89276 Keywords=Classic Message=A service was installed in the system. Service Name: Active Directory Domain Services Service File Name: %SystemRoot%\System32\lsass.exe Service Type: user mode service Service Start Type: disabled Service Account: LocalSystem 03/16/2021 08:27:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89275 Keywords=Classic Message=A service was installed in the system. Service Name: Kerberos Key Distribution Center Service File Name: %SystemRoot%\System32\lsass.exe Service Type: user mode service Service Start Type: disabled Service Account: LocalSystem 03/16/2021 08:27:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89274 Keywords=Classic Message=A service was installed in the system. Service Name: Intersite Messaging Service File Name: %SystemRoot%\System32\ismserv.exe Service Type: user mode service Service Start Type: disabled Service Account: LocalSystem 03/16/2021 08:27:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89291 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from auto start to demand start. 03/16/2021 08:27:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89290 Keywords=Classic Message=The Virtual Disk service entered the running state. 03/16/2021 08:27:40 AM LogName=System SourceName=Virtual Disk Service EventCode=3 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=None RecordNumber=89289 Keywords=Classic Message=Service started. 03/16/2021 08:27:40 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89288 Keywords=None Message=File System Filter 'DfsrRo' (10.0, ‎2016‎-‎07‎-‎16T02:20:37.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:27:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89287 Keywords=Classic Message=The DFS Namespace service entered the running state. 03/16/2021 08:27:40 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89286 Keywords=None Message=File System Filter 'DfsDriver' (10.0, ‎2016‎-‎07‎-‎16T02:21:37.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:27:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89285 Keywords=Classic Message=The DFS Replication service entered the running state. 03/16/2021 08:27:40 AM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14531 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89273 Keywords=Classic Message=DFS server has finished initializing. 03/16/2021 08:27:40 AM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14533 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89272 Keywords=Classic Message=DFS has finished building all namespaces. 03/16/2021 08:27:49 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89292 Keywords=Classic Message=The DS Role Server service entered the running state. 03/16/2021 08:27:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89293 Keywords=Classic Message=The Software Protection service entered the stopped state. 03/16/2021 08:28:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89294 Keywords=Classic Message=The Network Setup Service service entered the stopped state. 03/16/2021 08:28:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89295 Keywords=Classic Message=The Network Connectivity Assistant service entered the stopped state. 03/16/2021 08:28:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89303 Keywords=Classic Message=The Virtual Disk service entered the stopped state. 03/16/2021 08:28:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89302 Keywords=Classic Message=The Network Connectivity Assistant service entered the stopped state. 03/16/2021 08:28:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89301 Keywords=Classic Message=The start type of the Distributed Link Tracking Client service was changed from auto start to demand start. 03/16/2021 08:28:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89300 Keywords=Classic Message=The start type of the Kerberos Key Distribution Center service was changed from disabled to auto start. 03/16/2021 08:28:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89299 Keywords=Classic Message=The start type of the Intersite Messaging service was changed from disabled to auto start. 03/16/2021 08:28:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89298 Keywords=Classic Message=The start type of the Active Directory Domain Services service was changed from disabled to auto start. 03/16/2021 08:28:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89297 Keywords=Classic Message=The start type of the Netlogon service was changed from demand start to auto start. 03/16/2021 08:28:23 AM LogName=System SourceName=Virtual Disk Service EventCode=4 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=None RecordNumber=89296 Keywords=Classic Message=Service stopped. 03/16/2021 08:28:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89305 Keywords=Classic Message=The start type of the File Replication service was changed from demand start to disabled. 03/16/2021 08:28:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89304 Keywords=Classic Message=The DFS Replication service entered the stopped state. 03/16/2021 08:28:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89307 Keywords=Classic Message=The start type of the SSDP Discovery service was changed from demand start to disabled. 03/16/2021 08:28:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89306 Keywords=Classic Message=The start type of the UPnP Device Host service was changed from demand start to disabled. 03/16/2021 08:28:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89312 Keywords=Classic Message=The Netlogon service entered the running state. 03/16/2021 08:28:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89311 Keywords=Classic Message=The start type of the Encrypting File System (EFS) service was changed from demand start to auto start. 03/16/2021 08:28:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89310 Keywords=Classic Message=The start type of the Active Directory Web Services service was changed from disabled to auto start. 03/16/2021 08:28:30 AM LogName=System SourceName=NETLOGON EventCode=5719 EventType=2 Type=Error ComputerName=win-dc-983 TaskCategory=None OpCode=Info RecordNumber=89309 Keywords=Classic Message=This computer was not able to set up a secure session with a domain controller in domain ATTACKRANGE due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. 03/16/2021 08:28:30 AM LogName=System SourceName=NETLOGON EventCode=5516 EventType=2 Type=Error ComputerName=win-dc-983 TaskCategory=None OpCode=Info RecordNumber=89308 Keywords=Classic Message=The computer or domain WIN-DC-983 trusts domain ATTACKRANGE. (This may be an indirect trust.) However, WIN-DC-983 and ATTACKRANGE have the same machine security identifier (SID). NT should be re-installed on either WIN-DC-983 or ATTACKRANGE. 03/16/2021 08:28:34 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89313 Keywords=Classic Message=The process C:\Windows\system32\shutdown.exe (WIN-DC-983) has initiated the restart of computer WIN-DC-983 on behalf of user WIN-DC-983\Administrator for the following reason: No title for this reason could be found Reason Code: 0x800000ff Shutdown Type: restart Comment: Reboot initiated by Ansible 03/16/2021 08:28:36 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89316 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89350 Keywords=Classic Message=The DNS Server service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89349 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89348 Keywords=Classic Message=The Remote Desktop Services service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89347 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89346 Keywords=Classic Message=The Windows Update service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89345 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89344 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89343 Keywords=Classic Message=The Volume Shadow Copy service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89342 Keywords=Classic Message=The State Repository Service service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89341 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89340 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89339 Keywords=Classic Message=The DHCP Client service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=89338 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89337 Keywords=Classic Message=The Certificate Propagation service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=win-dc-983 User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=89336 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89335 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89334 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89333 Keywords=Classic Message=The Diagnostic Policy Service service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89332 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89331 Keywords=Classic Message=The Windows Insider Service service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89330 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89329 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89328 Keywords=Classic Message=The User Profile Service service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89327 Keywords=Classic Message=The IPsec Policy Agent service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89326 Keywords=Classic Message=The Windows Time service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89325 Keywords=Classic Message=The Diagnostic System Host service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89324 Keywords=Classic Message=The Client License Service (ClipSVC) service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89323 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89322 Keywords=Classic Message=The Remote Desktop Services UserMode Port Redirector service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89321 Keywords=Classic Message=The Distributed Link Tracking Client service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89320 Keywords=Classic Message=The Plug and Play service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89319 Keywords=Classic Message=The User Access Logging Service service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89318 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89317 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 03/16/2021 08:28:37 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=win-dc-983 TaskCategory=None OpCode=None RecordNumber=89315 Keywords=Classic Message=The Event log service was stopped. 03/16/2021 08:28:37 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10149 EventType=3 Type=Warning ComputerName=win-dc-983 TaskCategory=None OpCode=Info RecordNumber=89314 Keywords=Classic Message=The WinRM service is not listening for WS-Management requests. User Action If you did not intentionally stop the service, use the following command to see the WinRM configuration: winrm enumerate winrm/config/listener 03/16/2021 08:28:42 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=2 OpCode=Info RecordNumber=89355 Keywords=None Message=The operating system is shutting down at system time ‎2021‎-‎03‎-‎16T08:28:42.834615800Z. 03/16/2021 08:28:42 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=103 OpCode=Info RecordNumber=89354 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 03/16/2021 08:29:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89362 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 03/16/2021 08:29:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89361 Keywords=None Message=There are 0x1 boot options on this system. 03/16/2021 08:29:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=89360 Keywords=None Message=The boot menu policy was 0x0. 03/16/2021 08:29:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=89359 Keywords=None Message=The boot type was 0x0. 03/16/2021 08:29:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=89358 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 03/16/2021 08:29:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89357 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 03/16/2021 08:29:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=89356 Keywords=None Message=The operating system started at system time ‎2021‎-‎03‎-‎16T08:29:02.496466500Z. 03/16/2021 08:29:05 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89364 Keywords=None Message=File System Filter 'DfsrRo' (10.0, ‎2016‎-‎07‎-‎16T02:20:37.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:29:05 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89363 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:29:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89377 Keywords=None Message=Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:29:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89376 Keywords=None Message=Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:29:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89375 Keywords=None Message=Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:29:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89374 Keywords=None Message=Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:29:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89373 Keywords=None Message=Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:29:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89372 Keywords=None Message=Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:29:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89371 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:29:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89370 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:29:06 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=89369 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 03/16/2021 08:29:06 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89368 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:29:06 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89367 Keywords=None Message=File System Filter 'DfsDriver' (10.0, ‎2016‎-‎07‎-‎16T02:21:37.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:29:06 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89366 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:29:06 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89365 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 03/16/2021 08:29:20 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89379 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: . For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 03/16/2021 08:29:20 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89378 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89412 Keywords=Classic Message=The Dnscache service entered the running state. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89411 Keywords=Classic Message=The Dhcp service entered the running state. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89410 Keywords=Classic Message=The TermService service entered the running state. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=89409 Keywords=None Message=DHCPv6 client service is started 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=89408 Keywords=None Message=DHCPv4 client service is started 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89407 Keywords=Classic Message=The lmhosts service entered the running state. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89406 Keywords=Classic Message=The nsi service entered the running state. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89405 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89404 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89403 Keywords=Classic Message=The LSM service entered the running state. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89402 Keywords=Classic Message=The RpcSs service entered the running state. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89401 Keywords=Classic Message=The RpcEptMapper service entered the running state. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89400 Keywords=Classic Message=The DcomLaunch service entered the running state. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89398 Keywords=Classic Message=The Power service entered the running state. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89397 Keywords=Classic Message=The PlugPlay service entered the running state. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16413 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89396 Keywords=None Message=An error occurred when trying to remove the account Network Service from the group Performance Log Users. The problem, "The system cannot find the file specified. ", occurred when trying to remove the account from the group. Please remove the member manually. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89395 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Storage Replica Administrators. Please contact PSS to recover. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89394 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Remote Management Users. Please contact PSS to recover. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89393 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Access Control Assistance Operators. Please contact PSS to recover. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89392 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Hyper-V Administrators. Please contact PSS to recover. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89391 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account RDS Management Servers. Please contact PSS to recover. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89390 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account RDS Endpoint Servers. Please contact PSS to recover. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89389 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account RDS Remote Access Servers. Please contact PSS to recover. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89388 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Certificate Service DCOM Access. Please contact PSS to recover. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89387 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Event Log Readers. Please contact PSS to recover. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16401 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89386 Keywords=None Message=An error occurred when trying to add the account INTERNET USER to the group IIS_IUSRS. The problem, "The specified local group does not exist. ", occurred when trying to open the group. Please add the account manually. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89385 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Cryptographic Operators. Please contact PSS to recover. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89384 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account IIS_IUSRS. Please contact PSS to recover. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16403 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89383 Keywords=None Message=The error "The specified local group already exists. " occurred when trying to create the well known account Distributed COM Users. Please contact PSS to recover. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16937 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89382 Keywords=None Message=Secured the machine account . The builtin\account operators full control Access Control Entry was removed from the security descriptor on this object. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16977 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89381 Keywords=None Message=The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. 03/16/2021 08:29:22 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16977 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89380 Keywords=None Message=The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 MinimumPasswordLengthAudit: 0 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=89451 Keywords=None Message=Name resolution for the name _ldap._tcp.dc._msdcs.attackrange.local. timed out after none of the configured DNS servers responded. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89450 Keywords=Classic Message=The PolicyAgent service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89449 Keywords=Classic Message=The KeyIso service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89448 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:10.0.1.14 has been brought up. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89447 Keywords=Classic Message=The UserManager service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89446 Keywords=Classic Message=The NetSetupSvc service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89445 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89444 Keywords=Classic Message=The MpsSvc service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89443 Keywords=Classic Message=The Schedule service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89442 Keywords=Classic Message=The NcaSvc service entered the stopped state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89441 Keywords=Classic Message=The SessionEnv service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89440 Keywords=Classic Message=The iphlpsvc service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89439 Keywords=Classic Message=The Kdc service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=89438 Keywords=None Message=Name resolution for the name _ldap._tcp.dc._msdcs.attackrange.local. timed out after none of the configured DNS servers responded. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89437 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89436 Keywords=Classic Message=The CertPropSvc service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89435 Keywords=Classic Message=The NcbService service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89434 Keywords=Classic Message=The netprofm service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89433 Keywords=Classic Message=The gpsvc service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89432 Keywords=Classic Message=The ShellHWDetection service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89431 Keywords=Classic Message=The FontCache service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89430 Keywords=Classic Message=The ProfSvc service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89429 Keywords=Classic Message=The UmRdpService service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89428 Keywords=Classic Message=The Wcmsvc service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89427 Keywords=Classic Message=The NlaSvc service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89426 Keywords=Classic Message=The SENS service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89425 Keywords=Classic Message=The Themes service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89424 Keywords=Classic Message=The Winmgmt service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89423 Keywords=Classic Message=The EventLog service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=89422 Keywords=None Message=Name resolution for the name wpad timed out after none of the configured DNS servers responded. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89421 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89420 Keywords=Classic Message=The EventSystem service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89419 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89418 Keywords=Classic Message=The WPDBusEnum service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89417 Keywords=Classic Message=The BFE service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89416 Keywords=Classic Message=The NTDS service entered the running state. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89415 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89414 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89413 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2021‎-‎01‎-‎07T22:49:16.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:29:23 AM LogName=System SourceName=Microsoft-Windows-TerminalServices-RemoteConnectionManager EventCode=1056 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89399 Keywords=Classic Message=A new self signed certificate to be used for RD Session Host Server authentication on SSL connections was generated. The name on this certificate is win-dc-983.attackrange.local. The SHA1 hash of the certificate is in the event data. 03/16/2021 08:29:23 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=None RecordNumber=89353 Keywords=Classic Message=The system uptime is 20 seconds. 03/16/2021 08:29:23 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=None RecordNumber=89352 Keywords=Classic Message=The Event log service was started. 03/16/2021 08:29:23 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=None RecordNumber=89351 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 03/16/2021 08:29:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89452 Keywords=Classic Message=The CryptSvc service entered the running state. 03/16/2021 08:29:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89456 Keywords=Classic Message=The LanmanServer service entered the running state. 03/16/2021 08:29:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89455 Keywords=Classic Message=The SamSs service entered the running state. 03/16/2021 08:29:32 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16648 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89454 Keywords=None Message=The request for a new account-identifier pool has completed successfully. 03/16/2021 08:29:32 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16647 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89453 Keywords=None Message=The domain controller is starting a request for a new account-identifier pool. 03/16/2021 08:29:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89474 Keywords=Classic Message=The ADWS service entered the running state. 03/16/2021 08:29:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89473 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 03/16/2021 08:29:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89472 Keywords=Classic Message=The StateRepository service entered the running state. 03/16/2021 08:29:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89471 Keywords=Classic Message=The WinRM service entered the running state. 03/16/2021 08:29:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89470 Keywords=Classic Message=The WpnService service entered the running state. 03/16/2021 08:29:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89469 Keywords=Classic Message=The DFSR service entered the running state. 03/16/2021 08:29:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89468 Keywords=Classic Message=The Dfs service entered the running state. 03/16/2021 08:29:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89467 Keywords=Classic Message=The IsmServ service entered the running state. 03/16/2021 08:29:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89466 Keywords=Classic Message=The EFS service entered the running state. 03/16/2021 08:29:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89465 Keywords=Classic Message=The PcaSvc service entered the running state. 03/16/2021 08:29:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89464 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 03/16/2021 08:29:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89463 Keywords=Classic Message=The RemoteRegistry service entered the running state. 03/16/2021 08:29:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89462 Keywords=Classic Message=The Spooler service entered the running state. 03/16/2021 08:29:38 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89461 Keywords=Classic Message=The Netlogon service entered the running state. 03/16/2021 08:29:38 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=Info RecordNumber=89460 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 03/16/2021 08:29:38 AM LogName=System SourceName=NETLOGON EventCode=5823 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=Info RecordNumber=89459 Keywords=Classic Message= The system successfully changed its password on the domain controller . This event is logged when the password for the computer account is changed by the system. It is logged on the computer that changed the password. 03/16/2021 08:29:38 AM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14531 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89458 Keywords=Classic Message=DFS server has finished initializing. 03/16/2021 08:29:38 AM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14533 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89457 Keywords=Classic Message=DFS has finished building all namespaces. 03/16/2021 08:29:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89478 Keywords=Classic Message=The vds service entered the running state. 03/16/2021 08:29:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89477 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 03/16/2021 08:29:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89476 Keywords=Classic Message=The wmiApSrv service entered the running state. 03/16/2021 08:29:39 AM LogName=System SourceName=Virtual Disk Service EventCode=3 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=None RecordNumber=89475 Keywords=Classic Message=Service started. 03/16/2021 08:29:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89480 Keywords=Classic Message=The wmiApSrv service entered the stopped state. 03/16/2021 08:29:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89479 Keywords=Classic Message=The AmazonSSMAgent service entered the running state. 03/16/2021 08:29:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89481 Keywords=Classic Message=The NetSetupSvc service entered the stopped state. 03/16/2021 08:29:42 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=143 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89483 Keywords=None Message=The time service has started advertising as a good time source. 03/16/2021 08:29:42 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=139 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89482 Keywords=None Message=The time service has started advertising as a time source. 03/16/2021 08:29:50 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10154 EventType=3 Type=Warning ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=Info RecordNumber=89484 Keywords=Classic Message=The WinRM service failed to create the following SPNs: WSMAN/win-dc-983.attackrange.local; WSMAN/win-dc-983. Additional Data The error received was 1355: %%1355. User Action The SPNs can be created by an administrator using setspn.exe utility. 03/16/2021 08:29:55 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89487 Keywords=Classic Message=The W32Time service entered the running state. 03/16/2021 08:29:55 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=12 EventType=3 Type=Warning ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89486 Keywords=None Message=Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient. 03/16/2021 08:29:55 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=134 EventType=3 Type=Warning ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89485 Keywords=None Message=NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x8'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9) 03/16/2021 08:30:02 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89489 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 03/16/2021 08:30:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89488 Keywords=Classic Message=The DNS service entered the running state. 03/16/2021 08:30:11 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=35 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89491 Keywords=None Message=The time service is now synchronizing the system time with the time source time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 03/16/2021 08:30:11 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=144 EventType=3 Type=Warning ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89490 Keywords=None Message=The time service has stopped advertising as a good time source. 03/16/2021 08:30:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89492 Keywords=Classic Message=The NetSetupSvc service entered the running state. 03/16/2021 08:30:36 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89493 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 03/16/2021 08:30:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89494 Keywords=Classic Message=The NetSetupSvc service entered the stopped state. 03/16/2021 08:31:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89495 Keywords=Classic Message=The WPDBusEnum service entered the stopped state. 03/16/2021 08:31:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89497 Keywords=Classic Message=The DPS service entered the running state. 03/16/2021 08:31:39 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89496 Keywords=Classic Message=The Connected Devices Platform Service service entered the stopped state. 03/16/2021 08:31:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89500 Keywords=Classic Message=The sppsvc service entered the running state. 03/16/2021 08:31:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89499 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the running state. 03/16/2021 08:31:40 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89498 Keywords=Classic Message=The MapsBroker service entered the running state. 03/16/2021 08:31:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89501 Keywords=Classic Message=The UALSVC service entered the running state. 03/16/2021 08:31:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89503 Keywords=Classic Message=The MapsBroker service entered the stopped state. 03/16/2021 08:31:50 AM LogName=System SourceName=Microsoft-Windows-TerminalServices-RemoteConnectionManager EventCode=1067 EventType=3 Type=Warning ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89502 Keywords=Classic Message=The RD Session Host server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. . 03/16/2021 08:32:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89504 Keywords=Classic Message=The sppsvc service entered the stopped state. 03/16/2021 08:33:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89506 Keywords=Classic Message=The wisvc service entered the running state. 03/16/2021 08:33:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89505 Keywords=Classic Message=The UsoSvc service entered the running state. 03/16/2021 08:33:34 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89507 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user ATTACKRANGE\Administrator SID (S-1-5-21-3730028101-1805993102-2296611634-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/16/2021 08:34:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89508 Keywords=Classic Message=The wisvc service entered the stopped state. 03/16/2021 08:34:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89509 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the stopped state. 03/16/2021 08:34:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89510 Keywords=Classic Message=The msiserver service entered the running state. 03/16/2021 08:34:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89511 Keywords=Classic Message=The WdiSystemHost service entered the running state. 03/16/2021 08:34:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89514 Keywords=Classic Message=A service was installed in the system. Service Name: SplunkMonitorNoHandle Service File Name: system32\DRIVERS\SplunkMonitorNoHandleDrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 03/16/2021 08:34:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89513 Keywords=Classic Message=A service was installed in the system. Service Name: splknetdrv Service File Name: \SystemRoot\system32\DRIVERS\splknetdrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 03/16/2021 08:34:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89512 Keywords=Classic Message=A service was installed in the system. Service Name: Splunk Trace Kernel Mode Driver Service File Name: \SystemRoot\system32\DRIVERS\splunkdrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 03/16/2021 08:34:49 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89517 Keywords=Classic Message=A service was installed in the system. Service Name: SplunkForwarder Service Service File Name: "C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 03/16/2021 08:34:49 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89516 Keywords=Classic Message=The Network Setup Service service entered the running state. 03/16/2021 08:34:49 AM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1129 EventType=2 Type=Error ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89515 Keywords=None Message=The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator. 03/16/2021 08:34:56 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89518 Keywords=Classic Message=The Windows Modules Installer service entered the running state. 03/16/2021 08:34:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89519 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from demand start to auto start. 03/16/2021 08:34:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89522 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the running state. 03/16/2021 08:34:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89521 Keywords=Classic Message=The Volume Shadow Copy service entered the running state. 03/16/2021 08:34:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89520 Keywords=Classic Message=The start type of the Windows Modules Installer service was changed from auto start to demand start. 03/16/2021 08:35:00 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89523 Keywords=Classic Message=The SplunkForwarder Service service entered the running state. 03/16/2021 08:35:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89524 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the running state. 03/16/2021 08:35:36 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89526 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 03/16/2021 08:35:36 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89525 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 03/16/2021 08:35:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89527 Keywords=Classic Message=The SplunkForwarder Service service entered the running state. 03/16/2021 08:36:16 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89530 Keywords=None Message=File System Filter 'SysmonDrv' (0.0, ‎2021‎-‎01‎-‎12T18:00:46.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:36:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89529 Keywords=Classic Message=A service was installed in the system. Service Name: SysmonDrv Service File Name: C:\Windows\SysmonDrv.sys Service Type: kernel mode driver Service Start Type: boot start Service Account: 03/16/2021 08:36:16 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89528 Keywords=Classic Message=A service was installed in the system. Service Name: sysmon64 Service File Name: C:\Windows\sysmon64.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 03/16/2021 08:36:17 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89531 Keywords=Classic Message=The sysmon64 service entered the running state. 03/16/2021 08:36:27 AM LogName=System SourceName=User32 EventCode=1074 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89532 Keywords=Classic Message=The process C:\Windows\system32\shutdown.exe (WIN-DC-983) has initiated the restart of computer WIN-DC-983 on behalf of user ATTACKRANGE\Administrator for the following reason: No title for this reason could be found Reason Code: 0x800000ff Shutdown Type: restart Comment: Reboot initiated by Ansible 03/16/2021 08:36:29 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89534 Keywords=Classic Message=The Group Policy Client service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89570 Keywords=Classic Message=The DFS Replication service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89569 Keywords=Classic Message=The Cryptographic Services service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89568 Keywords=Classic Message=The Windows Remote Management (WS-Management) service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89567 Keywords=Classic Message=The DNS Server service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89566 Keywords=Classic Message=The Task Scheduler service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89565 Keywords=Classic Message=The Windows Event Log service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89564 Keywords=Classic Message=The Remote Desktop Services service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89563 Keywords=Classic Message=The User Profile Service service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89562 Keywords=Classic Message=The Volume Shadow Copy service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89561 Keywords=Classic Message=The State Repository Service service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89560 Keywords=Classic Message=The Virtual Disk service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89559 Keywords=Classic Message=The DHCP Client service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50037 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=89558 Keywords=None Message=DHCPv4 client service is stopped. ShutDown Flag value is 1 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89557 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89556 Keywords=Classic Message=The Windows Management Instrumentation service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89555 Keywords=Classic Message=The Windows Connection Manager service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89554 Keywords=Classic Message=The Windows Font Cache Service service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89553 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89552 Keywords=Classic Message=The Diagnostic Policy Service service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89551 Keywords=Classic Message=The IPsec Policy Agent service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89550 Keywords=Classic Message=The Intersite Messaging service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89549 Keywords=Classic Message=The Diagnostic System Host service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89548 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89547 Keywords=Classic Message=The Program Compatibility Assistant Service service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89546 Keywords=Classic Message=The Windows Installer service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89545 Keywords=Classic Message=The Certificate Propagation service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89544 Keywords=Classic Message=The AWS Lite Guest Agent service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51047 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStop RecordNumber=89543 Keywords=None Message=DHCPv6 client service is stopped. ShutDown Flag value is 1 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89542 Keywords=Classic Message=The Windows Time service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89541 Keywords=Classic Message=The Remote Desktop Services UserMode Port Redirector service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=1 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=5 OpCode=Info RecordNumber=89540 Keywords=Time Message=The system time has changed to ‎2021‎-‎03‎-‎16T08:36:30.146000000Z from ‎2021‎-‎03‎-‎16T08:36:30.147528000Z. Change Reason: An application or system component changed the time. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89539 Keywords=Classic Message=The Active Directory Web Services service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89538 Keywords=Classic Message=The Plug and Play service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89537 Keywords=Classic Message=The User Access Logging Service service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89536 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89535 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 03/16/2021 08:36:30 AM LogName=System SourceName=EventLog EventCode=6006 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=None RecordNumber=89533 Keywords=Classic Message=The Event log service was stopped. 03/16/2021 08:36:31 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=89574 Keywords=None Message=Name resolution for the name 255.1.0.10.in-addr.arpa. timed out after none of the configured DNS servers responded. 03/16/2021 08:36:32 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89575 Keywords=Classic Message=The Active Directory Domain Services service entered the stopped state. 03/16/2021 08:36:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89577 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 03/16/2021 08:36:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89576 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 03/16/2021 08:36:35 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=13 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=2 OpCode=Info RecordNumber=89579 Keywords=None Message=The operating system is shutting down at system time ‎2021‎-‎03‎-‎16T08:36:35.549934600Z. 03/16/2021 08:36:35 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=109 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=103 OpCode=Info RecordNumber=89578 Keywords=None Message=The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API 03/16/2021 08:36:54 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=32 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89586 Keywords=None Message=The bootmgr spent 0 ms waiting for user input. 03/16/2021 08:36:54 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=18 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89585 Keywords=None Message=There are 0x1 boot options on this system. 03/16/2021 08:36:54 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=25 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=32 OpCode=Info RecordNumber=89584 Keywords=None Message=The boot menu policy was 0x0. 03/16/2021 08:36:54 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=27 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=33 OpCode=Info RecordNumber=89583 Keywords=None Message=The boot type was 0x0. 03/16/2021 08:36:54 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=20 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=31 OpCode=Info RecordNumber=89582 Keywords=None Message=The last shutdown's success status was true. The last boot's success status was true. 03/16/2021 08:36:54 AM LogName=System SourceName=Microsoft-Windows-Kernel-Boot EventCode=153 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89581 Keywords=None Message=The Virtualization Based Security (policies: 0) is disabled with status STATUS_SUCCESS. 03/16/2021 08:36:54 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=12 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1 OpCode=Info RecordNumber=89580 Keywords=None Message=The operating system started at system time ‎2021‎-‎03‎-‎16T08:36:54.485229300Z. 03/16/2021 08:36:57 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89592 Keywords=None Message=File System Filter 'DfsDriver' (10.0, ‎2016‎-‎07‎-‎16T02:21:37.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:36:57 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89591 Keywords=None Message=File System Filter 'FileCrypt' (10.0, ‎2018‎-‎08‎-‎30T20:44:27.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:36:57 AM LogName=System SourceName=Microsoft-Windows-Ntfs EventCode=98 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89590 Keywords=None Message=Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. 03/16/2021 08:36:57 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89589 Keywords=None Message=File System Filter 'SysmonDrv' (0.0, ‎2021‎-‎01‎-‎12T18:00:46.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:36:57 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89588 Keywords=None Message=File System Filter 'DfsrRo' (10.0, ‎2016‎-‎07‎-‎16T02:20:37.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:36:57 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89587 Keywords=None Message=File System Filter 'Wof' (10.0, ‎2019‎-‎09‎-‎29T22:52:46.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:36:58 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89602 Keywords=None Message=Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:36:58 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89601 Keywords=None Message=Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:36:58 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89600 Keywords=None Message=Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:36:58 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89599 Keywords=None Message=Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:36:58 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89598 Keywords=None Message=Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:36:58 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89597 Keywords=None Message=Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:36:58 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89596 Keywords=None Message=Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:36:58 AM LogName=System SourceName=Microsoft-Windows-Kernel-Processor-Power EventCode=55 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=47 OpCode=Info RecordNumber=89595 Keywords=None Message=Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (1 state(s)) Performance state type: None Nominal Frequency (MHz): 2395 Maximum performance percentage: 100 Minimum performance percentage: 100 Minimum throttle percentage: 100 03/16/2021 08:36:58 AM LogName=System SourceName=Microsoft-Windows-Kernel-Power EventCode=172 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=203 OpCode=Info RecordNumber=89594 Keywords=None Message=Connectivity state in standby: Disconnected, Reason: NIC compliance 03/16/2021 08:36:58 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89593 Keywords=None Message=File System Filter 'npsvctrig' (10.0, ‎2016‎-‎07‎-‎16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:37:00 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16962 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89604 Keywords=None Message=Remote calls to the SAM database are being restricted using the default security descriptor: . For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. 03/16/2021 08:37:00 AM LogName=System SourceName=Microsoft-Windows-Wininit EventCode=14 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89603 Keywords=None Message=Credential Guard (LsaIso.exe) configuration: 0x0, 0 03/16/2021 08:37:01 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89607 Keywords=Classic Message=The PlugPlay service entered the running state. 03/16/2021 08:37:01 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16977 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89606 Keywords=None Message=The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. 03/16/2021 08:37:01 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16977 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89605 Keywords=None Message=The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 MinimumPasswordLengthAudit: 0 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Iphlpsvc EventCode=4200 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89657 Keywords=None Message=Isatap interface isatap.eu-central-1.compute.internal with address fe80::5efe:10.0.1.14 has been brought up. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89656 Keywords=Classic Message=The NetSetupSvc service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89655 Keywords=Classic Message=The UserManager service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89654 Keywords=Classic Message=The TimeBrokerSvc service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89653 Keywords=Classic Message=The NcaSvc service entered the stopped state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89652 Keywords=Classic Message=The iphlpsvc service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89651 Keywords=Classic Message=The Schedule service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89650 Keywords=Classic Message=The SessionEnv service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89649 Keywords=Classic Message=The MpsSvc service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89648 Keywords=Classic Message=The CertPropSvc service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89647 Keywords=Classic Message=The Winmgmt service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89646 Keywords=Classic Message=The Kdc service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=89645 Keywords=None Message=Name resolution for the name _ldap._tcp.dc._msdcs.attackrange.local. timed out after none of the configured DNS servers responded. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89644 Keywords=Classic Message=The LanmanWorkstation service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89643 Keywords=Classic Message=The NcbService service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89642 Keywords=Classic Message=The UmRdpService service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89641 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89640 Keywords=Classic Message=The netprofm service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89639 Keywords=Classic Message=The FontCache service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89638 Keywords=Classic Message=The BFE service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89637 Keywords=Classic Message=The ShellHWDetection service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89636 Keywords=Classic Message=The ProfSvc service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=89635 Keywords=None Message=Name resolution for the name _ldap._tcp.dc._msdcs.attackrange.local. timed out after none of the configured DNS servers responded. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89634 Keywords=Classic Message=The Wcmsvc service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89633 Keywords=Classic Message=The NlaSvc service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89632 Keywords=Classic Message=The gpsvc service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89631 Keywords=Classic Message=The SENS service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89630 Keywords=Classic Message=The Themes service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89629 Keywords=Classic Message=The EventLog service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89628 Keywords=Classic Message=The CoreMessagingRegistrar service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89627 Keywords=Classic Message=The EventSystem service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89626 Keywords=Classic Message=The WPDBusEnum service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89625 Keywords=Classic Message=The NTDS service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89624 Keywords=None Message=File System Filter 'storqosflt' (10.0, ‎2019‎-‎02‎-‎17T02:00:41.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89623 Keywords=None Message=File System Filter 'wcifs' (10.0, ‎2020‎-‎02‎-‎19T07:59:09.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89622 Keywords=None Message=File System Filter 'luafv' (10.0, ‎2021‎-‎01‎-‎07T22:49:16.000000000Z) has successfully loaded and registered with Filter Manager. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89621 Keywords=Classic Message=The Dnscache service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89620 Keywords=Classic Message=The Dhcp service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-DHCPv6-Client EventCode=51046 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=89619 Keywords=None Message=DHCPv6 client service is started 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Dhcp-Client EventCode=50036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=Service State Event OpCode=ServiceStart RecordNumber=89618 Keywords=None Message=DHCPv4 client service is started 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89617 Keywords=Classic Message=The lmhosts service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89616 Keywords=Classic Message=The TermService service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89615 Keywords=Classic Message=The nsi service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89614 Keywords=Classic Message=The SystemEventsBroker service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89613 Keywords=Classic Message=The BrokerInfrastructure service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89612 Keywords=Classic Message=The LSM service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89611 Keywords=Classic Message=The RpcSs service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89610 Keywords=Classic Message=The RpcEptMapper service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89609 Keywords=Classic Message=The DcomLaunch service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89608 Keywords=Classic Message=The Power service entered the running state. 03/16/2021 08:37:02 AM LogName=System SourceName=EventLog EventCode=6013 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=None RecordNumber=89573 Keywords=Classic Message=The system uptime is 7 seconds. 03/16/2021 08:37:02 AM LogName=System SourceName=EventLog EventCode=6005 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=None RecordNumber=89572 Keywords=Classic Message=The Event log service was started. 03/16/2021 08:37:02 AM LogName=System SourceName=EventLog EventCode=6009 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=None RecordNumber=89571 Keywords=Classic Message=Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. 03/16/2021 08:37:03 AM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=89659 Keywords=None Message=Name resolution for the name _ldap._tcp.dc._msdcs.attackrange.local. timed out after none of the configured DNS servers responded. 03/16/2021 08:37:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89658 Keywords=Classic Message=The PolicyAgent service entered the running state. 03/16/2021 08:37:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89660 Keywords=Classic Message=The CryptSvc service entered the running state. 03/16/2021 08:37:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89662 Keywords=Classic Message=The LanmanServer service entered the running state. 03/16/2021 08:37:11 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89661 Keywords=Classic Message=The SamSs service entered the running state. 03/16/2021 08:37:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89681 Keywords=Classic Message=The ADWS service entered the running state. 03/16/2021 08:37:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89680 Keywords=Classic Message=The tiledatamodelsvc service entered the running state. 03/16/2021 08:37:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89679 Keywords=Classic Message=The sysmon64 service entered the running state. 03/16/2021 08:37:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89678 Keywords=Classic Message=The StateRepository service entered the running state. 03/16/2021 08:37:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89677 Keywords=Classic Message=The DFSR service entered the running state. 03/16/2021 08:37:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89676 Keywords=Classic Message=The Dfs service entered the running state. 03/16/2021 08:37:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89675 Keywords=Classic Message=The WpnService service entered the running state. 03/16/2021 08:37:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89674 Keywords=Classic Message=The WinRM service entered the running state. 03/16/2021 08:37:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89673 Keywords=Classic Message=The IsmServ service entered the running state. 03/16/2021 08:37:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89672 Keywords=Classic Message=The AWSLiteAgent service entered the running state. 03/16/2021 08:37:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89671 Keywords=Classic Message=The EFS service entered the running state. 03/16/2021 08:37:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89670 Keywords=Classic Message=The PcaSvc service entered the running state. 03/16/2021 08:37:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89669 Keywords=Classic Message=The RemoteRegistry service entered the running state. 03/16/2021 08:37:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89668 Keywords=Classic Message=The Spooler service entered the running state. 03/16/2021 08:37:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89667 Keywords=Classic Message=The Netlogon service entered the running state. 03/16/2021 08:37:18 AM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14531 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89666 Keywords=Classic Message=DFS server has finished initializing. 03/16/2021 08:37:18 AM LogName=System SourceName=Microsoft-Windows-DfsSvc EventCode=14533 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89665 Keywords=Classic Message=DFS has finished building all namespaces. 03/16/2021 08:37:18 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10148 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=Info RecordNumber=89664 Keywords=Classic Message=The WinRM service is listening for WS-Management requests. User Action Use the following command to see the specific IPs on which WinRM is listening: winrm enumerate winrm/config/listener 03/16/2021 08:37:18 AM LogName=System SourceName=Microsoft-Windows-Windows Remote Management EventCode=10154 EventType=3 Type=Warning ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=Info RecordNumber=89663 Keywords=Classic Message=The WinRM service failed to create the following SPNs: WSMAN/win-dc-983.attackrange.local; WSMAN/win-dc-983. Additional Data The error received was 10054: %%10054. User Action The SPNs can be created by an administrator using setspn.exe utility. 03/16/2021 08:37:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89683 Keywords=Classic Message=The vds service entered the running state. 03/16/2021 08:37:19 AM LogName=System SourceName=Virtual Disk Service EventCode=3 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=None RecordNumber=89682 Keywords=Classic Message=Service started. 03/16/2021 08:37:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7026 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89685 Keywords=Classic Message=The following boot-start or system-start driver(s) did not load: cdrom dam 03/16/2021 08:37:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89684 Keywords=Classic Message=The AmazonSSMAgent service entered the running state. 03/16/2021 08:37:21 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89686 Keywords=Classic Message=The NetSetupSvc service entered the stopped state. 03/16/2021 08:37:22 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=143 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89688 Keywords=None Message=The time service has started advertising as a good time source. 03/16/2021 08:37:22 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=139 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89687 Keywords=None Message=The time service has started advertising as a time source. 03/16/2021 08:37:24 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89689 Keywords=Classic Message=The SplunkForwarder service entered the running state. 03/16/2021 08:37:30 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=12 EventType=3 Type=Warning ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89691 Keywords=None Message=Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient. 03/16/2021 08:37:30 AM LogName=System SourceName=Microsoft-Windows-LSA EventCode=6038 EventType=3 Type=Warning ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=Info RecordNumber=89690 Keywords=Classic Message=Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server. NTLM is a weaker authentication mechanism. Please check: Which applications are using NTLM authentication? Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication? If NTLM must be supported, is Extended Protection configured? Details on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699. 03/16/2021 08:37:34 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89693 Keywords=Classic Message=The W32Time service entered the running state. 03/16/2021 08:37:34 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=134 EventType=3 Type=Warning ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89692 Keywords=None Message=NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x8'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9) 03/16/2021 08:37:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89694 Keywords=Classic Message=The DNS service entered the running state. 03/16/2021 08:37:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89701 Keywords=Classic Message=The NcaSvc service entered the stopped state. 03/16/2021 08:37:42 AM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1502 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Start RecordNumber=89700 Keywords=None Message=The Group Policy settings for the computer were processed successfully. New settings from 2 Group Policy objects were detected and applied. 03/16/2021 08:37:42 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16977 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89699 Keywords=None Message=The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 7 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. 03/16/2021 08:37:42 AM LogName=System SourceName=Microsoft-Windows-Directory-Services-SAM EventCode=16977 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89698 Keywords=None Message=The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 7 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. 03/16/2021 08:37:42 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89697 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user ATTACKRANGE\Administrator SID (S-1-5-21-3730028101-1805993102-2296611634-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/16/2021 08:37:42 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10016 EventType=2 Type=Error ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89696 Keywords=Classic Message=The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user ATTACKRANGE\Administrator SID (S-1-5-21-3730028101-1805993102-2296611634-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. 03/16/2021 08:37:42 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89695 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 03/16/2021 08:37:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89703 Keywords=Classic Message=The NetSetupSvc service entered the running state. 03/16/2021 08:37:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89702 Keywords=Classic Message=The wuauserv service entered the running state. 03/16/2021 08:37:50 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=12 EventType=3 Type=Warning ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89704 Keywords=None Message=Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient. 03/16/2021 08:37:51 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89705 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 03/16/2021 08:37:54 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89706 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 03/16/2021 08:38:06 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=35 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89708 Keywords=None Message=The time service is now synchronizing the system time with the time source time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->51.105.208.173:123). 03/16/2021 08:38:06 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=144 EventType=3 Type=Warning ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89707 Keywords=None Message=The time service has stopped advertising as a good time source. 03/16/2021 08:39:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89713 Keywords=Classic Message=The sppsvc service entered the running state. 03/16/2021 08:39:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89712 Keywords=Classic Message=The Distributed Transaction Coordinator service entered the running state. 03/16/2021 08:39:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89711 Keywords=Classic Message=The MapsBroker service entered the running state. 03/16/2021 08:39:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89710 Keywords=Classic Message=The DPS service entered the running state. 03/16/2021 08:39:20 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89709 Keywords=Classic Message=The Connected Devices Platform Service service entered the stopped state. 03/16/2021 08:39:22 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89714 Keywords=Classic Message=The UALSVC service entered the running state. 03/16/2021 08:39:30 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89715 Keywords=Classic Message=The MapsBroker service entered the stopped state. 03/16/2021 08:39:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89717 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 03/16/2021 08:39:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89716 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 03/16/2021 08:39:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89718 Keywords=Classic Message=The SplunkForwarder Service service entered the running state. 03/16/2021 08:39:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89720 Keywords=Classic Message=The Portable Device Enumerator Service service entered the stopped state. 03/16/2021 08:39:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89719 Keywords=Classic Message=A service was installed in the system. Service Name: npf Service File Name: C:/Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\npf.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 03/16/2021 08:39:52 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89721 Keywords=Classic Message=The Software Protection service entered the stopped state. 03/16/2021 08:40:05 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89722 Keywords=Classic Message=The Network Setup Service service entered the stopped state. 03/16/2021 08:42:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89724 Keywords=Classic Message=The Windows Insider Service service entered the running state. 03/16/2021 08:42:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89723 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the running state. 03/16/2021 08:43:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89725 Keywords=Classic Message=The Windows Insider Service service entered the stopped state. 03/16/2021 08:43:09 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89726 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the stopped state. 03/16/2021 08:47:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89728 Keywords=Classic Message=The Windows Insider Service service entered the running state. 03/16/2021 08:47:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89727 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the running state. 03/16/2021 08:47:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89729 Keywords=Classic Message=The Remote Registry service entered the stopped state. 03/16/2021 08:47:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89730 Keywords=Classic Message=The Tile Data model server service entered the stopped state. 03/16/2021 08:47:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89731 Keywords=Classic Message=The Windows Update service entered the stopped state. 03/16/2021 08:48:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89732 Keywords=Classic Message=The Windows Insider Service service entered the stopped state. 03/16/2021 08:48:04 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89733 Keywords=Classic Message=The Update Orchestrator Service for Windows Update service entered the stopped state. 03/16/2021 08:51:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89735 Keywords=Classic Message=The Windows Update service entered the running state. 03/16/2021 08:51:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89734 Keywords=Classic Message=The Device Setup Manager service entered the running state. 03/16/2021 08:51:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89739 Keywords=Classic Message=The Tile Data model server service entered the running state. 03/16/2021 08:51:44 AM LogName=System SourceName=Microsoft-Windows-Winlogon EventCode=7001 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=1101 OpCode=Info RecordNumber=89738 Keywords=None Message=User Logon Notification for Customer Experience Improvement Program 03/16/2021 08:51:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89737 Keywords=Classic Message=The Smart Card Device Enumeration Service service entered the running state. 03/16/2021 08:51:44 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89736 Keywords=Classic Message=The Windows Modules Installer service entered the running state. 03/16/2021 08:51:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89743 Keywords=Classic Message=The CDPUserSvc_1db712 service entered the running state. 03/16/2021 08:51:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89742 Keywords=Classic Message=The Microsoft Passport Container service entered the running state. 03/16/2021 08:51:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89741 Keywords=Classic Message=The Microsoft Passport service entered the running state. 03/16/2021 08:51:45 AM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1501 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Start RecordNumber=89740 Keywords=None Message=The Group Policy settings for the user were processed successfully. There were no changes detected since the last successful processing of Group Policy. 03/16/2021 08:51:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89747 Keywords=Classic Message=The Network Connectivity Assistant service entered the stopped state. 03/16/2021 08:51:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89746 Keywords=Classic Message=The Portable Device Enumerator Service service entered the running state. 03/16/2021 08:51:46 AM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1502 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Start RecordNumber=89745 Keywords=None Message=The Group Policy settings for the computer were processed successfully. New settings from 2 Group Policy objects were detected and applied. 03/16/2021 08:51:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89744 Keywords=Classic Message=The start type of the Encrypting File System (EFS) service was changed from auto start to demand start. 03/16/2021 08:51:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89750 Keywords=Classic Message=The Client License Service (ClipSVC) service entered the running state. 03/16/2021 08:51:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89749 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the running state. 03/16/2021 08:51:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89748 Keywords=Classic Message=The App Readiness service entered the running state. 03/16/2021 08:51:49 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89751 Keywords=Classic Message=The Diagnostic System Host service entered the running state. 03/16/2021 08:51:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89753 Keywords=Classic Message=The Connected Devices Platform Service service entered the running state. 03/16/2021 08:51:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89752 Keywords=Classic Message=The CNG Key Isolation service entered the running state. 03/16/2021 08:51:59 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89755 Keywords=Classic Message=The Geolocation Service service entered the running state. 03/16/2021 08:51:59 AM LogName=System SourceName=Lfsvc EventCode=2 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=Info RecordNumber=89754 Keywords=Classic Message=Geolocation positioning has been disabled by the user. 03/16/2021 08:52:01 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89756 Keywords=None Message=The access history in hive \??\C:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. 03/16/2021 08:52:02 AM LogName=System SourceName=Microsoft-Windows-Kernel-General EventCode=16 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89757 Keywords=None Message=The access history in hive \??\C:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. 03/16/2021 08:52:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89758 Keywords=Classic Message=The Microsoft Account Sign-in Assistant service entered the running state. 03/16/2021 08:52:50 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89759 Keywords=Classic Message=The Device Setup Manager service entered the stopped state. 03/16/2021 08:53:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89762 Keywords=Classic Message=The Credential Manager service entered the running state. 03/16/2021 08:53:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89761 Keywords=Classic Message=The Sync Host_1db712 service entered the running state. 03/16/2021 08:53:45 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89760 Keywords=Classic Message=The Microsoft Passport service entered the stopped state. 03/16/2021 08:53:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89763 Keywords=Classic Message=The Portable Device Enumerator Service service entered the stopped state. 03/16/2021 08:54:06 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89764 Keywords=Classic Message=The Windows Modules Installer service entered the stopped state. 03/16/2021 08:55:07 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89765 Keywords=Classic Message=The Microsoft Account Sign-in Assistant service entered the stopped state. 03/16/2021 08:56:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89767 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the stopped state. 03/16/2021 08:56:53 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89766 Keywords=Classic Message=The Client License Service (ClipSVC) service entered the stopped state. 03/16/2021 08:59:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-3730028101-1805993102-2296611634-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89768 Keywords=Classic Message=A service was installed in the system. Service Name: SecurityCenterIBM Service File Name: c:\Users\Public\clop.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 03/16/2021 09:01:14 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89769 Keywords=Classic Message=The Microsoft Passport Container service entered the stopped state. 03/16/2021 09:06:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89770 Keywords=Classic Message=The Windows Update service entered the stopped state. 03/16/2021 09:07:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89772 Keywords=Classic Message=The Client License Service (ClipSVC) service entered the running state. 03/16/2021 09:07:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89771 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the running state. 03/16/2021 09:11:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89773 Keywords=Classic Message=The App Readiness service entered the stopped state. 03/16/2021 09:12:58 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89774 Keywords=Classic Message=The Client License Service (ClipSVC) service entered the stopped state. 03/16/2021 09:13:33 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89775 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the stopped state. 03/16/2021 09:21:40 AM LogName=System SourceName=Microsoft-Windows-Time-Service EventCode=37 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-19 SidType=0 TaskCategory=None OpCode=Info RecordNumber=89776 Keywords=None Message=The time provider NtpClient is currently receiving valid time data from 169.254.169.123,0x9 (ntp.m|0x9|0.0.0.0:123->169.254.169.123:123). 03/16/2021 09:25:03 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89777 Keywords=Classic Message=The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state. 03/16/2021 09:36:46 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89778 Keywords=Classic Message=The Diagnostic System Host service entered the stopped state. 03/16/2021 10:32:23 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-983.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=89779 Keywords=Classic Message=The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.