02/23/2022 10:41:48 AM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1500 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Start RecordNumber=116475 Keywords=None Message=The Group Policy settings for the computer were processed successfully. There were no changes detected since the last successful processing of Group Policy. 02/23/2022 10:41:54 AM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1500 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Start RecordNumber=116476 Keywords=None Message=The Group Policy settings for the computer were processed successfully. There were no changes detected since the last successful processing of Group Policy. 02/23/2022 10:42:03 AM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1500 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Start RecordNumber=116477 Keywords=None Message=The Group Policy settings for the computer were processed successfully. There were no changes detected since the last successful processing of Group Policy. 02/23/2022 10:42:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116479 Keywords=Classic Message=The Portable Device Enumerator Service service entered the running state. 02/23/2022 10:42:08 AM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1500 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Start RecordNumber=116478 Keywords=None Message=The Group Policy settings for the computer were processed successfully. There were no changes detected since the last successful processing of Group Policy. 02/23/2022 10:42:44 AM LogName=System SourceName=Microsoft-Windows-GroupPolicy EventCode=1500 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Start RecordNumber=116480 Keywords=None Message=The Group Policy settings for the computer were processed successfully. There were no changes detected since the last successful processing of Group Policy. 02/23/2022 10:44:08 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116481 Keywords=Classic Message=The Portable Device Enumerator Service service entered the stopped state. 02/23/2022 10:50:26 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116482 Keywords=Classic Message=The Windows Update service entered the running state. 02/23/2022 10:51:57 AM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116483 Keywords=None Message=File System Filter 'PROCMON24' (0.0, ‎2022‎-‎02‎-‎14T20:15:41.000000000Z) has successfully loaded and registered with Filter Manager. 02/23/2022 10:52:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-tcontreras-attack-range-985 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116240 Keywords=Classic Message=The DNS Client service entered the stopped state. 02/23/2022 10:56:41 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116488 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:41 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116487 Keywords=Classic Message=The Volume Shadow Copy service entered the running state. 02/23/2022 10:56:41 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116486 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:41 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116485 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116754 Keywords=Classic Message=The start type of the Remote Access Auto Connection Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116753 Keywords=Classic Message=The start type of the QWAVE driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116752 Keywords=Classic Message=The start type of the Quality Windows Audio Video Experience service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116751 Keywords=Classic Message=The start type of the QLogic [FCoE] STOR Miniport Inbox Driver (wx64) service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116750 Keywords=Classic Message=The start type of the QLogic iSCSI Miniport Inbox Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116749 Keywords=Classic Message=The start type of the QLogic Fibre Channel STOR Miniport Inbox Driver (wx64) service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116748 Keywords=Classic Message=The start type of the QoS Packet Scheduler service was changed from system start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116747 Keywords=Classic Message=The start type of the User Profile Service service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116746 Keywords=Classic Message=The start type of the Processor Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116745 Keywords=Classic Message=The start type of the Printer Extensions and Notifications service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116744 Keywords=Classic Message=The start type of the WAN Miniport (PPTP) service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116743 Keywords=Classic Message=The start type of the Power service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116742 Keywords=Classic Message=The start type of the IPsec Policy Agent service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116741 Keywords=Classic Message=The start type of the Plug and Play service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116740 Keywords=Classic Message=The start type of the Performance Logs & Alerts service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116739 Keywords=Classic Message=The start type of the Phone Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116738 Keywords=Classic Message=The start type of the Performance Counter DLL Host service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116737 Keywords=Classic Message=The start type of the percsas3i service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116736 Keywords=Classic Message=The start type of the percsas2i service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116735 Keywords=Classic Message=The start type of the PEAUTH service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116734 Keywords=Classic Message=The start type of the pdc service was changed from boot start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116733 Keywords=Classic Message=The start type of the Performance Counters for Windows Driver service was changed from boot start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116732 Keywords=Classic Message=The start type of the pcmcia service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116731 Keywords=Classic Message=The start type of the IPsec Policy Agent service was changed from demand start to auto start. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116730 Keywords=Classic Message=The start type of the pciide service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116729 Keywords=Classic Message=The start type of the PCI Bus Driver service was changed from boot start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116728 Keywords=Classic Message=The start type of the Program Compatibility Assistant Service service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116727 Keywords=Classic Message=The start type of the Partition driver service was changed from boot start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116726 Keywords=Classic Message=The start type of the Parallel port driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116725 Keywords=Classic Message=The start type of the nvstor service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116724 Keywords=Classic Message=The start type of the nvraid service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116723 Keywords=Classic Message=The start type of the Null service was changed from system start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116722 Keywords=Classic Message=The start type of the NTFS service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116721 Keywords=Classic Message=The start type of the Active Directory Domain Services service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116720 Keywords=Classic Message=The start type of the NSI Proxy Service Driver service was changed from system start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116719 Keywords=Classic Message=The start type of the Network Store Interface Service service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116718 Keywords=Classic Message=The start type of the Named pipe service trigger provider service was changed from system start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116717 Keywords=Classic Message=The start type of the Npfs service was changed from system start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116716 Keywords=Classic Message=The start type of the npf service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116715 Keywords=Classic Message=The start type of the Network Location Awareness service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116714 Keywords=Classic Message=The start type of the netvsc service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116713 Keywords=Classic Message=The start type of the Network Setup Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116712 Keywords=Classic Message=The start type of the Network List Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116711 Keywords=Classic Message=The start type of the Network Connections service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116710 Keywords=Classic Message=The start type of the Netlogon service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116709 Keywords=Classic Message=The start type of the NetBT service was changed from system start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116708 Keywords=Classic Message=The start type of the NetBIOS Interface service was changed from system start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116707 Keywords=Classic Message=The start type of the @%SystemRoot%\system32\drivers\todo.sys,-101;NDIS Proxy service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116706 Keywords=Classic Message=The start type of the Remote Access LEGACY NDIS WAN Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116705 Keywords=Classic Message=The start type of the Remote Access NDIS WAN Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116704 Keywords=Classic Message=The start type of the Microsoft Virtual Network Adapter Enumerator service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116703 Keywords=Classic Message=The start type of the NDIS Usermode I/O Protocol service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116702 Keywords=Classic Message=The start type of the Remote Access NDIS TAPI Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116701 Keywords=Classic Message=The start type of the Microsoft Network Adapter Multiplexor Protocol service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116700 Keywords=Classic Message=The start type of the Microsoft NDIS Capture service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116699 Keywords=Classic Message=The start type of the NDIS System Driver service was changed from boot start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116698 Keywords=Classic Message=The start type of the NetworkDirect Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116697 Keywords=Classic Message=The start type of the Network Connection Broker service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116696 Keywords=Classic Message=The start type of the Network Connectivity Assistant service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116695 Keywords=Classic Message=The start type of the mvumis service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116694 Keywords=Classic Message=The start type of the Mup service was changed from boot start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116693 Keywords=Classic Message=The start type of the Microsoft Input Configuration Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116692 Keywords=Classic Message=The start type of the Microsoft System Management BIOS Driver service was changed from system start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116691 Keywords=Classic Message=The start type of the MsRPC service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116690 Keywords=Classic Message=The start type of the Microsoft Load Balancing/Failover Provider service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116689 Keywords=Classic Message=The start type of the Microsoft iSCSI Initiator Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116688 Keywords=Classic Message=The start type of the msisadrv service was changed from boot start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116687 Keywords=Classic Message=The start type of the Pass-through HID to UMDF Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116686 Keywords=Classic Message=The start type of the mshidkmdf service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116685 Keywords=Classic Message=The start type of the Common Driver for Buttons, DockMode and Laptop/Slate Indicator service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116684 Keywords=Classic Message=The start type of the Msfs service was changed from system start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116683 Keywords=Classic Message=The start type of the Microsoft MAC Bridge service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116682 Keywords=Classic Message=The start type of the SMB 2.0 MiniRedirector service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116681 Keywords=Classic Message=The start type of the SMB 1.x MiniRedirector service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116680 Keywords=Classic Message=The start type of the SMB MiniRedirector Wrapper and Engine service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116679 Keywords=Classic Message=The start type of the Windows Firewall service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116678 Keywords=Classic Message=The start type of the Windows Firewall Authorization Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116677 Keywords=Classic Message=The start type of the Mozilla Maintenance Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116676 Keywords=Classic Message=The start type of the Mount Point Manager service was changed from boot start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116675 Keywords=Classic Message=The start type of the Mouse HID Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116674 Keywords=Classic Message=The start type of the Mouse Class Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116673 Keywords=Classic Message=The start type of the Microsoft Monitor Class Function Driver Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116672 Keywords=Classic Message=The start type of the Modem service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116671 Keywords=Classic Message=The start type of the Multimedia Class Scheduler service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116670 Keywords=Classic Message=The start type of the Mellanox ConnectX Bus Enumerator service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116669 Keywords=Classic Message=The start type of the megasr service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116668 Keywords=Classic Message=The start type of the megasas2i service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116667 Keywords=Classic Message=The start type of the megasas service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116666 Keywords=Classic Message=The start type of the Downloaded Maps Manager service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116665 Keywords=Classic Message=The start type of the UAC File Virtualization service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116664 Keywords=Classic Message=The start type of the LSI_SSS service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116663 Keywords=Classic Message=The start type of the LSI_SAS3i service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116662 Keywords=Classic Message=The start type of the LSI_SAS2i service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116661 Keywords=Classic Message=The start type of the LSI_SAS service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116660 Keywords=Classic Message=The start type of the TCP/IP NetBIOS Helper service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116659 Keywords=Classic Message=The start type of the Link-Layer Topology Discovery Mapper service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116658 Keywords=Classic Message=The start type of the Link-Layer Topology Discovery Mapper I/O Driver service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116657 Keywords=Classic Message=The start type of the Windows License Manager Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116656 Keywords=Classic Message=The start type of the Geolocation Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116655 Keywords=Classic Message=The start type of the Workstation service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116654 Keywords=Classic Message=The start type of the Server service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116653 Keywords=Classic Message=The start type of the KtmRm for Distributed Transaction Coordinator service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116652 Keywords=Classic Message=The start type of the Kernel Streaming Thunks service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116651 Keywords=Classic Message=The start type of the KSecPkg service was changed from boot start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116650 Keywords=Classic Message=The start type of the KSecDD service was changed from boot start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116649 Keywords=Classic Message=The start type of the KDC Proxy Server service (KPS) service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116648 Keywords=Classic Message=The start type of the CNG Key Isolation service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116647 Keywords=Classic Message=The start type of the Microsoft Key Distribution Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116646 Keywords=Classic Message=The start type of the Microsoft Kernel Debug Network Miniport (NDIS 6.20) service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116645 Keywords=Classic Message=The start type of the Kerberos Key Distribution Center service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116644 Keywords=Classic Message=The start type of the Keyboard HID Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116643 Keywords=Classic Message=The start type of the Keyboard Class Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116642 Keywords=Classic Message=The start type of the Intersite Messaging service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116641 Keywords=Classic Message=The start type of the iScsiPort Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116640 Keywords=Classic Message=The start type of the isapnp service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116639 Keywords=Classic Message=The start type of the Windows IPsec Gateway Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116638 Keywords=Classic Message=The start type of the IP Network Address Translator service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116637 Keywords=Classic Message=The start type of the IPMIDRV service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116636 Keywords=Classic Message=The start type of the IP Helper service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116635 Keywords=Classic Message=The start type of the IP Traffic Filter Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116634 Keywords=Classic Message=The start type of the Intel Processor Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116633 Keywords=Classic Message=The start type of the Intel(R) Power Engine Plug-in Driver service was changed from boot start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116632 Keywords=Classic Message=The start type of the intelide service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116631 Keywords=Classic Message=The start type of the Indirect Displays Kernel-Mode Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116630 Keywords=Classic Message=The start type of the IKE and AuthIP IPsec Keying Modules service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116629 Keywords=Classic Message=The start type of the Windows Mobile Hotspot Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116628 Keywords=Classic Message=The start type of the Mellanox InfiniBand Bus/AL (Filter Driver) service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116627 Keywords=Classic Message=The start type of the Intel RAID Controller Windows 7 service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116626 Keywords=Classic Message=The start type of the Intel(R) SATA RAID Controller Windows service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116625 Keywords=Classic Message=The start type of the Intel(R) Serial IO I2C Controller Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116624 Keywords=Classic Message=The start type of the Intel(R) Serial IO GPIO Controller Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116623 Keywords=Classic Message=The start type of the i8042 Keyboard and PS/2 Mouse Port Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116622 Keywords=Classic Message=The start type of the HyperVideo service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116621 Keywords=Classic Message=The start type of the hyperkbd service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116620 Keywords=Classic Message=The start type of the Hardware Policy Driver service was changed from boot start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116619 Keywords=Classic Message=The start type of the Hypervisor/Virtual Machine Support Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116618 Keywords=Classic Message=The start type of the HV Host Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116617 Keywords=Classic Message=The start type of the HTTP Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116616 Keywords=Classic Message=The start type of the HpSAMD service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116615 Keywords=Classic Message=The start type of the Microsoft HID Class Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116614 Keywords=Classic Message=The start type of the Human Interface Device Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116613 Keywords=Classic Message=The start type of the Common Driver for HID Buttons implemented with interrupts service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116612 Keywords=Classic Message=The start type of the Microsoft Bluetooth HID Miniport service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116611 Keywords=Classic Message=The start type of the HID UPS Battery Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116610 Keywords=Classic Message=The start type of the Microsoft UAA Bus Driver for High Definition Audio service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116609 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116608 Keywords=Classic Message=The start type of the GPU Energy Driver service was changed from system start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116607 Keywords=Classic Message=The start type of the Microsoft GPIO Class Extension Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116606 Keywords=Classic Message=The start type of the Generic USB Function Class service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116605 Keywords=Classic Message=The start type of the Microsoft Hyper-V Generation Counter service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116604 Keywords=Classic Message=The start type of the File System Dependency Minifilter service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116603 Keywords=Classic Message=The start type of the Windows Camera Frame Server service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116602 Keywords=Classic Message=The start type of the Windows Font Cache Service service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116601 Keywords=Classic Message=The start type of the FltMgr service was changed from boot start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116600 Keywords=Classic Message=The start type of the Floppy Disk Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116599 Keywords=Classic Message=The start type of the Filetrace service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116598 Keywords=Classic Message=The start type of the File Information FS MiniFilter service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116597 Keywords=Classic Message=The start type of the FileCrypt service was changed from system start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116596 Keywords=Classic Message=The start type of the Function Discovery Resource Publication service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116595 Keywords=Classic Message=The start type of the Function Discovery Provider Host service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116594 Keywords=Classic Message=The start type of the Floppy Disk Controller Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116593 Keywords=Classic Message=The start type of the fcvsc service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116592 Keywords=Classic Message=The start type of the FAT12/16/32 File System Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116591 Keywords=Classic Message=The start type of the exFAT File System Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116590 Keywords=Classic Message=The start type of the COM+ Event System service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116589 Keywords=Classic Message=The start type of the Windows Event Log service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116588 Keywords=Classic Message=The start type of the Microsoft Hardware Error Device Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116587 Keywords=Classic Message=The start type of the Amazon Elastic Network Adapter Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116586 Keywords=Classic Message=The start type of the elxstor service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116585 Keywords=Classic Message=The start type of the elxfcoe service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116584 Keywords=Classic Message=The start type of the Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116583 Keywords=Classic Message=The start type of the Enhanced Storage Filter Driver service was changed from boot start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116582 Keywords=Classic Message=The start type of the EC2 Windows Utility Agent service was changed from boot start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116581 Keywords=Classic Message=The start type of the QLogic 10 Gigabit Ethernet Adapter VBD service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116580 Keywords=Classic Message=The start type of the Extensible Authentication Protocol service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116579 Keywords=Classic Message=The start type of the LDDM Graphics Subsystem service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116578 Keywords=Classic Message=The start type of the Data Sharing Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116577 Keywords=Classic Message=The start type of the DS Role Server service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116576 Keywords=Classic Message=The start type of the Device Setup Manager service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116575 Keywords=Classic Message=The start type of the Wired AutoConfig service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116574 Keywords=Classic Message=The start type of the DNS Client service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116573 Keywords=Classic Message=The start type of the DNS Server service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116572 Keywords=Classic Message=The start type of the dmwappushsvc service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116571 Keywords=Classic Message=The start type of the dmvsc service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116570 Keywords=Classic Message=The start type of the Device Management Enrollment Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116569 Keywords=Classic Message=The start type of the Disk Driver service was changed from boot start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116568 Keywords=Classic Message=The start type of the Microsoft (R) Diagnostics Hub Standard Collector Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116567 Keywords=Classic Message=The start type of the DHCP Client service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116566 Keywords=Classic Message=The start type of the DFS Replication ReadOnly Driver service was changed from boot start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116565 Keywords=Classic Message=The start type of the DFS Replication service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116564 Keywords=Classic Message=The start type of the DFS Namespace Server Filter Driver service was changed from system start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116563 Keywords=Classic Message=The start type of the DFS Namespace Client Driver service was changed from system start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116562 Keywords=Classic Message=The start type of the DFS Namespace service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116561 Keywords=Classic Message=The start type of the DevQuery Background Discovery Broker service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116560 Keywords=Classic Message=The start type of the Device Install Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116559 Keywords=Classic Message=The start type of the Device Association Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116558 Keywords=Classic Message=The start type of the Optimize drives service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116557 Keywords=Classic Message=The start type of the DataCollectionPublishingService service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116556 Keywords=Classic Message=The start type of the Desktop Activity Moderator Driver service was changed from system start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116555 Keywords=Classic Message=The start type of the Cryptographic Services service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116554 Keywords=Classic Message=The start type of the Console Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116553 Keywords=Classic Message=The start type of the COM+ System Application service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116552 Keywords=Classic Message=The start type of the Composite Bus Enumerator Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116551 Keywords=Classic Message=The start type of the CNG service was changed from boot start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116550 Keywords=Classic Message=The start type of the Microsoft ACPI Control Method Battery Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116549 Keywords=Classic Message=The start type of the Virtual Registry for Containers service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116548 Keywords=Classic Message=The start type of the Chelsio Virtual Bus Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116547 Keywords=Classic Message=The start type of the cht4iscsi service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116546 Keywords=Classic Message=The start type of the CloudFormation cfn-hup service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116545 Keywords=Classic Message=The start type of the CD-ROM Driver service was changed from system start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116544 Keywords=Classic Message=The start type of the Connected Devices Platform Service service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116543 Keywords=Classic Message=The start type of the HID driver for CapImg touch screen service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116542 Keywords=Classic Message=The start type of the QLogic Offload iSCSI Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116541 Keywords=Classic Message=The start type of the QLogic FCoE Offload driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116540 Keywords=Classic Message=The start type of the Service for Portable Device Control devices service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116539 Keywords=Classic Message=The start type of the Bluetooth Support Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116538 Keywords=Classic Message=The start type of the Browser Support Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116537 Keywords=Classic Message=The start type of the Background Intelligent Transfer Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116536 Keywords=Classic Message=The start type of the Base Filtering Engine service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116535 Keywords=Classic Message=The start type of the bfadi service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116534 Keywords=Classic Message=The start type of the bfadfcoei service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116533 Keywords=Classic Message=The start type of the Beep service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116532 Keywords=Classic Message=The start type of the bcmfn2 Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116531 Keywords=Classic Message=The start type of the bcmfn Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116530 Keywords=Classic Message=The start type of the BasicRender service was changed from system start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116529 Keywords=Classic Message=The start type of the BasicDisplay service was changed from system start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116528 Keywords=Classic Message=The start type of the QLogic Network Adapter VBD service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116527 Keywords=Classic Message=The start type of the ActiveX Installer (AxInstSV) service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116526 Keywords=Classic Message=The start type of the AWSNVMe service was changed from boot start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116525 Keywords=Classic Message=The start type of the AWS Lite Guest Agent service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116524 Keywords=Classic Message=The start type of the Windows Audio service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116523 Keywords=Classic Message=The start type of the Windows Audio Endpoint Builder service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116522 Keywords=Classic Message=The start type of the IDE Channel service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116521 Keywords=Classic Message=The start type of the RAS Asynchronous Media Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116520 Keywords=Classic Message=The start type of the Adaptec SAS/SATA-II RAID Storport's Miniport Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116519 Keywords=Classic Message=The start type of the AppvVfs service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116518 Keywords=Classic Message=The start type of the AppvVemgr service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116517 Keywords=Classic Message=The start type of the AppvStrm service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116516 Keywords=Classic Message=The start type of the App Readiness service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116515 Keywords=Classic Message=The start type of the Application Management service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116514 Keywords=Classic Message=The start type of the Smartlocker Filter Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116513 Keywords=Classic Message=The start type of the Application Information service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116512 Keywords=Classic Message=The start type of the AppID Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116511 Keywords=Classic Message=The start type of the amdxata service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116510 Keywords=Classic Message=The start type of the amdsbs service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116509 Keywords=Classic Message=The start type of the amdsata service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116508 Keywords=Classic Message=The start type of the AMD Processor Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116507 Keywords=Classic Message=The start type of the AMD K8 Processor Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116506 Keywords=Classic Message=The start type of the Amazon SSM Agent service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116505 Keywords=Classic Message=The start type of the Application Layer Gateway Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116504 Keywords=Classic Message=The start type of the AllJoyn Router Service service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116503 Keywords=Classic Message=The start type of the Application Compatibility Cache service was changed from system start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116502 Keywords=Classic Message=The start type of the Ancillary Function Driver for Winsock service was changed from system start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116501 Keywords=Classic Message=The start type of the Active Directory Web Services service was changed from auto start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116500 Keywords=Classic Message=The start type of the ADP80XX service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116499 Keywords=Classic Message=The start type of the ACPI Wake Alarm Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116498 Keywords=Classic Message=The start type of the ACPI Power Meter Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116497 Keywords=Classic Message=The start type of the ACPI Processor Aggregator Driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116496 Keywords=Classic Message=The start type of the Microsoft ACPIEx Driver service was changed from boot start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116495 Keywords=Classic Message=The start type of the ACPI Devices driver service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116494 Keywords=Classic Message=The start type of the Microsoft ACPI Driver service was changed from boot start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116493 Keywords=Classic Message=The start type of the 3ware service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116492 Keywords=Classic Message=The start type of the 1394 OHCI Compliant Host Controller service was changed from demand start to disabled. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116491 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116490 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116489 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the running state. 02/23/2022 10:56:42 AM LogName=System SourceName=Microsoft-Windows-Eventlog EventCode=104 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=Log clear OpCode=Info RecordNumber=116484 Keywords=None Message=The System log file was cleared. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116951 Keywords=Classic Message=The start type of the XINPUT HID Filter Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116950 Keywords=Classic Message=The start type of the AWS PV Network Class service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116949 Keywords=Classic Message=The start type of the AWS PV Storage Host Adapter service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116948 Keywords=Classic Message=The start type of the AWS PV Network Device service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116947 Keywords=Classic Message=The start type of the AWS Interface service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116946 Keywords=Classic Message=The start type of the AWS Bus Filter service was changed from boot start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116945 Keywords=Classic Message=The start type of the AWS PV Bus service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116944 Keywords=Classic Message=The start type of the Xbox Game Input Protocol Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116943 Keywords=Classic Message=The start type of the Xbox Live Game Save service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116942 Keywords=Classic Message=The start type of the Xbox Live Auth Manager service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116941 Keywords=Classic Message=The start type of the Windows Driver Foundation - User-mode Driver Framework service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116940 Keywords=Classic Message=The start type of the WUDFRd service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116939 Keywords=Classic Message=The start type of the User Mode Driver Frameworks Platform Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116938 Keywords=Classic Message=The start type of the Windows Update service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116937 Keywords=Classic Message=The start type of the Windows Push Notifications System Service service was changed from auto start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116936 Keywords=Classic Message=The start type of the WPD Upper Class Filter Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116935 Keywords=Classic Message=The start type of the Portable Device Enumerator Service service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116934 Keywords=Classic Message=The start type of the Windows Overlay File System Filter Driver service was changed from boot start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116933 Keywords=Classic Message=The start type of the WMI Performance Adapter service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116932 Keywords=Classic Message=The start type of the Microsoft Windows Management Interface for ACPI service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116931 Keywords=Classic Message=The start type of the Microsoft Account Sign-in Assistant service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116930 Keywords=Classic Message=The start type of the Windows Insider Service service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116929 Keywords=Classic Message=The start type of the WinVerbs Service service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116928 Keywords=Classic Message=The start type of the WinUsb Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116927 Keywords=Classic Message=The start type of the Windows Remote Management (WS-Management) service was changed from auto start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116926 Keywords=Classic Message=The start type of the Windows NAT Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116925 Keywords=Classic Message=The start type of the Windows Management Instrumentation service was changed from auto start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116924 Keywords=Classic Message=The start type of the WinMad Service service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116923 Keywords=Classic Message=The start type of the WinHTTP Web Proxy Auto-Discovery Service service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116922 Keywords=Classic Message=The start type of the Microsoft Windows Trusted Runtime Secure Service service was changed from boot start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116921 Keywords=Classic Message=The start type of the Windows Trusted Execution Environment Class Extension service was changed from boot start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116920 Keywords=Classic Message=The start type of the WIMMount service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116919 Keywords=Classic Message=The start type of the Still Image Acquisition Events service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116918 Keywords=Classic Message=The start type of the Microsoft Windows Filtering Platform service was changed from boot start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116917 Keywords=Classic Message=The start type of the Windows Error Reporting Service service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116916 Keywords=Classic Message=The start type of the Problem Reports and Solutions Control Panel Support service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116915 Keywords=Classic Message=The start type of the Windows Encryption Provider Host Service service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116914 Keywords=Classic Message=The start type of the Windows Event Collector service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116913 Keywords=Classic Message=The start type of the Kernel Mode Driver Frameworks service service was changed from boot start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116912 Keywords=Classic Message=The start type of the Windows Container Name Virtualization service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116911 Keywords=Classic Message=The start type of the Windows Connection Manager service was changed from auto start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116910 Keywords=Classic Message=The start type of the Windows Container Isolation service was changed from auto start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116909 Keywords=Classic Message=The start type of the Windows Biometric Service service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116908 Keywords=Classic Message=The start type of the Remote Access IPv6 ARP Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116907 Keywords=Classic Message=The start type of the Remote Access IP ARP Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116906 Keywords=Classic Message=The start type of the WalletService service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116905 Keywords=Classic Message=The start type of the Wacom Serial Pen HID Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116904 Keywords=Classic Message=The start type of the Windows Time service was changed from auto start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116903 Keywords=Classic Message=The start type of the Intel(R) 10G Virtual Network Connection service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116902 Keywords=Classic Message=The start type of the vwifibus service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116901 Keywords=Classic Message=The start type of the VIA StorX Storage RAID Controller Windows Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116900 Keywords=Classic Message=The start type of the Volume Shadow Copy service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116899 Keywords=Classic Message=The start type of the vsmraid service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116898 Keywords=Classic Message=The start type of the Microsoft Hyper-V Virtual PCI Bus service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116897 Keywords=Classic Message=The start type of the Volume driver service was changed from boot start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116896 Keywords=Classic Message=The start type of the Volume Shadow Copy driver service was changed from boot start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116895 Keywords=Classic Message=The start type of the Dynamic Volume Manager service was changed from boot start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116894 Keywords=Classic Message=The start type of the Volume Manager Driver service was changed from boot start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116893 Keywords=Classic Message=The start type of the Hyper-V Volume Shadow Copy Requestor service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116892 Keywords=Classic Message=The start type of the Hyper-V PowerShell Direct Service service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116891 Keywords=Classic Message=The start type of the Hyper-V Time Synchronization Service service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116890 Keywords=Classic Message=The start type of the Hyper-V Guest Shutdown Service service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116889 Keywords=Classic Message=The start type of the Hyper-V Remote Desktop Virtualization Service service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116888 Keywords=Classic Message=The start type of the Hyper-V Data Exchange Service service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116887 Keywords=Classic Message=The start type of the Hyper-V Heartbeat Service service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116886 Keywords=Classic Message=The start type of the Hyper-V Guest Service Interface service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116885 Keywords=Classic Message=The start type of the Microsoft Hyper-V Guest Infrastructure Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116884 Keywords=Classic Message=The start type of the VMBusHID service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116883 Keywords=Classic Message=The start type of the Virtual Machine Bus service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116882 Keywords=Classic Message=The start type of the Virtual HID Framework (VHF) Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116881 Keywords=Classic Message=The start type of the vhdmp service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116880 Keywords=Classic Message=The start type of the VerifierExt service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116879 Keywords=Classic Message=The start type of the Virtual Disk service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116878 Keywords=Classic Message=The start type of the Microsoft Virtual Drive Enumerator service was changed from boot start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116877 Keywords=Classic Message=The start type of the Credential Manager service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116876 Keywords=Classic Message=The start type of the Update Orchestrator Service for Windows Update service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116875 Keywords=Classic Message=The start type of the User Manager service was changed from auto start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116874 Keywords=Classic Message=The start type of the USB xHCI Compliant Host Controller service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116873 Keywords=Classic Message=The start type of the Microsoft USB Universal Host Controller Miniport Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116872 Keywords=Classic Message=The start type of the USB Mass Storage Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116871 Keywords=Classic Message=The start type of the Microsoft USB Serial Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116870 Keywords=Classic Message=The start type of the Microsoft USB PRINTER Class service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116869 Keywords=Classic Message=The start type of the Microsoft USB Open Host Controller Miniport Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116868 Keywords=Classic Message=The start type of the SuperSpeed Hub service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116867 Keywords=Classic Message=The start type of the Microsoft USB Standard Hub Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116866 Keywords=Classic Message=The start type of the Microsoft USB 2.0 Enhanced Host Controller Miniport Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116865 Keywords=Classic Message=The start type of the Microsoft USB Generic Parent Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116864 Keywords=Classic Message=The start type of the Synopsys USB Role-Switch Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116863 Keywords=Classic Message=The start type of the USB Role-Switch Support Library service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116862 Keywords=Classic Message=The start type of the Chipidea USB Role-Switch Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116861 Keywords=Classic Message=The start type of the Remote Desktop Services UserMode Port Redirector service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116860 Keywords=Classic Message=The start type of the Microsoft UMPass Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116859 Keywords=Classic Message=The start type of the UMBus Enumerator Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116858 Keywords=Classic Message=The start type of the Interactive Services Detection service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116857 Keywords=Classic Message=The start type of the USB Synopsys Controller service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116856 Keywords=Classic Message=The start type of the USB Chipidea Controller service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116855 Keywords=Classic Message=The start type of the USB Function Class Extension service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116854 Keywords=Classic Message=The start type of the Microsoft UEFI Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116853 Keywords=Classic Message=The start type of the USB Device Emulation Support Library service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116852 Keywords=Classic Message=The start type of the USB Host Support Library service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116851 Keywords=Classic Message=The start type of the USB Connector Manager UCSI Client service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116850 Keywords=Classic Message=The start type of the UCM-TCPCI KMDF Class Extension service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116849 Keywords=Classic Message=The start type of the USB Connector Manager KMDF Class Extension service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116848 Keywords=Classic Message=The start type of the USB Attached SCSI (UAS) Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116847 Keywords=Classic Message=The start type of the User Access Logging Service service was changed from auto start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116846 Keywords=Classic Message=The start type of the TightVNC Server service was changed from auto start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116845 Keywords=Classic Message=The start type of the Microsoft Tunnel Miniport Adapter Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116844 Keywords=Classic Message=The start type of the Remote Desktop USB Hub service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116843 Keywords=Classic Message=The start type of the Remote Desktop Generic USB Device service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116842 Keywords=Classic Message=The start type of the TsUsbFlt service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116841 Keywords=Classic Message=The start type of the Distributed Link Tracking Client service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116840 Keywords=Classic Message=The start type of the TPM service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116839 Keywords=Classic Message=The start type of the Storage Tiers Management service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116838 Keywords=Classic Message=The start type of the Themes service was changed from auto start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116837 Keywords=Classic Message=The start type of the Remote Desktop Services service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116836 Keywords=Classic Message=The start type of the Microsoft Remote Desktop Input Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116835 Keywords=Classic Message=The start type of the NetIO Legacy TDI Support Driver service was changed from system start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116834 Keywords=Classic Message=The start type of the TCP/IP Registry Compatibility service was changed from auto start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116833 Keywords=Classic Message=The start type of the @todo.dll,-100;Microsoft IPv6 Protocol Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116832 Keywords=Classic Message=The start type of the TCP/IP Protocol Driver service was changed from boot start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116831 Keywords=Classic Message=The start type of the Telephony service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116830 Keywords=Classic Message=The start type of the Touch Keyboard and Handwriting Panel Service service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116829 Keywords=Classic Message=The start type of the SysmonDrv service was changed from boot start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116828 Keywords=Classic Message=The start type of the sysmon64 service was changed from auto start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116827 Keywords=Classic Message=The start type of the Superfetch service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116826 Keywords=Classic Message=The start type of the Synth3dVsc service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116825 Keywords=Classic Message=The start type of the Microsoft Software Shadow Copy Provider service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116824 Keywords=Classic Message=The start type of the Software Bus Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116823 Keywords=Classic Message=The start type of the Spot Verifier service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116822 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116821 Keywords=Classic Message=The start type of the storvsc service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116820 Keywords=Classic Message=The start type of the Microsoft Universal Flash Storage (UFS) Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116819 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116818 Keywords=Classic Message=The start type of the Storage Service service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116817 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116816 Keywords=Classic Message=The start type of the Storage QoS Filter Driver service was changed from auto start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116815 Keywords=Classic Message=The start type of the Microsoft Standard NVM Express Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116814 Keywords=Classic Message=The start type of the Microsoft Hyper-V Storage Accelerator service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116813 Keywords=Classic Message=The start type of the Microsoft Standard SATA AHCI Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116812 Keywords=Classic Message=The start type of the Windows Image Acquisition (WIA) service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116811 Keywords=Classic Message=The start type of the stexstor service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116810 Keywords=Classic Message=The start type of the Secure Socket Tunneling Protocol Service service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116809 Keywords=Classic Message=The start type of the srvnet service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116808 Keywords=Classic Message=The start type of the Server SMB 2.xxx Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116807 Keywords=Classic Message=The start type of the Server SMB 1.xxx Driver service was changed from auto start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116806 Keywords=Classic Message=The start type of the Print Spooler service was changed from auto start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116805 Keywords=Classic Message=The start type of the SplunkMonitorNoHandle service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116804 Keywords=Classic Message=The start type of the SplunkForwarder Service service was changed from auto start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116803 Keywords=Classic Message=The start type of the Splunk Trace Kernel Mode Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116802 Keywords=Classic Message=The start type of the splknetdrv service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116801 Keywords=Classic Message=The start type of the Simple Peripheral Bus Support Library service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116800 Keywords=Classic Message=The start type of the Storage Spaces Driver service was changed from boot start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116799 Keywords=Classic Message=The start type of the SNMP Trap service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116798 Keywords=Classic Message=The start type of the Microsoft Storage Spaces SMP service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116797 Keywords=Classic Message=The start type of the smbdirect service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116796 Keywords=Classic Message=The start type of the SiSRaid4 service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116795 Keywords=Classic Message=The start type of the SiSRaid2 service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116794 Keywords=Classic Message=The start type of the Shell Hardware Detection service was changed from auto start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116793 Keywords=Classic Message=The start type of the Internet Connection Sharing (ICS) service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116792 Keywords=Classic Message=The start type of the High-Capacity Floppy Disk Drive service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116791 Keywords=Classic Message=The start type of the Remote Desktop Configuration service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116790 Keywords=Classic Message=The start type of the Serial Mouse Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116789 Keywords=Classic Message=The start type of the Serial port driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116788 Keywords=Classic Message=The start type of the Serenum Filter Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116787 Keywords=Classic Message=The start type of the Serial UART Support Library service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116786 Keywords=Classic Message=The start type of the Serial UART Support Library service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116785 Keywords=Classic Message=The start type of the Sensor Monitoring Service service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116784 Keywords=Classic Message=The start type of the Sensor Service service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116783 Keywords=Classic Message=The start type of the Sensor Data Service service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116782 Keywords=Classic Message=The start type of the System Event Notification Service service was changed from auto start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116781 Keywords=Classic Message=The start type of the Secondary Logon service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116780 Keywords=Classic Message=The start type of the SD Storage Port Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116779 Keywords=Classic Message=The start type of the sdbus service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116778 Keywords=Classic Message=The start type of the Microsoft NVDIMM-N disk driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116777 Keywords=Classic Message=The start type of the Microsoft Storage Class Memory Bus Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116776 Keywords=Classic Message=The start type of the SBP-2 Transport/Protocol Bus Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116775 Keywords=Classic Message=The start type of the Security Accounts Manager service was changed from auto start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116774 Keywords=Classic Message=The start type of the Special Administration Console Helper service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116773 Keywords=Classic Message=The start type of the sacdrv service was changed from boot start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116772 Keywords=Classic Message=The start type of the s3cap service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116771 Keywords=Classic Message=The start type of the Link-Layer Topology Discovery Responder service was changed from auto start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116770 Keywords=Classic Message=The start type of the Resultant Set of Policy Provider service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116769 Keywords=Classic Message=The start type of the Remote Procedure Call (RPC) Locator service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116768 Keywords=Classic Message=The start type of the Remote Registry service was changed from auto start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116767 Keywords=Classic Message=The start type of the ReFSv1 service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116766 Keywords=Classic Message=The start type of the ReFS service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116765 Keywords=Classic Message=The start type of the Remote Desktop Video Miniport Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116764 Keywords=Classic Message=The start type of the Remote Desktop Device Redirector Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116763 Keywords=Classic Message=The start type of the Remote Desktop Device Redirector Bus Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116762 Keywords=Classic Message=The start type of the Redirected Buffering Sub System service was changed from system start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116761 Keywords=Classic Message=The start type of the WAN Miniport (SSTP) service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116760 Keywords=Classic Message=The start type of the Remote Access PPPOE Driver service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116759 Keywords=Classic Message=The start type of the Remote Access Connection Manager service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116758 Keywords=Classic Message=The start type of the WAN Miniport (L2TP) service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116757 Keywords=Classic Message=The start type of the WAN Miniport (GRE) service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116756 Keywords=Classic Message=The start type of the Remote Access Auto Connection Manager service was changed from demand start to disabled. 02/23/2022 10:56:43 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7040 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116755 Keywords=Classic Message=The start type of the WAN Miniport (IKEv2) service was changed from demand start to disabled. 02/23/2022 10:56:44 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116954 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:44 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116953 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:44 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116952 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:45 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116957 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:45 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116956 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:45 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116955 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:46 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116963 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:46 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116962 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:46 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116961 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:46 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116960 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:46 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116959 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:46 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116958 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:47 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116973 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:47 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116972 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:47 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116971 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:47 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116970 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:47 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116969 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:47 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116968 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:47 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116967 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:47 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116966 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:47 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116965 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:47 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116964 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:48 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116984 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:48 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116983 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:48 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116982 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:48 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116981 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:48 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116980 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:48 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116979 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:48 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116978 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:48 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116977 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:48 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116976 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:48 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116975 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:48 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116974 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:49 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116993 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:49 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116992 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:49 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116991 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:49 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116990 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:49 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116989 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:49 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116988 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:49 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116987 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:49 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116986 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:49 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116985 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:50 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116998 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:50 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116997 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:50 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116996 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:50 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116995 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:50 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116994 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:52 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117001 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:52 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117000 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:52 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=116999 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:53 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117004 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:53 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117003 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:53 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117002 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:54 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117006 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:54 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117005 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:55 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117010 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:55 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117009 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:55 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117008 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:55 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117007 Keywords=Classic Message=DCOM was unable to communicate with the computer 255.255.255.255 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:56 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117012 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:56 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117011 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:58 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117015 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:58 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117014 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:58 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117013 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:59 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117018 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:59 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117017 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:56:59 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117016 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:00 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117021 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:00 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117020 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:00 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117019 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:01 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117024 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:01 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117023 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:01 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117022 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:02 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117030 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:02 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117029 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:02 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117028 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:02 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117027 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:02 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117026 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:02 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117025 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:03 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117041 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:03 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117040 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:03 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117039 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:03 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117038 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:03 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117037 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:03 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117036 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:03 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117035 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:03 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117034 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:03 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117033 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:03 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117032 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:03 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117031 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:04 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117050 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:04 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117049 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:04 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117048 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:04 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117047 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:04 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117046 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:04 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117045 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:04 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117044 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:04 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117043 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:04 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117042 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:05 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117056 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:05 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117055 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:05 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117054 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:05 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117053 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:05 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117052 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:05 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117051 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:06 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117064 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:06 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117063 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:06 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117062 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:06 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117061 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:06 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117060 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:06 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117059 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:06 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117058 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.22 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:06 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117057 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:07 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117067 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:07 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117066 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:07 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117065 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:08 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117070 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:08 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117069 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:08 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117068 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:09 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117071 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:10 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117074 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:10 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117073 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:10 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117072 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:11 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117077 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:11 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117076 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:11 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117075 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:12 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117079 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:12 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117078 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:13 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117080 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:14 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117083 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:14 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117082 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:14 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117081 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:15 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117086 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:15 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117085 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:15 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117084 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:16 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117088 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:16 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117087 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:17 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117089 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:18 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117092 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:18 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117091 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:18 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117090 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:18 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-tcontreras-attack-range-985 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116241 Keywords=Classic Message=The Windows Update service entered the running state. 02/23/2022 10:57:19 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117095 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:19 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117094 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:19 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117093 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:20 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117097 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:20 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117096 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:22 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117099 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:22 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117098 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:23 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117102 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:23 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117101 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:23 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117100 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:24 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117105 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:24 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117104 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:24 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117103 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:25 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117106 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:26 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117107 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:27 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117108 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:28 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117109 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:32 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117110 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:33 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117111 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:34 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117113 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:34 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117112 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:35 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117114 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:36 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117117 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:36 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117116 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:36 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117115 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:37 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117120 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:37 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117119 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:37 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117118 Keywords=Classic Message=DCOM was unable to communicate with the computer 239.255.255.250 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:38 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117122 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.12 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:38 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117121 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:41 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117124 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:57:41 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117123 Keywords=Classic Message=DCOM was unable to communicate with the computer 224.0.0.252 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:58:16 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117126 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:58:16 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117125 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:58:38 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117128 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:58:38 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117127 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:58:59 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117130 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:58:59 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117129 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 10:59:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=117131 Keywords=Classic Message=The Volume Shadow Copy service entered the stopped state. 02/23/2022 11:00:09 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117132 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:00:14 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117133 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:00:27 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=117134 Keywords=Classic Message=The Windows Update service entered the stopped state. 02/23/2022 11:00:30 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117135 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:00:35 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117136 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:00:51 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117137 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:00:56 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117138 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:02:02 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117139 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:02:10 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117140 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:02:23 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117141 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:02:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-tcontreras-attack-range-985 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116242 Keywords=Classic Message=The DNS Client service entered the running state. 02/23/2022 11:02:31 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117142 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:02:42 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=117143 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the stopped state. 02/23/2022 11:02:44 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117144 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:02:52 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117145 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:03:55 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117146 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:04:07 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117147 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:04:16 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117148 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:04:28 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117149 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:04:37 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117150 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:04:49 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117151 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:05:48 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117152 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:06:03 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117153 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:06:09 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117154 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:06:25 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117155 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:06:30 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117156 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:06:46 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117157 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:07:19 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-tcontreras-attack-range-985 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116243 Keywords=Classic Message=The Windows Update service entered the stopped state. 02/23/2022 11:07:41 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117158 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:08:00 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117159 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:08:02 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117160 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:08:21 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117161 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:08:23 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117162 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:08:42 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117163 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:09:34 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117164 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:09:55 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117165 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:09:56 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117166 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:10:16 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117167 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:10:17 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117168 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:10:38 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117169 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:11:27 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117170 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:11:48 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117171 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:11:53 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117172 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:12:09 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117173 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:12:14 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117174 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:12:35 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117175 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:12:48 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=117176 Keywords=Classic Message=The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state. 02/23/2022 11:13:19 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117177 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:13:40 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117178 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:13:50 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117179 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:14:01 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117180 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:14:11 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117181 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:14:32 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117182 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:15:12 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117183 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:15:33 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117184 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.1 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:15:46 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117185 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:16:07 AM LogName=System SourceName=Microsoft-Windows-DistributedCOM EventCode=10028 EventType=2 Type=Error ComputerName=win-dc-tcontreras-attack-range-173.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1032146228-2128790581-2941542908-500 SidType=0 TaskCategory=None OpCode=Info RecordNumber=117186 Keywords=Classic Message=DCOM was unable to communicate with the computer 10.0.1.15 using any of the configured protocols; requested by PID 1a88 (C:\Temp\olympic_destroyer.exe). 02/23/2022 11:22:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-tcontreras-attack-range-985 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116244 Keywords=Classic Message=The DNS Client service entered the stopped state. 02/23/2022 11:32:28 AM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-tcontreras-attack-range-985 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=116245 Keywords=Classic Message=The DNS Client service entered the running state.