06/04/2021 01:47:18 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-392.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93982 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the stopped state. 06/04/2021 01:50:36 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93930 Keywords=Classic Message=The Windows Update service entered the stopped state. 06/04/2021 01:55:34 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93931 Keywords=Classic Message=The App Readiness service entered the stopped state. 06/04/2021 01:56:32 PM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=1 EventType=4 Type=Information ComputerName=win-host-243 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=93933 Keywords=None Message=File System Filter 'SysmonDrv' (Version 0.0, ‎2021‎-‎01‎-‎12T18:00:46.000000000Z) unloaded successfully. 06/04/2021 01:56:32 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93932 Keywords=Classic Message=The sysmon64 service entered the stopped state. 06/04/2021 01:57:51 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93934 Keywords=Classic Message=The Diagnostic System Host service entered the stopped state. 06/04/2021 01:59:30 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93938 Keywords=Classic Message=The Sysmon64 service entered the running state. 06/04/2021 01:59:30 PM LogName=System SourceName=Microsoft-Windows-FilterManager EventCode=6 EventType=4 Type=Information ComputerName=win-host-243 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=Info RecordNumber=93937 Keywords=None Message=File System Filter 'SysmonDrv' (0.0, ‎2021‎-‎01‎-‎12T18:00:46.000000000Z) has successfully loaded and registered with Filter Manager. 06/04/2021 01:59:30 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-host-243 User=NOT_TRANSLATED Sid=S-1-5-21-2444999080-3199721466-1933120439-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93936 Keywords=Classic Message=A service was installed in the system. Service Name: SysmonDrv Service File Name: C:\Windows\SysmonDrv.sys Service Type: kernel mode driver Service Start Type: boot start Service Account: 06/04/2021 01:59:30 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-host-243 User=NOT_TRANSLATED Sid=S-1-5-21-2444999080-3199721466-1933120439-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93935 Keywords=Classic Message=A service was installed in the system. Service Name: Sysmon64 Service File Name: C:\Windows\Sysmon64.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 06/04/2021 02:00:00 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93939 Keywords=Classic Message=The Windows Error Reporting Service service entered the running state. 06/04/2021 02:00:04 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93941 Keywords=Classic Message=The Diagnostic Service Host service entered the running state. 06/04/2021 02:00:04 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93940 Keywords=Classic Message=The Diagnostic System Host service entered the running state. 06/04/2021 02:02:03 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93942 Keywords=Classic Message=The Windows Error Reporting Service service entered the stopped state. 06/04/2021 02:03:48 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93944 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 06/04/2021 02:03:48 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93943 Keywords=Classic Message=The SplunkForwarder Service service entered the stopped state. 06/04/2021 02:03:57 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93945 Keywords=Classic Message=The SplunkForwarder Service service entered the running state. 06/04/2021 02:03:58 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-host-243 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93946 Keywords=Classic Message=A service was installed in the system. Service Name: npf Service File Name: C:/Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\npf.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 06/04/2021 02:05:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93947 Keywords=Classic Message=The Windows Error Reporting Service service entered the running state. 06/04/2021 02:08:12 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93948 Keywords=Classic Message=The Windows Error Reporting Service service entered the stopped state. 06/04/2021 02:14:20 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-host-243 User=NOT_TRANSLATED Sid=S-1-5-21-2444999080-3199721466-1933120439-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93949 Keywords=Classic Message=A service was installed in the system. Service Name: sophos Service File Name: c:\windows\system32\calc.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 06/04/2021 02:14:58 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-host-243 User=NOT_TRANSLATED Sid=S-1-5-21-2444999080-3199721466-1933120439-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93950 Keywords=Classic Message=A service was installed in the system. Service Name: backup Service File Name: c:\windows\system32\calc.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 06/04/2021 02:15:07 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-host-243 User=NOT_TRANSLATED Sid=S-1-5-21-2444999080-3199721466-1933120439-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93951 Keywords=Classic Message=A service was installed in the system. Service Name: sql Service File Name: c:\windows\system32\calc.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 06/04/2021 02:15:16 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-host-243 User=NOT_TRANSLATED Sid=S-1-5-21-2444999080-3199721466-1933120439-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93952 Keywords=Classic Message=A service was installed in the system. Service Name: veeam Service File Name: c:\windows\system32\calc.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 06/04/2021 02:15:27 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-host-243 User=NOT_TRANSLATED Sid=S-1-5-21-2444999080-3199721466-1933120439-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93953 Keywords=Classic Message=A service was installed in the system. Service Name: memtas Service File Name: c:\windows\system32\calc.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 06/04/2021 02:15:38 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7045 EventType=4 Type=Information ComputerName=win-host-243 User=NOT_TRANSLATED Sid=S-1-5-21-2444999080-3199721466-1933120439-500 SidType=0 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93954 Keywords=Classic Message=A service was installed in the system. Service Name: mempocs Service File Name: c:\windows\system32\calc.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem 06/04/2021 02:18:35 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7000 EventType=2 Type=Error ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93958 Keywords=Classic Message=The backup service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 06/04/2021 02:18:35 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7009 EventType=2 Type=Error ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93957 Keywords=Classic Message=A timeout was reached (30000 milliseconds) while waiting for the backup service to connect. 06/04/2021 02:18:35 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93956 Keywords=Classic Message=The Client License Service (ClipSVC) service entered the running state. 06/04/2021 02:18:35 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93955 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the running state. 06/04/2021 02:18:56 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7000 EventType=2 Type=Error ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93960 Keywords=Classic Message=The veeam service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 06/04/2021 02:18:56 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7009 EventType=2 Type=Error ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93959 Keywords=Classic Message=A timeout was reached (30000 milliseconds) while waiting for the veeam service to connect. 06/04/2021 02:19:13 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93961 Keywords=Classic Message=The Volume Shadow Copy service entered the running state. 06/04/2021 02:19:24 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7000 EventType=2 Type=Error ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93963 Keywords=Classic Message=The sql service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 06/04/2021 02:19:24 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7009 EventType=2 Type=Error ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93962 Keywords=Classic Message=A timeout was reached (30000 milliseconds) while waiting for the sql service to connect. 06/04/2021 02:22:08 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-392.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93983 Keywords=Classic Message=The WinHttpAutoProxySvc service entered the running state. 06/04/2021 02:22:40 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7000 EventType=2 Type=Error ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93965 Keywords=Classic Message=The mempocs service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 06/04/2021 02:22:40 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7009 EventType=2 Type=Error ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93964 Keywords=Classic Message=A timeout was reached (30000 milliseconds) while waiting for the mempocs service to connect. 06/04/2021 02:22:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7000 EventType=2 Type=Error ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93967 Keywords=Classic Message=The memtas service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 06/04/2021 02:22:44 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7009 EventType=2 Type=Error ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93966 Keywords=Classic Message=A timeout was reached (30000 milliseconds) while waiting for the memtas service to connect. 06/04/2021 02:22:51 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7000 EventType=2 Type=Error ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93969 Keywords=Classic Message=The mempocs service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 06/04/2021 02:22:51 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7009 EventType=2 Type=Error ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93968 Keywords=Classic Message=A timeout was reached (30000 milliseconds) while waiting for the mempocs service to connect. 06/04/2021 02:23:35 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93970 Keywords=Classic Message=The Client License Service (ClipSVC) service entered the stopped state. 06/04/2021 02:23:51 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93971 Keywords=Classic Message=The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state. 06/04/2021 02:24:04 PM LogName=System SourceName=Microsoft-Windows-DNS Client Events EventCode=1014 EventType=3 Type=Warning ComputerName=win-host-243 User=NOT_TRANSLATED Sid=S-1-5-20 SidType=0 TaskCategory=1014 OpCode=Info RecordNumber=93972 Keywords=None Message=Name resolution for the name 157.110.250.142.in-addr.arpa. timed out after none of the configured DNS servers responded. 06/04/2021 02:24:27 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93974 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the running state. 06/04/2021 02:24:27 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93973 Keywords=Classic Message=The AppX Deployment Service (AppXSVC) service entered the stopped state. 06/04/2021 02:27:27 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93975 Keywords=Classic Message=The Volume Shadow Copy service entered the stopped state. 06/04/2021 02:30:27 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93976 Keywords=Classic Message=The Microsoft Software Shadow Copy Provider service entered the stopped state. 06/04/2021 02:39:59 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-dc-392.attackrange.local TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93984 Keywords=Classic Message=The Tile Data model server service entered the running state. 06/04/2021 02:40:49 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93977 Keywords=Classic Message=The DNS Client service entered the stopped state. 06/04/2021 02:42:51 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager EventCode=7036 EventType=4 Type=Information ComputerName=win-host-243 TaskCategory=None OpCode=The operation completed successfully. RecordNumber=93978 Keywords=Classic Message=The Diagnostic System Host service entered the stopped state.