Event[0]: Log Name: System Source: EventLog Date: 2021-05-17T17:12:48.6550000Z Event ID: 6009 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Microsoft (R) Windows (R) 10.00. 19042 Multiprocessor Free. Event[1]: Log Name: System Source: EventLog Date: 2021-05-17T17:12:48.6550000Z Event ID: 6005 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Event log service was started. Event[2]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:12:08.7820000Z Event ID: 12 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The operating system started at system time ?2021?-?05?-?17T09:12:08.500000000Z. Event[3]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:12:08.7820000Z Event ID: 153 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Virtualization-based security (policies: 0) is disabled. Event[4]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:12:08.7820000Z Event ID: 26 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A one-time boot sequence was used during this boot. Event[5]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:12:08.7820000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The bootmgr spent 0 ms waiting for user input. Event[6]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:12:08.7820000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The last shutdown's success status was true. The last boot's success status was true. Event[7]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:12:08.7820000Z Event ID: 238 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: EFI time zone bias: 2047. Daylight flags: 0 Event[8]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:12:08.7820000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot menu policy was 0x1. Event[9]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:12:08.7820000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot type was 0x0. Event[10]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:12:08.7820000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The firmware reported boot metrics. Event[11]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:12:08.7900000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The leap second configuration has been updated. Reason: Leap second data initialized from registry during boot Leap seconds enabled: true New leap second count: 0 Old leap second count: 0 Event[12]: Log Name: System Source: Microsoft-Windows-HAL Date: 2021-05-17T17:12:08.8920000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The iommu fault reporting has been initialized. Event[13]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:12:09.7090000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileInfo' (10.0, ?2062?-?12?-?23T13:21:06.000000000Z) has successfully loaded and registered with Filter Manager. Event[14]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:12:09.7100000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'Wof' (10.0, ?2024?-?08?-?23T22:35:41.000000000Z) has successfully loaded and registered with Filter Manager. Event[15]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:12:09.7110000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'WdFilter' (10.0, ?2066?-?04?-?09T12:52:09.000000000Z) has successfully loaded and registered with Filter Manager. Event[16]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-17T17:12:10.4250000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume C: (\Device\HarddiskVolume5) is healthy. No action is needed. Event[17]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:12:10.5730000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileCrypt' (10.0, ?2002?-?03?-?01T19:12:42.000000000Z) has successfully loaded and registered with Filter Manager. Event[18]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:12:10.7170000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'npsvctrig' (10.0, ?2025?-?01?-?06T10:41:12.000000000Z) has successfully loaded and registered with Filter Manager. Event[19]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-17T17:12:10.8250000Z Event ID: 172 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Connectivity state in standby: Disconnected, Reason: NIC compliance Event[20]: Log Name: System Source: Serial Date: 2021-05-17T17:12:11.0200000Z Event ID: 2 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: While validating that \Device\Serial0 was really a serial port, a fifo was detected. The fifo will be used. Event[21]: Log Name: System Source: Serial Date: 2021-05-17T17:12:11.0200000Z Event ID: 2 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: While validating that \Device\Serial1 was really a serial port, a fifo was detected. The fifo will be used. Event[22]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:12:11.0260000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[23]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:12:11.0270000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[24]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:12:11.0280000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[25]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:12:11.0290000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[26]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:12:11.0300000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[27]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:12:11.0310000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[28]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:12:11.0320000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[29]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:12:11.0320000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[30]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:12:11.0330000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 8 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[31]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:12:11.0340000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 9 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[32]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:12:11.0350000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 10 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[33]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:12:11.0360000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 11 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[34]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-17T17:12:11.5770000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume D: (\Device\HarddiskVolume2) is healthy. No action is needed. Event[35]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-17T17:12:12.0350000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume E: (\Device\HarddiskVolume8) is healthy. No action is needed. Event[36]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-17T17:12:12.3770000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume F: (\Device\HarddiskVolume10) is healthy. No action is needed. Event[37]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-17T17:12:12.4590000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume \\?\Volume{e3ef0fe5-7c3c-4ff5-abf0-7b7d955f212e} (\Device\HarddiskVolume6) is healthy. No action is needed. Event[38]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:12:13.2200000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \SystemRoot\System32\Config\SOFTWARE was cleared updating 234393 keys and creating 13996 modified pages. Event[39]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:12:13.2700000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \SystemRoot\System32\config\DRIVERS was cleared updating 20933 keys and creating 923 modified pages. Event[40]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:12:13.3040000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[41]: Log Name: System Source: BTHUSB Date: 2021-05-17T17:12:13.6990000Z Event ID: 18 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Windows cannot store Bluetooth authentication codes (link keys) on the local adapter. Bluetooth keyboards might not work in the system BIOS during startup. Event[42]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:12:13.7120000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \SystemRoot\System32\Config\DEFAULT was cleared updating 91 keys and creating 8 modified pages. Event[43]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:12:13.7410000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \SystemRoot\System32\Config\SECURITY was cleared updating 1 keys and creating 1 modified pages. Event[44]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:12:13.7690000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \SystemRoot\System32\Config\SAM was cleared updating 1 keys and creating 1 modified pages. Event[45]: Log Name: System Source: BTHUSB Date: 2021-05-17T17:12:13.7700000Z Event ID: 34 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff, got 0x1fffffff. Low Energy peripheral role functionality will not be available. Event[46]: Log Name: System Source: Microsoft-Windows-Wininit Date: 2021-05-17T17:12:14.2220000Z Event ID: 14 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Credential Guard configuration: 0x0, 0 Event[47]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-17T17:12:14.4300000Z Event ID: 16962 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. Event[48]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-17T17:12:14.4380000Z Event ID: 16977 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 RelaxMinimumPasswordLengthLimits: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. Event[49]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:12:14.8660000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\WINDOWS\ServiceProfiles\NetworkService\NTUSER.DAT was cleared updating 584 keys and creating 33 modified pages. Event[50]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:12:15.4330000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\WINDOWS\ServiceProfiles\LocalService\NTUSER.DAT was cleared updating 584 keys and creating 33 modified pages. Event[51]: Log Name: System Source: Microsoft-Windows-SetupPlatform Date: 2021-05-17T17:12:47.7410000Z Event ID: 2005 Task: Install Windows Task Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: New Setup information Event[52]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:12:48.5650000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \SystemRoot\System32\Config\BBI was cleared updating 1 keys and creating 1 modified pages. Event[53]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:12:48.6540000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'wcifs' (10.0, ?1971?-?08?-?10T19:27:38.000000000Z) has successfully loaded and registered with Filter Manager. Event[54]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:12:48.6820000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'luafv' (10.0, ?2041?-?09?-?19T13:13:33.000000000Z) has successfully loaded and registered with Filter Manager. Event[55]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:12:48.6920000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[56]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:12:48.6920000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (Version 10.0, ?2025?-?11?-?30T04:09:30.000000000Z) unloaded successfully. Event[57]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:12:48.6920000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[58]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:12:48.6960000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'storqosflt' (10.0, ?2007?-?04?-?10T02:08:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[59]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:12:48.7000000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'bindflt' (10.0, ?2006?-?02?-?14T16:00:32.000000000Z) has successfully loaded and registered with Filter Manager. Event[60]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-17T17:12:48.7090000Z Event ID: 50036 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client service is started Event[61]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-17T17:12:48.7090000Z Event ID: 50103 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client registered for shutdown notification Event[62]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-17T17:12:48.7230000Z Event ID: 51046 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service is started Event[63]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:12:48.8110000Z Event ID: 7023 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The netprofm service terminated with the following error: The device is not ready. Event[64]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:12:49.9050000Z Event ID: 7026 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The following boot-start or system-start driver(s) did not load: CSC dam Event[65]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:12:50.0450000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: Service for NVIDIA High Definition Audio Driver Service File Name: \SystemRoot\system32\drivers\nvhda64v.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: Event[66]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:12:50.6710000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: Service for Realtek HD Audio (WDM) Service File Name: \SystemRoot\system32\drivers\RTKVHD64.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: Event[67]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:12:51.5610000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: Realtek RT640 NT Driver Service File Name: \SystemRoot\System32\drivers\rt640x64.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: Event[68]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:12:51.7800000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: Bluetooth Device (Personal Area Network) Service File Name: \SystemRoot\System32\drivers\bthpan.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: Event[69]: Log Name: System Source: Microsoft-Windows-UserPnp Date: 2021-05-17T17:12:52.1100000Z Event ID: 20003 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Driver Management has concluded the process to add Service Parport for Device Instance ID ACPI\PNP0400\0 with the following status: 0. Event[70]: Log Name: System Source: Microsoft-Windows-UserPnp Date: 2021-05-17T17:12:52.4490000Z Event ID: 20003 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Driver Management has concluded the process to add Service Serial for Device Instance ID ACPI\PNP0501\1 with the following status: 0. Event[71]: Log Name: System Source: Microsoft-Windows-UserPnp Date: 2021-05-17T17:12:52.4530000Z Event ID: 20003 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Driver Management has concluded the process to add Service Serenum for Device Instance ID ACPI\PNP0501\1 with the following status: 0. Event[72]: Log Name: System Source: Serial Date: 2021-05-17T17:12:52.4600000Z Event ID: 2 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: While validating that \Device\Serial2 was really a serial port, a fifo was detected. The fifo will be used. Event[73]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:12:52.8040000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) Service File Name: "C:\Program Files (x86)\Microsoft\Edge\Application\89.0.774.68\elevation_service.exe" Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem Event[74]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:12:54.4170000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\WINDOWS\system32\Config\Elam was cleared updating 1 keys and creating 1 modified pages. Event[75]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:13:09.1180000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: nvlddmkm Service File Name: \SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a494df49ba2f9f36\nvlddmkm.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: Event[76]: Log Name: System Source: Microsoft-Windows-UserPnp Date: 2021-05-17T17:13:09.5280000Z Event ID: 20003 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Driver Management has concluded the process to add Service nvlddmkm for Device Instance ID PCI\VEN_10DE&DEV_1C82&SUBSYS_1C8210DE&REV_A1\4&1C3D25BB&0&0019 with the following status: 0. Event[77]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:13:09.5240000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: NVIDIA Display Container LS Service File Name: %SystemRoot%\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a494df49ba2f9f36\Display.NvContainer\NVDisplay.Container.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem Event[78]: Log Name: System Source: Microsoft-Windows-UserPnp Date: 2021-05-17T17:13:09.7250000Z Event ID: 20003 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Driver Management has concluded the process to add Service NVDisplay.ContainerLocalSystem for Device Instance ID PCI\VEN_10DE&DEV_1C82&SUBSYS_1C8210DE&REV_A1\4&1C3D25BB&0&0019 with the following status: 0. Event[79]: Log Name: System Source: Microsoft-Windows-UserPnp Date: 2021-05-17T17:13:10.5180000Z Event ID: 20003 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Driver Management has concluded the process to add Service Serial for Device Instance ID ACPI\PNP0501\0 with the following status: 0. Event[80]: Log Name: System Source: Microsoft-Windows-UserPnp Date: 2021-05-17T17:13:10.5240000Z Event ID: 20003 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Driver Management has concluded the process to add Service Serenum for Device Instance ID ACPI\PNP0501\0 with the following status: 0. Event[81]: Log Name: System Source: Serial Date: 2021-05-17T17:13:10.8840000Z Event ID: 2 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: While validating that \Device\Serial3 was really a serial port, a fifo was detected. The fifo will be used. Event[82]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:13:11.3680000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: Realtek Audio Universal Service Service File Name: "%SystemRoot%\System32\RtkAudUService64.exe" Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem Event[83]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:12.2130000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_10.0.19041.964_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[84]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:12.4480000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_10.0.19041.964_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[85]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:13.0830000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.19041.964_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[86]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:14.1200000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_10.0.19041.964_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[87]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:14.3590000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.AAD.BrokerPlugin_1000.19041.964.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[88]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:14.6030000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.AccountsControl_10.0.19041.964_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[89]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:14.8470000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.AsyncTextService_10.0.19041.964_neutral__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[90]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:15.1150000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.BioEnrollment_10.0.19041.964_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[91]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:15.3370000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.CredDialogHost_10.0.19041.964_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[92]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:15.5670000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ECApp_10.0.19041.964_neutral__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[93]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:15.7910000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.LockApp_10.0.19041.964_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[94]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:16.2720000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftEdge_44.19041.964.0_neutral__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[95]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:16.5530000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Win32WebViewHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[96]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:16.7900000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Apprep.ChxApp_1000.19041.964.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[97]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:17.0140000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.AssignedAccessLockApp_1000.19041.964.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[98]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:17.5710000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.CallingShellApp_1000.19041.964.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[99]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:18.6560000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.CapturePicker_10.0.19041.964_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[100]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:18.8960000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.CloudExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[101]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:19.1660000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ContentDeliveryManager_10.0.19041.964_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[102]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:19.4140000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.NarratorQuickStart_10.0.19041.964_neutral_neutral_8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[103]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:19.6420000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.19041.964_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[104]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:19.8750000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_10.0.19041.964_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[105]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:20.1020000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ParentalControls_1000.19041.964.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[106]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:20.3350000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.PeopleExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[107]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:20.5600000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.PinningConfirmationDialog_1000.19041.964.0_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[108]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:20.8090000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Search_1.14.1.19041_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[109]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:21.0720000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.SecHealthUI_10.0.19041.964_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[110]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:21.3560000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.SecureAssessmentBrowser_10.0.19041.964_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[111]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:21.6200000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[112]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:21.8900000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.StartMenuExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[113]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:22.1220000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.XGpuEjectDialog_10.0.19041.964_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[114]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:22.3500000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGameCallableUI_1000.19041.964.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[115]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:22.6420000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\MicrosoftWindows.Client.CBS_120.2212.2020.0_x64__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[116]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:22.8930000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\MicrosoftWindows.UndockedDevKit_10.0.19041.964_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[117]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:23.1180000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\NcsiUwpApp_1000.19041.964.0_neutral_neutral_8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[118]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:23.3510000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Windows.CBSPreview_10.0.19041.964_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[119]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:23.5700000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[120]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:23.8050000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Windows.PrintDialog_6.2.1.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[121]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:24.6250000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[122]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:26.1080000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.BingWeather_4.46.31121.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[123]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:26.9330000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.DesktopAppInstaller_1.4.3161.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[124]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:27.9980000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.GetHelp_10.2102.40951.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[125]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:28.7760000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Getstarted_10.1.40561.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[126]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:30.6830000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Microsoft3DViewer_7.2105.4012.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[127]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:31.6770000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftOfficeHub_18.2008.12711.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[128]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:32.5800000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftSolitaireCollection_4.9.5060.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[129]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:33.2850000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[130]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:33.9900000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MixedReality.Portal_2000.21041.1051.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[131]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:35.1260000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MSPaint_6.2105.4017.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[132]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:39.3670000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Office.OneNote_16001.13801.20534.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[133]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:41.3640000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.People_10.1909.12456.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[134]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:42.3740000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ScreenSketch_10.2008.2277.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[135]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:42.7110000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Services.Store.Engagement_10.0.19011.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[136]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:42.9240000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Services.Store.Engagement_10.0.19011.0_x86__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[137]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:45.0740000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[138]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:45.5800000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.StorePurchaseApp_12103.1001.8.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[139]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:45.8940000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[140]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:46.1320000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x86__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[141]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:46.4010000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.UI.Xaml.2.1_2.11906.6001.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[142]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:46.6530000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.UI.Xaml.2.1_2.11906.6001.0_x86__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[143]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:46.9590000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.UI.Xaml.2.3_2.32002.13001.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[144]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:47.2710000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.UI.Xaml.2.3_2.32002.13001.0_x86__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[145]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:47.5460000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.UI.Xaml.2.4_2.42007.9001.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[146]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:47.8220000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.UI.Xaml.2.4_2.42007.9001.0_x86__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[147]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:49.7010000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[148]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:50.3070000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WebMediaExtensions_1.0.40831.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[149]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:55.6880000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[150]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:57.2620000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsAlarms_10.2101.28.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[151]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:58.2700000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[152]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:13:58.9690000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsCamera_2021.105.10.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[153]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:14:03.6270000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[154]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:14:04.8510000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[155]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:14:06.6900000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[156]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:14:07.5100000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsSoundRecorder_10.2103.28.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[157]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:14:08.3850000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[158]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:14:08.7870000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[159]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:14:09.3860000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Xbox.TCUI_1.24.10001.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[160]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:14:10.5410000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxApp_48.76.8001.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[161]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:14:11.1410000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGameOverlay_1.54.4001.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[162]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:14:12.0280000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGamingOverlay_5.621.4222.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[163]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:14:12.5060000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxIdentityProvider_12.67.21001.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[164]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:14:12.8670000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxSpeechToTextOverlay_1.21.13002.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[165]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:14:18.3700000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.YourPhone_1.21042.95.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[166]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:14:20.9870000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[167]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:14:22.5990000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneVideo_10.21021.10311.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[168]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:14:23.3600000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[169]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:14:25.3160000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\RealtekSemiconductorCorp.RealtekAudioControl_1.2.175.0_x64__dt26b99r8h8gj\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[170]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:14:26.4380000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\WINDOWS\System32\config\COMPONENTS was cleared updating 64749 keys and creating 7266 modified pages. Event[171]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:14:32.3780000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\WINDOWS\AppCompat\Programs\Amcache.hve was cleared updating 0 keys and creating 0 modified pages. Event[172]: Log Name: System Source: Microsoft-Windows-Setup Date: 2021-05-17T17:14:33.3490000Z Event ID: 2004 Task: OS information Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Successfully logged OS information Event[173]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:14:48.8480000Z Event ID: 10010 Task: N/A Level: Error Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout. Event[174]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:14:48.8630000Z Event ID: 7023 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Network List Service service terminated with the following error: The device is not ready. Event[175]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:14:51.6760000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: Printer Extensions and Notifications Service File Name: %SystemRoot%\system32\svchost.exe -k print Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem Event[176]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:14:51.6760000Z Event ID: 7030 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Printer Extensions and Notifications service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Event[177]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:14:54.6920000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\WINDOWS\System32\SMI\Store\Machine\SCHEMA.DAT was cleared updating 15943 keys and creating 2719 modified pages. Event[178]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:14:54.7880000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\Default\NTUSER.DAT was cleared updating 584 keys and creating 33 modified pages. Event[179]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:14:58.3730000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Windows.old\Windows\system32\config\userdiff was cleared updating 1 keys and creating 1 modified pages. Event[180]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:14:58.4060000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Windows.old\Windows\system32\config\elam was cleared updating 1 keys and creating 1 modified pages. Event[181]: Log Name: System Source: User32 Date: 2021-05-17T17:15:19.2910000Z Event ID: 1074 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The process C:\WINDOWS\system32\winlogon.exe (DESKTOP-5M67F4R) has initiated the restart of computer DESKTOP-5M67F4R on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Upgrade (Planned) Reason Code: 0x80020003 Shutdown Type: restart Comment: Event[182]: Log Name: System Source: EventLog Date: 2021-05-17T17:15:23.5360000Z Event ID: 6006 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Event log service was stopped. Event[183]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-17T17:15:23.5260000Z Event ID: 50104 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client received shutdown notification Event[184]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-17T17:15:23.5270000Z Event ID: 50105 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client ProcessDHCPRequestForever received TERMINATE_EVENT Event[185]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-17T17:15:23.5280000Z Event ID: 51047 Task: Service State Event Level: Information Opcode: ServiceStop Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service is stopped. ShutDown Flag value is 1 Event[186]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-17T17:15:23.5280000Z Event ID: 51057 Task: Service State Event Level: Information Opcode: ServiceStopWithRefCount Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service stop is almost done.DHCP Context Ref count is 1 Event[187]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-17T17:15:23.5300000Z Event ID: 50106 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 is waiting on DHCPv6 service to stop Event[188]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-17T17:15:23.5340000Z Event ID: 50037 Task: Service State Event Level: Information Opcode: ServiceStop Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client service is stopped. ShutDown Flag value is 1 Event[189]: Log Name: System Source: EventLog Date: 2021-05-17T17:16:27.0530000Z Event ID: 6009 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Microsoft (R) Windows (R) 10.00. 19042 Multiprocessor Free. Event[190]: Log Name: System Source: EventLog Date: 2021-05-17T17:16:27.0530000Z Event ID: 6005 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Event log service was started. Event[191]: Log Name: System Source: EventLog Date: 2021-05-17T17:16:27.0530000Z Event ID: 6013 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system uptime is 44 seconds. Event[192]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-17T17:15:28.5210000Z Event ID: 109 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API Event[193]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:15:29.6090000Z Event ID: 13 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The operating system is shutting down at system time ?2021?-?05?-?17T09:15:29.609860100Z. Event[194]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:15:42.8030000Z Event ID: 12 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The operating system started at system time ?2021?-?05?-?17T09:15:42.500000000Z. Event[195]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:15:42.8030000Z Event ID: 153 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Virtualization-based security (policies: 0) is disabled. Event[196]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:15:42.8030000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The last shutdown's success status was true. The last boot's success status was true. Event[197]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:15:42.8030000Z Event ID: 238 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: EFI time zone bias: 2047. Daylight flags: 0 Event[198]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:15:42.8030000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot menu policy was 0x1. Event[199]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:15:42.8030000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot type was 0x0. Event[200]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:15:42.8030000Z Event ID: 26 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A one-time boot sequence was used during this boot. Event[201]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:15:42.8030000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The bootmgr spent 0 ms waiting for user input. Event[202]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:15:42.8030000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The firmware reported boot metrics. Event[203]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:15:42.8120000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The leap second configuration has been updated. Reason: Leap second data initialized from registry during boot Leap seconds enabled: true New leap second count: 0 Old leap second count: 0 Event[204]: Log Name: System Source: Microsoft-Windows-HAL Date: 2021-05-17T17:15:42.9190000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The iommu fault reporting has been initialized. Event[205]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:15:43.5930000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileInfo' (10.0, ?2062?-?12?-?23T13:21:06.000000000Z) has successfully loaded and registered with Filter Manager. Event[206]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:15:43.5940000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'Wof' (10.0, ?2024?-?08?-?23T22:35:41.000000000Z) has successfully loaded and registered with Filter Manager. Event[207]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:15:43.5950000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'WdFilter' (10.0, ?2066?-?04?-?09T12:52:09.000000000Z) has successfully loaded and registered with Filter Manager. Event[208]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-17T17:15:44.0480000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume C: (\Device\HarddiskVolume5) is healthy. No action is needed. Event[209]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:15:44.1100000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileCrypt' (10.0, ?2002?-?03?-?01T19:12:42.000000000Z) has successfully loaded and registered with Filter Manager. Event[210]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:15:44.2240000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'npsvctrig' (10.0, ?2025?-?01?-?06T10:41:12.000000000Z) has successfully loaded and registered with Filter Manager. Event[211]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-17T17:15:44.2630000Z Event ID: 172 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Connectivity state in standby: Disconnected, Reason: NIC compliance Event[212]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:15:44.8880000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[213]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:15:44.8880000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[214]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:15:44.8890000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[215]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:15:44.8890000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[216]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:15:44.8900000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[217]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:15:44.8900000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[218]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:15:44.8910000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[219]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:15:44.8920000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[220]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:15:44.8920000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 8 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[221]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:15:44.8930000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 9 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[222]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:15:44.8930000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 10 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[223]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:15:44.8980000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 11 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[224]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-17T17:15:45.1130000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume D: (\Device\HarddiskVolume2) is healthy. No action is needed. Event[225]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-17T17:15:45.5460000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume E: (\Device\HarddiskVolume8) is healthy. No action is needed. Event[226]: Log Name: System Source: BTHUSB Date: 2021-05-17T17:15:45.7130000Z Event ID: 18 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Windows cannot store Bluetooth authentication codes (link keys) on the local adapter. Bluetooth keyboards might not work in the system BIOS during startup. Event[227]: Log Name: System Source: BTHUSB Date: 2021-05-17T17:15:45.7750000Z Event ID: 34 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff, got 0x1fffffff. Low Energy peripheral role functionality will not be available. Event[228]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-17T17:15:45.8820000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume F: (\Device\HarddiskVolume10) is healthy. No action is needed. Event[229]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-17T17:15:45.9630000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume \\?\Volume{e3ef0fe5-7c3c-4ff5-abf0-7b7d955f212e} (\Device\HarddiskVolume6) is healthy. No action is needed. Event[230]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:15:46.5270000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[231]: Log Name: System Source: Microsoft-Windows-Wininit Date: 2021-05-17T17:15:48.1050000Z Event ID: 14 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Credential Guard configuration: 0x0, 0 Event[232]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-17T17:15:48.3060000Z Event ID: 16962 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. Event[233]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-17T17:15:48.3170000Z Event ID: 16977 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 RelaxMinimumPasswordLengthLimits: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. Event[234]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:16:27.0680000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'wcifs' (10.0, ?1971?-?08?-?10T19:27:38.000000000Z) has successfully loaded and registered with Filter Manager. Event[235]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:16:27.1080000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'luafv' (10.0, ?2041?-?09?-?19T13:13:33.000000000Z) has successfully loaded and registered with Filter Manager. Event[236]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-17T17:16:27.1120000Z Event ID: 50036 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client service is started Event[237]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-17T17:16:27.1120000Z Event ID: 50103 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client registered for shutdown notification Event[238]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:16:27.1200000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[239]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:16:27.1200000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (Version 10.0, ?2025?-?11?-?30T04:09:30.000000000Z) unloaded successfully. Event[240]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:16:27.1200000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[241]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:16:27.1250000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'storqosflt' (10.0, ?2007?-?04?-?10T02:08:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[242]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:16:27.1300000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'bindflt' (10.0, ?2006?-?02?-?14T16:00:32.000000000Z) has successfully loaded and registered with Filter Manager. Event[243]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-17T17:16:27.1300000Z Event ID: 51046 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service is started Event[244]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:16:28.0800000Z Event ID: 7026 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The following boot-start or system-start driver(s) did not load: dam Event[245]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:18:29.7060000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[246]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:18:41.0080000Z Event ID: 10010 Task: N/A Level: Error Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout. Event[247]: Log Name: System Source: Virtual Disk Service Date: 2021-05-17T17:18:43.8880000Z Event ID: 3 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Service started. Event[248]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:18:48.5200000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Windows\Logs\PBR\BCDCopy was cleared updating 165 keys and creating 8 modified pages. Event[249]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:18:48.5320000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Windows\Logs\PBR\BCDCopy was cleared updating 0 keys and creating 0 modified pages. Event[250]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:19:13.3700000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat was cleared updating 0 keys and creating 0 modified pages. Event[251]: Log Name: System Source: Microsoft-Windows-UserModePowerService Date: 2021-05-17T17:19:17.4690000Z Event ID: 22 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Reapply power settings upon completion of the provisioning engine's turn 1 Event[252]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:19:52.7180000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[253]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:23:14.4490000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Windows Modules Installer service was changed from auto start to demand start. Event[254]: Log Name: System Source: Microsoft-Windows-GroupPolicy Date: 2021-05-17T17:23:14.5180000Z Event ID: 1500 Task: N/A Level: Information Opcode: Start Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The Group Policy settings for the computer were processed successfully. There were no changes detected since the last successful processing of Group Policy. Event[255]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-17T17:23:14.5970000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logon Notification for Customer Experience Improvement Program Event[256]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:23:14.6210000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: DESKTOP-5M67F4R Description: The start type of the Delivery Optimization service was changed from demand start to auto start. Event[257]: Log Name: System Source: Microsoft-Windows-GroupPolicy Date: 2021-05-17T17:23:14.8670000Z Event ID: 1501 Task: N/A Level: Information Opcode: Start Keyword: N/A User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The Group Policy settings for the user were processed successfully. There were no changes detected since the last successful processing of Group Policy. Event[258]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:23:15.1050000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[259]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:23:15.1210000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[260]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:23:15.7460000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Microsoft Passport Container service was changed from demand start to disabled. Event[261]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:23:15.7770000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Microsoft Passport Container service was changed from disabled to demand start. Event[262]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:23:21.1460000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[263]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:23:21.1860000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[264]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:23:21.5370000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[265]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:23:28.7680000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[266]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:23:30.7020000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[267]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:23:39.0150000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[268]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:23:42.8200000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[269]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:23:42.8200000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Started: Windows has started installing the following update: 9P2B8MCSVPLN-RealtekSemiconductorCorp.RealtekAudioControl Event[270]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:23:43.0750000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[271]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:23:44.8800000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Successful: Windows successfully installed the following update: 9P2B8MCSVPLN-RealtekSemiconductorCorp.RealtekAudioControl Event[272]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:23:45.1210000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Started: Windows has started installing the following update: 9NF8H0H7WMLT-NVIDIACorp.NVIDIAControlPanel Event[273]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:23:45.2440000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Successful: Windows successfully installed the following update: 9NF8H0H7WMLT-NVIDIACorp.NVIDIAControlPanel Event[274]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:23:55.6840000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[275]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:23:55.6840000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Started: Windows has started installing the following update: 9NF8H0H7WMLT-NVIDIACorp.NVIDIAControlPanel Event[276]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:23:55.9780000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Successful: Windows successfully installed the following update: 9NF8H0H7WMLT-NVIDIACorp.NVIDIAControlPanel Event[277]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:24:15.8010000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[278]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:24:30.8460000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[279]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:24:30.8700000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[280]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:24:30.8830000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[281]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:24:30.9610000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[282]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:24:30.9780000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[283]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:24:30.9930000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[284]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:24:31.0230000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[285]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:24:31.0240000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[286]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:24:31.0400000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[287]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:24:31.0560000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[288]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:24:31.0730000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[289]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:24:31.0890000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[290]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:24:31.1640000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[291]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:24:31.1800000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[292]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:24:31.2270000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\NVIDIACorp.NVIDIAControlPanel_56jybvy8sckqj\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[293]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:24:31.2560000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[294]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:24:31.2580000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\RealtekSemiconductorCorp.RealtekAudioControl_dt26b99r8h8gj\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[295]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:24:31.2920000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[296]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:24:32.5900000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[297]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:26:29.7780000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat was cleared updating 0 keys and creating 0 modified pages. Event[298]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:27:25.1260000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[299]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:27:31.0940000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[300]: Log Name: System Source: Microsoft-Windows-ResetEng Date: 2021-05-17T17:28:15.5350000Z Event ID: 4500 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The system has been successfully reset. Event[301]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:28:19.0610000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: Brave Update Service (brave) Service File Name: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem Event[302]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:28:19.0610000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: Brave Update Service (bravem) Service File Name: "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /medsvc Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem Event[303]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:29:03.9980000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[304]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:30:09.2830000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[305]: Log Name: System Source: Virtual Disk Service Date: 2021-05-17T17:31:04.3540000Z Event ID: 4 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Service stopped. Event[306]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:31:27.9440000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[307]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:31:28.0040000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[308]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:31:28.9620000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[309]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:31:30.5960000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[310]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:32:49.3460000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: Steam Client Service Service File Name: "C:\Program Files (x86)\Common Files\Steam\steamservice.exe" /RunAsService Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem Event[311]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:33:14.2880000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[312]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:33:19.1040000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[313]: Log Name: System Source: EventLog Date: 2021-05-17T17:34:12.4210000Z Event ID: 6008 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The previous system shutdown at 5:16:27 pm on ?17/?05/?2021 was unexpected. Event[314]: Log Name: System Source: EventLog Date: 2021-05-17T17:34:12.4210000Z Event ID: 6009 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Microsoft (R) Windows (R) 10.00. 19042 Multiprocessor Free. Event[315]: Log Name: System Source: EventLog Date: 2021-05-17T17:34:12.4210000Z Event ID: 6005 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Event log service was started. Event[316]: Log Name: System Source: EventLog Date: 2021-05-17T17:34:12.4210000Z Event ID: 6013 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system uptime is 9 seconds. Event[317]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:34:02.8020000Z Event ID: 12 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The operating system started at system time ?2021?-?05?-?17T09:34:02.500000000Z. Event[318]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:34:02.8020000Z Event ID: 153 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Virtualization-based security (policies: 0) is disabled. Event[319]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:34:02.8020000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: There are 0x1 boot options on this system. Event[320]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:34:02.8020000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The bootmgr spent 0 ms waiting for user input. Event[321]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:34:02.8020000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The last shutdown's success status was false. The last boot's success status was true. Event[322]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:34:02.8020000Z Event ID: 238 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: EFI time zone bias: 2047. Daylight flags: 0 Event[323]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:34:02.8020000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot menu policy was 0x1. Event[324]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:34:02.8020000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot type was 0x0. Event[325]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T17:34:02.8030000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The firmware reported boot metrics. Event[326]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:34:02.8110000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The leap second configuration has been updated. Reason: Leap second data initialized from registry during boot Leap seconds enabled: true New leap second count: 0 Old leap second count: 0 Event[327]: Log Name: System Source: Microsoft-Windows-HAL Date: 2021-05-17T17:34:02.9190000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The iommu fault reporting has been initialized. Event[328]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:34:03.5930000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileInfo' (10.0, ?2062?-?12?-?23T13:21:06.000000000Z) has successfully loaded and registered with Filter Manager. Event[329]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:34:03.5940000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'Wof' (10.0, ?2024?-?08?-?23T22:35:41.000000000Z) has successfully loaded and registered with Filter Manager. Event[330]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:34:03.5950000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'WdFilter' (10.0, ?2066?-?04?-?09T12:52:09.000000000Z) has successfully loaded and registered with Filter Manager. Event[331]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-17T17:34:05.7780000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume C: (\Device\HarddiskVolume5) is healthy. No action is needed. Event[332]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:34:05.8900000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileCrypt' (10.0, ?2002?-?03?-?01T19:12:42.000000000Z) has successfully loaded and registered with Filter Manager. Event[333]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:34:06.0030000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'npsvctrig' (10.0, ?2025?-?01?-?06T10:41:12.000000000Z) has successfully loaded and registered with Filter Manager. Event[334]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-17T17:34:06.0460000Z Event ID: 41 Task: N/A Level: Critical Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Event[335]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-17T17:34:06.0470000Z Event ID: 172 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Connectivity state in standby: Disconnected, Reason: NIC compliance Event[336]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:34:06.6640000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[337]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:34:06.6650000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[338]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:34:06.6650000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[339]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:34:06.6660000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[340]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:34:06.6670000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[341]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:34:06.6670000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[342]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:34:06.6690000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[343]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:34:06.6690000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[344]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:34:06.6700000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 8 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[345]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:34:06.6700000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 9 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[346]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:34:06.6710000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 10 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[347]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T17:34:06.6750000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 11 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[348]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-17T17:34:06.8520000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume D: (\Device\HarddiskVolume2) is healthy. No action is needed. Event[349]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-17T17:34:07.4450000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume E: (\Device\HarddiskVolume8) is healthy. No action is needed. Event[350]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-17T17:34:07.9140000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume F: (\Device\HarddiskVolume10) is healthy. No action is needed. Event[351]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-17T17:34:08.0400000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume \\?\Volume{e3ef0fe5-7c3c-4ff5-abf0-7b7d955f212e} (\Device\HarddiskVolume6) is healthy. No action is needed. Event[352]: Log Name: System Source: BTHUSB Date: 2021-05-17T17:34:08.1540000Z Event ID: 18 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Windows cannot store Bluetooth authentication codes (link keys) on the local adapter. Bluetooth keyboards might not work in the system BIOS during startup. Event[353]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:34:09.2550000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[354]: Log Name: System Source: BTHUSB Date: 2021-05-17T17:34:09.3000000Z Event ID: 34 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff, got 0x1fffffff. Low Energy peripheral role functionality will not be available. Event[355]: Log Name: System Source: Microsoft-Windows-Wininit Date: 2021-05-17T17:34:11.7080000Z Event ID: 14 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Credential Guard configuration: 0x0, 0 Event[356]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-17T17:34:11.9090000Z Event ID: 16962 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. Event[357]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-17T17:34:11.9170000Z Event ID: 16977 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 RelaxMinimumPasswordLengthLimits: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. Event[358]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:34:12.3550000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'wcifs' (10.0, ?1971?-?08?-?10T19:27:38.000000000Z) has successfully loaded and registered with Filter Manager. Event[359]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:34:12.4420000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'luafv' (10.0, ?2041?-?09?-?19T13:13:33.000000000Z) has successfully loaded and registered with Filter Manager. Event[360]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:34:12.4530000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[361]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:34:12.4530000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (Version 10.0, ?2025?-?11?-?30T04:09:30.000000000Z) unloaded successfully. Event[362]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:34:12.4530000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[363]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:34:12.4590000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'storqosflt' (10.0, ?2007?-?04?-?10T02:08:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[364]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:34:12.4750000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'bindflt' (10.0, ?2006?-?02?-?14T16:00:32.000000000Z) has successfully loaded and registered with Filter Manager. Event[365]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-17T17:34:12.4940000Z Event ID: 50036 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client service is started Event[366]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-17T17:34:12.4950000Z Event ID: 50103 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client registered for shutdown notification Event[367]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-17T17:34:12.5100000Z Event ID: 51046 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service is started Event[368]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:34:13.5780000Z Event ID: 7026 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The following boot-start or system-start driver(s) did not load: dam Event[369]: Log Name: System Source: Microsoft-Windows-WER-SystemErrorReporting Date: 2021-05-17T17:34:15.7970000Z Event ID: 1001 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004a (0x00007ffbaec11144, 0x0000000000000002, 0x0000000000000000, 0xffffee08bf3feec0). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: df1baf59-7a79-4b2f-bfea-2a2579a4b229. Event[370]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-17T17:34:20.3040000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logon Notification for Customer Experience Improvement Program Event[371]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:34:20.7970000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[372]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:34:20.7970000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[373]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:34:22.7550000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[374]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:34:22.7550000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[375]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:34:26.3980000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[376]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:35:19.4230000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[377]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:35:23.7790000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[378]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:35:52.8390000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[379]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:36:14.7040000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[380]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:36:14.7050000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[381]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:36:14.7050000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[382]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:36:16.6370000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: Epic Online Services Service File Name: "C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe" Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem Event[383]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:36:28.5060000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[384]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:39:40.1570000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Remote Access IP ARP Driver service was changed from demand start to auto start. Event[385]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:39:40.3840000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Remote Access Connection Manager service was changed from demand start to auto start. Event[386]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:40:20.9860000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[387]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:40:20.9860000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[388]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:40:20.9860000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[389]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:40:20.9860000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[390]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:40:20.9860000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[391]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:41:03.9790000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[392]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:41:05.9200000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Started: Windows has started installing the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.883.0) Event[393]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:41:13.3240000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Successful: Windows successfully installed the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.883.0) Event[394]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:41:13.7410000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Started: Windows has started installing the following update: Update for Microsoft Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2104.14) Event[395]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:41:20.7630000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'WdFilter' (Version 10.0, ?2066?-?04?-?09T12:52:09.000000000Z) unloaded successfully. Event[396]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:41:21.5880000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Windows Modules Installer service was changed from demand start to auto start. Event[397]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T17:41:25.1390000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'WdFilter' (10.0, ?1993?-?07?-?24T01:48:40.000000000Z) has successfully loaded and registered with Filter Manager. Event[398]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:41:28.6920000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Successful: Windows successfully installed the following update: Update for Microsoft Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2104.14) Event[399]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:41:29.1240000Z Event ID: 20 Task: Windows Update Agent Level: Error Opcode: Installation Keyword: Installation,Failure User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Update for Windows Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2001.10). Event[400]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:41:29.4810000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Started: Windows has started installing the following update: 2021-03 Update for Windows 10 Version 20H2 for x64-based Systems (KB4023057) Event[401]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:41:30.9220000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: Microsoft Update Health Service Service File Name: "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" Service Type: user mode service Service Start Type: disabled Service Account: LocalSystem Event[402]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:41:31.0920000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Successful: Windows successfully installed the following update: 2021-03 Update for Windows 10 Version 20H2 for x64-based Systems (KB4023057) Event[403]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:42:00.6830000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Windows Modules Installer service was changed from auto start to demand start. Event[404]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:42:12.5600000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Started: Windows has started installing the following update: Windows Malicious Software Removal Tool x64 - v5.89 (KB890830) Event[405]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:42:29.8140000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[406]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:42:35.3820000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[407]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:43:03.0610000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[408]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:43:13.1850000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Successful: Windows successfully installed the following update: Windows Malicious Software Removal Tool x64 - v5.89 (KB890830) Event[409]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:44:00.5600000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[410]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:46:02.5190000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[411]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:47:11.9040000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[412]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:49:18.5720000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[413]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:52:06.7040000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Started: Windows has started installing the following update: 2021-05 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5003173) Event[414]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:52:08.9050000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Windows Modules Installer service was changed from demand start to auto start. Event[415]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T17:53:59.2600000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[416]: Log Name: System Source: Service Control Manager Date: 2021-05-17T17:54:24.4020000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Windows Modules Installer service was changed from auto start to demand start. Event[417]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T17:54:25.4960000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Successful: Windows successfully installed the following update: 2021-05 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5003173) Event[418]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:54:42.2760000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[419]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T17:54:42.3110000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[420]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T18:00:28.3890000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[421]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T18:01:02.4530000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[422]: Log Name: System Source: Service Control Manager Date: 2021-05-17T18:03:29.9860000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: NVIDIA Virtual Audio Device (Wave Extensible) (WDM) Service File Name: \SystemRoot\system32\drivers\nvvad64v.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: Event[423]: Log Name: System Source: Service Control Manager Date: 2021-05-17T18:03:31.4570000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: NVIDIA LocalSystem Container Service File Name: "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem Event[424]: Log Name: System Source: Service Control Manager Date: 2021-05-17T18:03:33.0150000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the NVIDIA SHIELD Wireless Controller Trackpad Service service was changed from demand start to disabled. Event[425]: Log Name: System Source: Service Control Manager Date: 2021-05-17T18:03:33.7970000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: NvModuleTracker Service File Name: \SystemRoot\System32\drivers\NvModuleTracker.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: Event[426]: Log Name: System Source: Service Control Manager Date: 2021-05-17T18:03:34.0200000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the NVVHCI Enumerator Service service was changed from demand start to disabled. Event[427]: Log Name: System Source: Service Control Manager Date: 2021-05-17T18:03:34.4200000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the NVVHCI Enumerator Service service was changed from disabled to demand start. Event[428]: Log Name: System Source: Service Control Manager Date: 2021-05-17T18:03:36.7650000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: NVIDIA FrameView SDK service Service File Name: "C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe" -service Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem Event[429]: Log Name: System Source: Service Control Manager Date: 2021-05-17T18:03:51.1350000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the NVIDIA LocalSystem Container service was changed from demand start to auto start. Event[430]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T18:04:21.8660000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[431]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T18:05:33.1020000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[432]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T18:05:33.1390000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[433]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T18:06:34.9160000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[434]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T18:19:38.3110000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[435]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T18:19:38.3110000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Started: Windows has started installing the following update: 9PF4KZ2VN4W9-28017CharlesMilette.TranslucentTB Event[436]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T18:19:38.6740000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Successful: Windows successfully installed the following update: 9PF4KZ2VN4W9-28017CharlesMilette.TranslucentTB Event[437]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T18:19:38.7900000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[438]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T18:23:04.1480000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[439]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T18:27:05.0620000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat was cleared updating 0 keys and creating 0 modified pages. Event[440]: Log Name: System Source: Service Control Manager Date: 2021-05-17T18:30:55.9880000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: Xbox 360 Wireless Receiver Driver Service 22 Service File Name: \SystemRoot\System32\drivers\xusb22.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: Event[441]: Log Name: System Source: Service Control Manager Date: 2021-05-17T18:31:07.5670000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[442]: Log Name: System Source: Service Control Manager Date: 2021-05-17T19:07:38.2150000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[443]: Log Name: System Source: User32 Date: 2021-05-17T19:07:39.3430000Z Event ID: 1074 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The process C:\Windows\System32\RuntimeBroker.exe (DESKTOP-5M67F4R) has initiated the power off of computer DESKTOP-5M67F4R on behalf of user DESKTOP-5M67F4R\man_l for the following reason: Other (Unplanned) Reason Code: 0x0 Shutdown Type: power off Comment: Event[444]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-17T19:07:43.9080000Z Event ID: 7002 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logoff Notification for Customer Experience Improvement Program Event[445]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-17T19:07:44.2750000Z Event ID: 187 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User-mode process attempted to change the system state by calling SetSuspendState or SetSystemPowerState APIs. Event[446]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-17T19:07:44.9070000Z Event ID: 42 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system is entering sleep. Sleep Reason: Application API Event[447]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-17T19:07:54.3310000Z Event ID: 107 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system has resumed from sleep. Event[448]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T22:45:06.5000000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: Time User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system time has changed to ?2021?-?05?-?17T14:45:06.500000000Z from ?2021?-?05?-?17T11:07:54.330984900Z. Change Reason: System time synchronized with the hardware clock. Process: '' (PID 4). Event[449]: Log Name: System Source: BTHUSB Date: 2021-05-17T22:45:09.1880000Z Event ID: 18 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Windows cannot store Bluetooth authentication codes (link keys) on the local adapter. Bluetooth keyboards might not work in the system BIOS during startup. Event[450]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T22:45:09.2240000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The firmware reported boot metrics. Event[451]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T22:45:09.2240000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: There are 0x1 boot options on this system. Event[452]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T22:45:09.2240000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The bootmgr spent 0 ms waiting for user input. Event[453]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T22:45:09.2250000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The boot menu policy was 0x1. Event[454]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T22:45:09.2250000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The boot type was 0x1. Event[455]: Log Name: System Source: BTHUSB Date: 2021-05-17T22:45:09.2700000Z Event ID: 34 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff, got 0x1fffffff. Low Energy peripheral role functionality will not be available. Event[456]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-17T22:45:10.7490000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logon Notification for Customer Experience Improvement Program Event[457]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T22:45:11.1400000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[458]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T22:45:11.1400000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[459]: Log Name: System Source: Microsoft-Windows-Power-Troubleshooter Date: 2021-05-17T22:45:11.2340000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The system has returned from a low power state. Sleep Time: ?2021?-?05?-?17T11:07:44.271089700Z Wake Time: ?2021?-?05?-?17T14:45:09.567306000Z Wake Source: Unknown Event[460]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T22:45:59.8160000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[461]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T22:45:59.8160000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Started: Windows has started installing the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.901.0) Event[462]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-17T22:46:05.0680000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Successful: Windows successfully installed the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.901.0) Event[463]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T22:46:47.5950000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[464]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T22:46:59.4270000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[465]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T22:47:09.2780000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[466]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T22:47:09.3330000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[467]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T22:48:01.6760000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[468]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T22:54:06.2500000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[469]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T23:30:13.8050000Z Event ID: 12 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The operating system started at system time ?2021?-?05?-?17T15:30:13.500000000Z. Event[470]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T23:30:13.8050000Z Event ID: 153 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Virtualization-based security (policies: 0) is disabled. Event[471]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T23:30:13.8050000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: There are 0x1 boot options on this system. Event[472]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T23:30:13.8050000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The bootmgr spent 0 ms waiting for user input. Event[473]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T23:30:13.8050000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The last shutdown's success status was false. The last boot's success status was true. Event[474]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T23:30:13.8050000Z Event ID: 238 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: EFI time zone bias: 2047. Daylight flags: 0 Event[475]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T23:30:13.8050000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot menu policy was 0x1. Event[476]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T23:30:13.8050000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot type was 0x0. Event[477]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-17T23:30:13.8050000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The firmware reported boot metrics. Event[478]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T23:30:13.8140000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The leap second configuration has been updated. Reason: Leap second data initialized from registry during boot Leap seconds enabled: true New leap second count: 0 Old leap second count: 0 Event[479]: Log Name: System Source: EventLog Date: 2021-05-17T23:30:25.0180000Z Event ID: 6008 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The previous system shutdown at 11:11:24 pm on ?17/?05/?2021 was unexpected. Event[480]: Log Name: System Source: EventLog Date: 2021-05-17T23:30:25.0180000Z Event ID: 6009 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Microsoft (R) Windows (R) 10.00. 19042 Multiprocessor Free. Event[481]: Log Name: System Source: EventLog Date: 2021-05-17T23:30:25.0180000Z Event ID: 6005 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Event log service was started. Event[482]: Log Name: System Source: EventLog Date: 2021-05-17T23:30:25.0280000Z Event ID: 6013 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system uptime is 11 seconds. Event[483]: Log Name: System Source: Microsoft-Windows-HAL Date: 2021-05-17T23:30:13.9250000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The iommu fault reporting has been initialized. Event[484]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T23:30:14.5930000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileInfo' (10.0, ?2062?-?12?-?23T13:21:06.000000000Z) has successfully loaded and registered with Filter Manager. Event[485]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T23:30:14.5940000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'Wof' (10.0, ?2024?-?08?-?23T22:35:41.000000000Z) has successfully loaded and registered with Filter Manager. Event[486]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T23:30:14.5950000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'WdFilter' (10.0, ?1993?-?07?-?24T01:48:40.000000000Z) has successfully loaded and registered with Filter Manager. Event[487]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-17T23:30:16.1930000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume C: (\Device\HarddiskVolume5) is healthy. No action is needed. Event[488]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T23:30:17.6680000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileCrypt' (10.0, ?2002?-?03?-?01T19:12:42.000000000Z) has successfully loaded and registered with Filter Manager. Event[489]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T23:30:17.7850000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'npsvctrig' (10.0, ?2025?-?01?-?06T10:41:12.000000000Z) has successfully loaded and registered with Filter Manager. Event[490]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-17T23:30:17.8300000Z Event ID: 41 Task: N/A Level: Critical Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Event[491]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-17T23:30:17.8310000Z Event ID: 172 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Connectivity state in standby: Disconnected, Reason: NIC compliance Event[492]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-17T23:30:18.1310000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume F: (\Device\HarddiskVolume10) is healthy. No action is needed. Event[493]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T23:30:18.4660000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[494]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T23:30:18.4660000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[495]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T23:30:18.4670000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[496]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T23:30:18.4670000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[497]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T23:30:18.4680000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[498]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T23:30:18.4680000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[499]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T23:30:18.4700000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[500]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T23:30:18.4700000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[501]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T23:30:18.4710000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 8 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[502]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T23:30:18.4720000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 9 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[503]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T23:30:18.4720000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 10 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[504]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-17T23:30:18.4760000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 11 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[505]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-17T23:30:18.6690000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume E: (\Device\HarddiskVolume8) is healthy. No action is needed. Event[506]: Log Name: System Source: BTHUSB Date: 2021-05-17T23:30:19.5080000Z Event ID: 18 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Windows cannot store Bluetooth authentication codes (link keys) on the local adapter. Bluetooth keyboards might not work in the system BIOS during startup. Event[507]: Log Name: System Source: BTHUSB Date: 2021-05-17T23:30:19.5700000Z Event ID: 34 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff, got 0x1fffffff. Low Energy peripheral role functionality will not be available. Event[508]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-17T23:30:20.3640000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume D: (\Device\HarddiskVolume2) is healthy. No action is needed. Event[509]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-17T23:30:20.5010000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume \\?\Volume{e3ef0fe5-7c3c-4ff5-abf0-7b7d955f212e} (\Device\HarddiskVolume6) is healthy. No action is needed. Event[510]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-17T23:30:21.6750000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[511]: Log Name: System Source: Microsoft-Windows-Wininit Date: 2021-05-17T23:30:23.8260000Z Event ID: 14 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Credential Guard configuration: 0x0, 0 Event[512]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-17T23:30:24.0260000Z Event ID: 16962 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. Event[513]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-17T23:30:24.0340000Z Event ID: 16977 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 RelaxMinimumPasswordLengthLimits: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. Event[514]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T23:30:24.9930000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'wcifs' (10.0, ?1971?-?08?-?10T19:27:38.000000000Z) has successfully loaded and registered with Filter Manager. Event[515]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T23:30:25.0380000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'luafv' (10.0, ?2041?-?09?-?19T13:13:33.000000000Z) has successfully loaded and registered with Filter Manager. Event[516]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T23:30:25.0520000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[517]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T23:30:25.0520000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (Version 10.0, ?2025?-?11?-?30T04:09:30.000000000Z) unloaded successfully. Event[518]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T23:30:25.0520000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[519]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T23:30:25.0580000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'storqosflt' (10.0, ?2007?-?04?-?10T02:08:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[520]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-17T23:30:25.0630000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'bindflt' (10.0, ?2006?-?02?-?14T16:00:32.000000000Z) has successfully loaded and registered with Filter Manager. Event[521]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-17T23:30:25.0850000Z Event ID: 50036 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client service is started Event[522]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-17T23:30:25.0850000Z Event ID: 50103 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client registered for shutdown notification Event[523]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-17T23:30:25.1060000Z Event ID: 51046 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service is started Event[524]: Log Name: System Source: Service Control Manager Date: 2021-05-17T23:30:26.1690000Z Event ID: 7026 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The following boot-start or system-start driver(s) did not load: dam Event[525]: Log Name: System Source: Microsoft-Windows-WER-SystemErrorReporting Date: 2021-05-17T23:30:28.7010000Z Event ID: 1001 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000038, 0x0000000000000002, 0x0000000000000000, 0xfffff8045b554d8e). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: c2dac528-0c47-4f4c-a63b-dc1c53dee17f. Event[526]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-17T23:30:30.5050000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logon Notification for Customer Experience Improvement Program Event[527]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T23:30:31.1050000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[528]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T23:30:31.1050000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[529]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T23:31:17.7780000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[530]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T23:32:27.2720000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[531]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T23:32:27.2720000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[532]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T23:32:27.2730000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[533]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T23:49:13.5870000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[534]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-17T23:49:13.6680000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[535]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T00:43:29.2780000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat was cleared updating 0 keys and creating 0 modified pages. Event[536]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T01:45:47.8830000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[537]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T02:09:49.5540000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[538]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T02:45:30.5190000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[539]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T03:01:40.8130000Z Event ID: 12 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The operating system started at system time ?2021?-?05?-?17T19:01:40.500000000Z. Event[540]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T03:01:40.8130000Z Event ID: 153 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Virtualization-based security (policies: 0) is disabled. Event[541]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T03:01:40.8130000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: There are 0x1 boot options on this system. Event[542]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T03:01:40.8140000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The bootmgr spent 0 ms waiting for user input. Event[543]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T03:01:40.8140000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The last shutdown's success status was false. The last boot's success status was true. Event[544]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T03:01:40.8140000Z Event ID: 238 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: EFI time zone bias: 2047. Daylight flags: 0 Event[545]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T03:01:40.8140000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot menu policy was 0x1. Event[546]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T03:01:40.8140000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot type was 0x0. Event[547]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T03:01:40.8140000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The firmware reported boot metrics. Event[548]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T03:01:40.8180000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The leap second configuration has been updated. Reason: Leap second data initialized from registry during boot Leap seconds enabled: true New leap second count: 0 Old leap second count: 0 Event[549]: Log Name: System Source: EventLog Date: 2021-05-18T03:01:48.6840000Z Event ID: 6008 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The previous system shutdown at 2:50:25 am on ?18/?05/?2021 was unexpected. Event[550]: Log Name: System Source: EventLog Date: 2021-05-18T03:01:48.6840000Z Event ID: 6009 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Microsoft (R) Windows (R) 10.00. 19042 Multiprocessor Free. Event[551]: Log Name: System Source: EventLog Date: 2021-05-18T03:01:48.6840000Z Event ID: 6005 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Event log service was started. Event[552]: Log Name: System Source: EventLog Date: 2021-05-18T03:01:48.6840000Z Event ID: 6013 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system uptime is 8 seconds. Event[553]: Log Name: System Source: Microsoft-Windows-HAL Date: 2021-05-18T03:01:40.9110000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The iommu fault reporting has been initialized. Event[554]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T03:01:41.5620000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileInfo' (10.0, ?2062?-?12?-?23T13:21:06.000000000Z) has successfully loaded and registered with Filter Manager. Event[555]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T03:01:41.5630000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'Wof' (10.0, ?2024?-?08?-?23T22:35:41.000000000Z) has successfully loaded and registered with Filter Manager. Event[556]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T03:01:41.5640000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'WdFilter' (10.0, ?1993?-?07?-?24T01:48:40.000000000Z) has successfully loaded and registered with Filter Manager. Event[557]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T03:01:42.0330000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume C: (\Device\HarddiskVolume5) is healthy. No action is needed. Event[558]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T03:01:43.2870000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileCrypt' (10.0, ?2002?-?03?-?01T19:12:42.000000000Z) has successfully loaded and registered with Filter Manager. Event[559]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T03:01:43.4010000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'npsvctrig' (10.0, ?2025?-?01?-?06T10:41:12.000000000Z) has successfully loaded and registered with Filter Manager. Event[560]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-18T03:01:43.4450000Z Event ID: 41 Task: N/A Level: Critical Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Event[561]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-18T03:01:43.4460000Z Event ID: 172 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Connectivity state in standby: Disconnected, Reason: NIC compliance Event[562]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T03:01:43.7360000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume F: (\Device\HarddiskVolume10) is healthy. No action is needed. Event[563]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T03:01:44.0720000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[564]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T03:01:44.0720000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[565]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T03:01:44.0730000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[566]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T03:01:44.0730000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[567]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T03:01:44.0740000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[568]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T03:01:44.0740000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[569]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T03:01:44.0750000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[570]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T03:01:44.0760000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[571]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T03:01:44.0790000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 8 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[572]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T03:01:44.0790000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 9 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[573]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T03:01:44.0800000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 10 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[574]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T03:01:44.0840000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 11 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[575]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T03:01:44.2350000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume E: (\Device\HarddiskVolume8) is healthy. No action is needed. Event[576]: Log Name: System Source: BTHUSB Date: 2021-05-18T03:01:44.9030000Z Event ID: 18 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Windows cannot store Bluetooth authentication codes (link keys) on the local adapter. Bluetooth keyboards might not work in the system BIOS during startup. Event[577]: Log Name: System Source: BTHUSB Date: 2021-05-18T03:01:44.9660000Z Event ID: 34 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff, got 0x1fffffff. Low Energy peripheral role functionality will not be available. Event[578]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T03:01:45.1480000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume D: (\Device\HarddiskVolume2) is healthy. No action is needed. Event[579]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T03:01:45.2710000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume \\?\Volume{e3ef0fe5-7c3c-4ff5-abf0-7b7d955f212e} (\Device\HarddiskVolume6) is healthy. No action is needed. Event[580]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T03:01:46.0730000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[581]: Log Name: System Source: Microsoft-Windows-Wininit Date: 2021-05-18T03:01:47.5010000Z Event ID: 14 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Credential Guard configuration: 0x0, 0 Event[582]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-18T03:01:47.6990000Z Event ID: 16962 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. Event[583]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-18T03:01:47.7090000Z Event ID: 16977 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 RelaxMinimumPasswordLengthLimits: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. Event[584]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T03:01:48.6590000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'wcifs' (10.0, ?1971?-?08?-?10T19:27:38.000000000Z) has successfully loaded and registered with Filter Manager. Event[585]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T03:01:48.7140000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'luafv' (10.0, ?2041?-?09?-?19T13:13:33.000000000Z) has successfully loaded and registered with Filter Manager. Event[586]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T03:01:48.7270000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[587]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T03:01:48.7270000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (Version 10.0, ?2025?-?11?-?30T04:09:30.000000000Z) unloaded successfully. Event[588]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T03:01:48.7270000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[589]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T03:01:48.7350000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'storqosflt' (10.0, ?2007?-?04?-?10T02:08:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[590]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T03:01:48.7410000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'bindflt' (10.0, ?2006?-?02?-?14T16:00:32.000000000Z) has successfully loaded and registered with Filter Manager. Event[591]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-18T03:01:48.7450000Z Event ID: 50036 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client service is started Event[592]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-18T03:01:48.7450000Z Event ID: 50103 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client registered for shutdown notification Event[593]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-18T03:01:48.7700000Z Event ID: 51046 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service is started Event[594]: Log Name: System Source: Service Control Manager Date: 2021-05-18T03:01:49.8880000Z Event ID: 7026 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The following boot-start or system-start driver(s) did not load: dam Event[595]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-18T03:02:00.0670000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logon Notification for Customer Experience Improvement Program Event[596]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T03:02:00.5800000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[597]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T03:02:00.5800000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[598]: Log Name: System Source: User32 Date: 2021-05-18T03:02:09.3970000Z Event ID: 1074 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The process C:\Windows\System32\RuntimeBroker.exe (DESKTOP-5M67F4R) has initiated the power off of computer DESKTOP-5M67F4R on behalf of user DESKTOP-5M67F4R\man_l for the following reason: Other (Unplanned) Reason Code: 0x0 Shutdown Type: power off Comment: Event[599]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-18T03:02:12.7220000Z Event ID: 7002 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logoff Notification for Customer Experience Improvement Program Event[600]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-18T03:02:13.0940000Z Event ID: 187 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User-mode process attempted to change the system state by calling SetSuspendState or SetSystemPowerState APIs. Event[601]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-18T03:02:13.6090000Z Event ID: 42 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system is entering sleep. Sleep Reason: Application API Event[602]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-18T03:02:15.1190000Z Event ID: 107 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system has resumed from sleep. Event[603]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T04:37:02.5000000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: Time User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system time has changed to ?2021?-?05?-?17T20:37:02.500000000Z from ?2021?-?05?-?17T19:02:15.119526000Z. Change Reason: System time synchronized with the hardware clock. Process: '' (PID 4). Event[604]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T04:37:03.4100000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The firmware reported boot metrics. Event[605]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T04:37:03.4100000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: There are 0x1 boot options on this system. Event[606]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T04:37:03.4100000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The bootmgr spent 0 ms waiting for user input. Event[607]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T04:37:03.4100000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The boot menu policy was 0x1. Event[608]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T04:37:03.4100000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The boot type was 0x1. Event[609]: Log Name: System Source: BTHUSB Date: 2021-05-18T04:37:03.4210000Z Event ID: 18 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Windows cannot store Bluetooth authentication codes (link keys) on the local adapter. Bluetooth keyboards might not work in the system BIOS during startup. Event[610]: Log Name: System Source: BTHUSB Date: 2021-05-18T04:37:03.4950000Z Event ID: 34 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff, got 0x1fffffff. Low Energy peripheral role functionality will not be available. Event[611]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-18T04:37:04.6800000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logon Notification for Customer Experience Improvement Program Event[612]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T04:37:05.0560000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[613]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T04:37:05.0560000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[614]: Log Name: System Source: Microsoft-Windows-Power-Troubleshooter Date: 2021-05-18T04:37:05.4160000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The system has returned from a low power state. Sleep Time: ?2021?-?05?-?17T19:02:13.090415700Z Wake Time: ?2021?-?05?-?17T20:37:03.480345800Z Wake Source: Unknown Event[615]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T04:37:26.1650000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[616]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T04:38:38.2090000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[617]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T04:38:38.2090000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[618]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T04:38:38.2090000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[619]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T04:41:16.8060000Z Event ID: 12 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The operating system started at system time ?2021?-?05?-?17T20:41:16.500000000Z. Event[620]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T04:41:16.8060000Z Event ID: 153 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Virtualization-based security (policies: 0) is disabled. Event[621]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T04:41:16.8060000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: There are 0x1 boot options on this system. Event[622]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T04:41:16.8060000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The bootmgr spent 0 ms waiting for user input. Event[623]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T04:41:16.8060000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The last shutdown's success status was false. The last boot's success status was true. Event[624]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T04:41:16.8060000Z Event ID: 238 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: EFI time zone bias: 2047. Daylight flags: 0 Event[625]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T04:41:16.8060000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot menu policy was 0x1. Event[626]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T04:41:16.8060000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot type was 0x0. Event[627]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T04:41:16.8070000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The firmware reported boot metrics. Event[628]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T04:41:16.8150000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The leap second configuration has been updated. Reason: Leap second data initialized from registry during boot Leap seconds enabled: true New leap second count: 0 Old leap second count: 0 Event[629]: Log Name: System Source: EventLog Date: 2021-05-18T04:41:23.7060000Z Event ID: 6008 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The previous system shutdown at 3:01:48 am on ?18/?05/?2021 was unexpected. Event[630]: Log Name: System Source: EventLog Date: 2021-05-18T04:41:23.7060000Z Event ID: 6009 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Microsoft (R) Windows (R) 10.00. 19042 Multiprocessor Free. Event[631]: Log Name: System Source: EventLog Date: 2021-05-18T04:41:23.7060000Z Event ID: 6005 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Event log service was started. Event[632]: Log Name: System Source: EventLog Date: 2021-05-18T04:41:23.7230000Z Event ID: 6013 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system uptime is 7 seconds. Event[633]: Log Name: System Source: Microsoft-Windows-HAL Date: 2021-05-18T04:41:16.9380000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The iommu fault reporting has been initialized. Event[634]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T04:41:17.6240000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileInfo' (10.0, ?2062?-?12?-?23T13:21:06.000000000Z) has successfully loaded and registered with Filter Manager. Event[635]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T04:41:17.6250000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'Wof' (10.0, ?2024?-?08?-?23T22:35:41.000000000Z) has successfully loaded and registered with Filter Manager. Event[636]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T04:41:17.6260000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'WdFilter' (10.0, ?1993?-?07?-?24T01:48:40.000000000Z) has successfully loaded and registered with Filter Manager. Event[637]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T04:41:18.1810000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume C: (\Device\HarddiskVolume5) is healthy. No action is needed. Event[638]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T04:41:18.2980000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileCrypt' (10.0, ?2002?-?03?-?01T19:12:42.000000000Z) has successfully loaded and registered with Filter Manager. Event[639]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T04:41:18.4140000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'npsvctrig' (10.0, ?2025?-?01?-?06T10:41:12.000000000Z) has successfully loaded and registered with Filter Manager. Event[640]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-18T04:41:18.4590000Z Event ID: 41 Task: N/A Level: Critical Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Event[641]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-18T04:41:18.4590000Z Event ID: 172 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Connectivity state in standby: Disconnected, Reason: NIC compliance Event[642]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T04:41:18.7460000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume F: (\Device\HarddiskVolume10) is healthy. No action is needed. Event[643]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T04:41:19.1040000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[644]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T04:41:19.1050000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[645]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T04:41:19.1050000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[646]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T04:41:19.1060000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[647]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T04:41:19.1060000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[648]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T04:41:19.1070000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[649]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T04:41:19.1080000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[650]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T04:41:19.1080000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[651]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T04:41:19.1090000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 8 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[652]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T04:41:19.1090000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 9 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[653]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T04:41:19.1100000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 10 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[654]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T04:41:19.1140000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 11 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[655]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T04:41:19.2960000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume E: (\Device\HarddiskVolume8) is healthy. No action is needed. Event[656]: Log Name: System Source: BTHUSB Date: 2021-05-18T04:41:19.9320000Z Event ID: 18 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Windows cannot store Bluetooth authentication codes (link keys) on the local adapter. Bluetooth keyboards might not work in the system BIOS during startup. Event[657]: Log Name: System Source: BTHUSB Date: 2021-05-18T04:41:20.0110000Z Event ID: 34 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff, got 0x1fffffff. Low Energy peripheral role functionality will not be available. Event[658]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T04:41:20.2120000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume D: (\Device\HarddiskVolume2) is healthy. No action is needed. Event[659]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T04:41:20.3490000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume \\?\Volume{e3ef0fe5-7c3c-4ff5-abf0-7b7d955f212e} (\Device\HarddiskVolume6) is healthy. No action is needed. Event[660]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T04:41:21.1040000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[661]: Log Name: System Source: Microsoft-Windows-Wininit Date: 2021-05-18T04:41:22.5420000Z Event ID: 14 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Credential Guard configuration: 0x0, 0 Event[662]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-18T04:41:22.7870000Z Event ID: 16962 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. Event[663]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-18T04:41:22.7960000Z Event ID: 16977 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 RelaxMinimumPasswordLengthLimits: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. Event[664]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T04:41:23.6900000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'wcifs' (10.0, ?1971?-?08?-?10T19:27:38.000000000Z) has successfully loaded and registered with Filter Manager. Event[665]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T04:41:23.7340000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'luafv' (10.0, ?2041?-?09?-?19T13:13:33.000000000Z) has successfully loaded and registered with Filter Manager. Event[666]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T04:41:23.7450000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[667]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T04:41:23.7450000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (Version 10.0, ?2025?-?11?-?30T04:09:30.000000000Z) unloaded successfully. Event[668]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T04:41:23.7450000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[669]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-18T04:41:23.7750000Z Event ID: 50036 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client service is started Event[670]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-18T04:41:23.7750000Z Event ID: 50103 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client registered for shutdown notification Event[671]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-18T04:41:23.7960000Z Event ID: 51046 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service is started Event[672]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T04:41:23.8080000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'storqosflt' (10.0, ?2007?-?04?-?10T02:08:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[673]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T04:41:23.8140000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'bindflt' (10.0, ?2006?-?02?-?14T16:00:32.000000000Z) has successfully loaded and registered with Filter Manager. Event[674]: Log Name: System Source: Service Control Manager Date: 2021-05-18T04:41:24.8890000Z Event ID: 7026 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The following boot-start or system-start driver(s) did not load: dam Event[675]: Log Name: System Source: Microsoft-Windows-WER-SystemErrorReporting Date: 2021-05-18T04:41:27.4360000Z Event ID: 1001 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000061941, 0xffffa2006967c000, 0x000000000000000b, 0xffff8081369ccec0). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 8f977bc3-f555-4a6d-a78a-206611c58a9a. Event[676]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-18T04:41:52.7300000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logon Notification for Customer Experience Improvement Program Event[677]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T04:41:53.2470000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[678]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T04:41:53.2470000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[679]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T04:41:59.7860000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[680]: Log Name: System Source: Service Control Manager Date: 2021-05-18T04:43:06.3250000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[681]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T04:43:25.9820000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[682]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T04:43:25.9820000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[683]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T04:43:25.9820000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[684]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T04:44:02.6420000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'asrdmon' (6.1, ?2018?-?04?-?11T03:03:45.000000000Z) has successfully loaded and registered with Filter Manager. Event[685]: Log Name: System Source: Service Control Manager Date: 2021-05-18T04:44:02.6500000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: tscmon Service File Name: C:\Program Files (x86)\Advanced System Repair Pro 1.7.0.11\tscmon.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem Event[686]: Log Name: System Source: Service Control Manager Date: 2021-05-18T04:44:02.6660000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: MpKsld2b23df5 Service File Name: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{930F116F-6EEE-4B26-BA3C-D102F3D5EA03}\MpKslDrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: Event[687]: Log Name: System Source: Service Control Manager Date: 2021-05-18T04:45:26.5130000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[688]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T04:46:12.0100000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[689]: Log Name: System Source: Microsoft-Windows-UserModePowerService Date: 2021-05-18T04:47:26.3740000Z Event ID: 12 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Process C:\Windows\ImmersiveControlPanel\SystemSettings.exe (process ID:7416) reset policy scheme from {8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c} to {8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c} Event[690]: Log Name: System Source: Service Control Manager Date: 2021-05-18T04:49:57.4250000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The start type of the Windows Search service was changed from auto start to disabled. Event[691]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T04:51:34.8600000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[692]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T04:51:35.2420000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Started: Windows has started installing the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.914.0) Event[693]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T04:52:18.2260000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Successful: Windows successfully installed the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.914.0) Event[694]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T04:53:22.6020000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[695]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T04:55:18.2460000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[696]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T04:55:46.5030000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[697]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T04:55:46.5690000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[698]: Log Name: System Source: Service Control Manager Date: 2021-05-18T04:59:21.8360000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: RTCore64 Service File Name: C:\Program Files (x86)\MSI Afterburner\RTCore64.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: Event[699]: Log Name: System Source: Service Control Manager Date: 2021-05-18T04:59:21.8640000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: MpKsl0fc69c48 Service File Name: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{15106747-FA30-47A1-8697-E54903437340}\MpKslDrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: Event[700]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T05:05:22.4810000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat was cleared updating 0 keys and creating 0 modified pages. Event[701]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T05:10:59.8850000Z Event ID: 12 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The operating system started at system time ?2021?-?05?-?17T21:10:59.500000000Z. Event[702]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T05:10:59.8850000Z Event ID: 153 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Virtualization-based security (policies: 0) is disabled. Event[703]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T05:10:59.8850000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: There are 0x1 boot options on this system. Event[704]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T05:10:59.8860000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The bootmgr spent 0 ms waiting for user input. Event[705]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T05:10:59.8860000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The last shutdown's success status was false. The last boot's success status was false. Event[706]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T05:10:59.8860000Z Event ID: 238 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: EFI time zone bias: 2047. Daylight flags: 0 Event[707]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T05:10:59.8860000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot menu policy was 0x1. Event[708]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T05:10:59.8860000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot type was 0x0. Event[709]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T05:10:59.8860000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The firmware reported boot metrics. Event[710]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T05:10:59.8930000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The leap second configuration has been updated. Reason: Leap second data initialized from registry during boot Leap seconds enabled: true New leap second count: 0 Old leap second count: 0 Event[711]: Log Name: System Source: EventLog Date: 2021-05-18T05:11:09.5030000Z Event ID: 6008 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The previous system shutdown at 4:41:23 am on ?18/?05/?2021 was unexpected. Event[712]: Log Name: System Source: EventLog Date: 2021-05-18T05:11:09.5030000Z Event ID: 6009 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Microsoft (R) Windows (R) 10.00. 19042 Multiprocessor Free. Event[713]: Log Name: System Source: EventLog Date: 2021-05-18T05:11:09.5030000Z Event ID: 6005 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Event log service was started. Event[714]: Log Name: System Source: EventLog Date: 2021-05-18T05:11:09.5030000Z Event ID: 6013 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system uptime is 10 seconds. Event[715]: Log Name: System Source: Microsoft-Windows-HAL Date: 2021-05-18T05:10:59.9980000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The iommu fault reporting has been initialized. Event[716]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:11:00.7180000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileInfo' (10.0, ?2062?-?12?-?23T13:21:06.000000000Z) has successfully loaded and registered with Filter Manager. Event[717]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:11:00.7190000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'Wof' (10.0, ?2024?-?08?-?23T22:35:41.000000000Z) has successfully loaded and registered with Filter Manager. Event[718]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:11:00.7200000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'WdFilter' (10.0, ?1993?-?07?-?24T01:48:40.000000000Z) has successfully loaded and registered with Filter Manager. Event[719]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T05:11:01.4080000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume C: (\Device\HarddiskVolume5) is healthy. No action is needed. Event[720]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:11:01.5360000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileCrypt' (10.0, ?2002?-?03?-?01T19:12:42.000000000Z) has successfully loaded and registered with Filter Manager. Event[721]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:11:01.5390000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'asrdmon' (6.1, ?2018?-?04?-?11T03:03:45.000000000Z) has successfully loaded and registered with Filter Manager. Event[722]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:11:01.7030000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'npsvctrig' (10.0, ?2025?-?01?-?06T10:41:12.000000000Z) has successfully loaded and registered with Filter Manager. Event[723]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-18T05:11:01.7480000Z Event ID: 41 Task: N/A Level: Critical Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Event[724]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-18T05:11:01.7490000Z Event ID: 172 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Connectivity state in standby: Disconnected, Reason: NIC compliance Event[725]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T05:11:02.0480000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume F: (\Device\HarddiskVolume10) is healthy. No action is needed. Event[726]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:11:02.4320000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[727]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:11:02.4330000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[728]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:11:02.4360000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[729]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:11:02.4370000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[730]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:11:02.4370000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[731]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:11:02.4380000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[732]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:11:02.4380000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[733]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:11:02.4390000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[734]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:11:02.4400000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 8 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[735]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:11:02.4400000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 9 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[736]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:11:02.4410000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 10 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[737]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:11:02.4420000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 11 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[738]: Log Name: System Source: BTHUSB Date: 2021-05-18T05:11:03.2680000Z Event ID: 18 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Windows cannot store Bluetooth authentication codes (link keys) on the local adapter. Bluetooth keyboards might not work in the system BIOS during startup. Event[739]: Log Name: System Source: BTHUSB Date: 2021-05-18T05:11:03.3310000Z Event ID: 34 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff, got 0x1fffffff. Low Energy peripheral role functionality will not be available. Event[740]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T05:11:04.7780000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume E: (\Device\HarddiskVolume8) is healthy. No action is needed. Event[741]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T05:11:05.6830000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume D: (\Device\HarddiskVolume2) is healthy. No action is needed. Event[742]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T05:11:05.8880000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume \\?\Volume{e3ef0fe5-7c3c-4ff5-abf0-7b7d955f212e} (\Device\HarddiskVolume6) is healthy. No action is needed. Event[743]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T05:11:06.5850000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[744]: Log Name: System Source: Microsoft-Windows-Wininit Date: 2021-05-18T05:11:08.1160000Z Event ID: 14 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Credential Guard configuration: 0x0, 0 Event[745]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-18T05:11:08.3650000Z Event ID: 16962 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. Event[746]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-18T05:11:08.3740000Z Event ID: 16977 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 RelaxMinimumPasswordLengthLimits: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. Event[747]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:11:09.4370000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'wcifs' (10.0, ?1971?-?08?-?10T19:27:38.000000000Z) has successfully loaded and registered with Filter Manager. Event[748]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:11:09.5310000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'luafv' (10.0, ?2041?-?09?-?19T13:13:33.000000000Z) has successfully loaded and registered with Filter Manager. Event[749]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:11:09.5410000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[750]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:11:09.5410000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (Version 10.0, ?2025?-?11?-?30T04:09:30.000000000Z) unloaded successfully. Event[751]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:11:09.5410000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[752]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:11:09.5500000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'storqosflt' (10.0, ?2007?-?04?-?10T02:08:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[753]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:11:09.5580000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'bindflt' (10.0, ?2006?-?02?-?14T16:00:32.000000000Z) has successfully loaded and registered with Filter Manager. Event[754]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-18T05:11:09.5820000Z Event ID: 50036 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client service is started Event[755]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-18T05:11:09.5820000Z Event ID: 50103 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client registered for shutdown notification Event[756]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-18T05:11:09.6140000Z Event ID: 51046 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service is started Event[757]: Log Name: System Source: Service Control Manager Date: 2021-05-18T05:11:11.1040000Z Event ID: 7026 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The following boot-start or system-start driver(s) did not load: dam Event[758]: Log Name: System Source: Microsoft-Windows-WER-SystemErrorReporting Date: 2021-05-18T05:11:14.3110000Z Event ID: 1001 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x00000139 (0x0000000000000004, 0xffff8c019c5bd010, 0xffff8c019c5bcf68, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 68cbfd9e-bbdc-4a5c-ad78-e6313bdb3423. Event[759]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-18T05:11:36.7140000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logon Notification for Customer Experience Improvement Program Event[760]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T05:11:37.1310000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[761]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T05:11:37.1310000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[762]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T05:13:00.5050000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[763]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T05:13:12.2890000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[764]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T05:13:12.2890000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[765]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T05:13:12.2890000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[766]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T05:22:02.8680000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[767]: Log Name: System Source: Microsoft-Windows-UserModePowerService Date: 2021-05-18T05:23:17.1590000Z Event ID: 12 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Process C:\Windows\System32\rundll32.exe (process ID:2572) reset policy scheme from {8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c} to {8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c} Event[768]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T05:26:45.8800000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[769]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T05:36:09.8040000Z Event ID: 12 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The operating system started at system time ?2021?-?05?-?17T21:36:09.500000000Z. Event[770]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T05:36:09.8040000Z Event ID: 153 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Virtualization-based security (policies: 0) is disabled. Event[771]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T05:36:09.8040000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: There are 0x1 boot options on this system. Event[772]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T05:36:09.8050000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The bootmgr spent 0 ms waiting for user input. Event[773]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T05:36:09.8050000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The last shutdown's success status was false. The last boot's success status was true. Event[774]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T05:36:09.8050000Z Event ID: 238 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: EFI time zone bias: 2047. Daylight flags: 0 Event[775]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T05:36:09.8050000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot menu policy was 0x1. Event[776]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T05:36:09.8050000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot type was 0x0. Event[777]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T05:36:09.8050000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The firmware reported boot metrics. Event[778]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T05:36:09.8130000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The leap second configuration has been updated. Reason: Leap second data initialized from registry during boot Leap seconds enabled: true New leap second count: 0 Old leap second count: 0 Event[779]: Log Name: System Source: EventLog Date: 2021-05-18T05:36:16.5450000Z Event ID: 6008 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The previous system shutdown at 5:35:02 am on ?18/?05/?2021 was unexpected. Event[780]: Log Name: System Source: EventLog Date: 2021-05-18T05:36:16.5450000Z Event ID: 6009 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Microsoft (R) Windows (R) 10.00. 19042 Multiprocessor Free. Event[781]: Log Name: System Source: EventLog Date: 2021-05-18T05:36:16.5450000Z Event ID: 6005 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Event log service was started. Event[782]: Log Name: System Source: EventLog Date: 2021-05-18T05:36:16.5450000Z Event ID: 6013 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system uptime is 7 seconds. Event[783]: Log Name: System Source: Microsoft-Windows-HAL Date: 2021-05-18T05:36:09.9220000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The iommu fault reporting has been initialized. Event[784]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:36:10.5930000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileInfo' (10.0, ?2062?-?12?-?23T13:21:06.000000000Z) has successfully loaded and registered with Filter Manager. Event[785]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:36:10.5940000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'Wof' (10.0, ?2024?-?08?-?23T22:35:41.000000000Z) has successfully loaded and registered with Filter Manager. Event[786]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:36:10.5950000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'WdFilter' (10.0, ?1993?-?07?-?24T01:48:40.000000000Z) has successfully loaded and registered with Filter Manager. Event[787]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T05:36:11.2060000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume C: (\Device\HarddiskVolume5) is healthy. No action is needed. Event[788]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:36:11.3320000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileCrypt' (10.0, ?2002?-?03?-?01T19:12:42.000000000Z) has successfully loaded and registered with Filter Manager. Event[789]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:36:11.3350000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'asrdmon' (6.1, ?2018?-?04?-?11T03:03:45.000000000Z) has successfully loaded and registered with Filter Manager. Event[790]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:36:11.4530000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'npsvctrig' (10.0, ?2025?-?01?-?06T10:41:12.000000000Z) has successfully loaded and registered with Filter Manager. Event[791]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-18T05:36:11.4960000Z Event ID: 41 Task: N/A Level: Critical Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Event[792]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-18T05:36:11.4970000Z Event ID: 172 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Connectivity state in standby: Disconnected, Reason: NIC compliance Event[793]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T05:36:11.8030000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume F: (\Device\HarddiskVolume10) is healthy. No action is needed. Event[794]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:36:12.1930000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[795]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:36:12.1940000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[796]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:36:12.1940000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[797]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:36:12.1950000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[798]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:36:12.1950000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[799]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:36:12.1960000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[800]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:36:12.1970000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[801]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:36:12.1970000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[802]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:36:12.1980000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 8 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[803]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:36:12.1980000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 9 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[804]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:36:12.1990000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 10 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[805]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T05:36:12.2000000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 11 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[806]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T05:36:12.2200000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume E: (\Device\HarddiskVolume8) is healthy. No action is needed. Event[807]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T05:36:13.1800000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume D: (\Device\HarddiskVolume2) is healthy. No action is needed. Event[808]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T05:36:13.3030000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume \\?\Volume{e3ef0fe5-7c3c-4ff5-abf0-7b7d955f212e} (\Device\HarddiskVolume6) is healthy. No action is needed. Event[809]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T05:36:13.9690000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[810]: Log Name: System Source: Microsoft-Windows-Wininit Date: 2021-05-18T05:36:15.3960000Z Event ID: 14 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Credential Guard configuration: 0x0, 0 Event[811]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-18T05:36:15.5930000Z Event ID: 16962 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. Event[812]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-18T05:36:15.6010000Z Event ID: 16977 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 RelaxMinimumPasswordLengthLimits: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. Event[813]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:36:16.5240000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'wcifs' (10.0, ?1971?-?08?-?10T19:27:38.000000000Z) has successfully loaded and registered with Filter Manager. Event[814]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:36:16.5590000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'luafv' (10.0, ?2041?-?09?-?19T13:13:33.000000000Z) has successfully loaded and registered with Filter Manager. Event[815]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:36:16.5700000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[816]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:36:16.5700000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (Version 10.0, ?2025?-?11?-?30T04:09:30.000000000Z) unloaded successfully. Event[817]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:36:16.5700000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[818]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:36:16.5760000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'storqosflt' (10.0, ?2007?-?04?-?10T02:08:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[819]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T05:36:16.5800000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'bindflt' (10.0, ?2006?-?02?-?14T16:00:32.000000000Z) has successfully loaded and registered with Filter Manager. Event[820]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-18T05:36:16.6020000Z Event ID: 50036 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client service is started Event[821]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-18T05:36:16.6020000Z Event ID: 50103 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client registered for shutdown notification Event[822]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-18T05:36:16.6240000Z Event ID: 51046 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service is started Event[823]: Log Name: System Source: Service Control Manager Date: 2021-05-18T05:36:17.9200000Z Event ID: 7026 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The following boot-start or system-start driver(s) did not load: dam Event[824]: Log Name: System Source: Microsoft-Windows-WER-SystemErrorReporting Date: 2021-05-18T05:36:20.0400000Z Event ID: 1001 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xfffff80534db0bc0, 0x0000000000000002, 0x0000000000000000, 0xfffff80537d229d2). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 3293bd84-fbd8-4653-bd1c-d3d854477125. Event[825]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T05:38:19.4440000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[826]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T05:40:27.4460000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[827]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T05:40:27.4460000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[828]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T05:40:27.4460000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[829]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T05:40:54.7100000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsFeedbackHub_1.2009.10055.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[830]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T05:40:58.4410000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsMaps_10.2101.9.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[831]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T05:40:58.4510000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftStickyNotes_3.8.8.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[832]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T05:41:00.9370000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[833]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T05:41:03.3080000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[834]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T05:41:04.7820000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[835]: Log Name: System Source: EventLog Date: 2021-05-18T12:00:00.5450000Z Event ID: 6013 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system uptime is 23031 seconds. Event[836]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-18T13:31:49.8430000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logon Notification for Customer Experience Improvement Program Event[837]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T13:32:20.8750000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[838]: Log Name: System Source: Service Control Manager Date: 2021-05-18T13:33:28.0850000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[839]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T13:34:49.4650000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[840]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T13:34:49.4650000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Started: Windows has started installing the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.939.0) Event[841]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T13:35:00.0210000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Successful: Windows successfully installed the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.939.0) Event[842]: Log Name: System Source: Service Control Manager Date: 2021-05-18T13:35:40.3060000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[843]: Log Name: System Source: Service Control Manager Date: 2021-05-18T13:35:46.9280000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: cpuz150 Service File Name: C:\WINDOWS\temp\cpuz150\cpuz150_x64.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: Event[844]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T13:44:28.1270000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[845]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T13:48:27.6560000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat was cleared updating 0 keys and creating 0 modified pages. Event[846]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T13:52:30.7680000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[847]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T14:00:56.4220000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[848]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T15:12:28.4220000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[849]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T15:12:28.5020000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[850]: Log Name: System Source: User32 Date: 2021-05-18T15:22:05.7310000Z Event ID: 1074 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The process C:\Windows\System32\RuntimeBroker.exe (DESKTOP-5M67F4R) has initiated the power off of computer DESKTOP-5M67F4R on behalf of user DESKTOP-5M67F4R\man_l for the following reason: Other (Unplanned) Reason Code: 0x0 Shutdown Type: power off Comment: Event[851]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T15:22:12.0420000Z Event ID: 12 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The operating system started at system time ?2021?-?05?-?18T07:22:11.651039600Z. Event[852]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T15:22:12.0420000Z Event ID: 153 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Virtualization-based security (policies: 0) is disabled. Event[853]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T15:22:12.0430000Z Event ID: 29 Task: N/A Level: Error Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows failed fast startup with error status 0xC00000D4. Event[854]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T15:22:12.0430000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: There are 0x1 boot options on this system. Event[855]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T15:22:12.0430000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The bootmgr spent 0 ms waiting for user input. Event[856]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T15:22:12.0430000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: There are 0x1 boot options on this system. Event[857]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T15:22:12.0430000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The bootmgr spent 0 ms waiting for user input. Event[858]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T15:22:12.0430000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The last shutdown's success status was true. The last boot's success status was true. Event[859]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T15:22:12.0430000Z Event ID: 238 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: EFI time zone bias: 2047. Daylight flags: 0 Event[860]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T15:22:12.0430000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot menu policy was 0x1. Event[861]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T15:22:12.0430000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot type was 0x0. Event[862]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T15:22:12.0430000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The firmware reported boot metrics. Event[863]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T15:22:12.0510000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The leap second configuration has been updated. Reason: Leap second data initialized from registry during boot Leap seconds enabled: true New leap second count: 0 Old leap second count: 0 Event[864]: Log Name: System Source: EventLog Date: 2021-05-18T15:22:20.2820000Z Event ID: 6008 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The previous system shutdown at 3:21:18 pm on ?18/?05/?2021 was unexpected. Event[865]: Log Name: System Source: EventLog Date: 2021-05-18T15:22:20.2820000Z Event ID: 6009 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Microsoft (R) Windows (R) 10.00. 19042 Multiprocessor Free. Event[866]: Log Name: System Source: EventLog Date: 2021-05-18T15:22:20.2820000Z Event ID: 6005 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Event log service was started. Event[867]: Log Name: System Source: EventLog Date: 2021-05-18T15:22:20.2820000Z Event ID: 6013 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system uptime is 8 seconds. Event[868]: Log Name: System Source: Microsoft-Windows-HAL Date: 2021-05-18T15:22:12.1570000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The iommu fault reporting has been initialized. Event[869]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T15:22:12.8840000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileInfo' (10.0, ?2062?-?12?-?23T13:21:06.000000000Z) has successfully loaded and registered with Filter Manager. Event[870]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T15:22:12.8850000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'Wof' (10.0, ?2024?-?08?-?23T22:35:41.000000000Z) has successfully loaded and registered with Filter Manager. Event[871]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T15:22:12.8860000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'WdFilter' (10.0, ?1993?-?07?-?24T01:48:40.000000000Z) has successfully loaded and registered with Filter Manager. Event[872]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T15:22:14.5730000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume C: (\Device\HarddiskVolume5) is healthy. No action is needed. Event[873]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T15:22:14.6530000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileCrypt' (10.0, ?2002?-?03?-?01T19:12:42.000000000Z) has successfully loaded and registered with Filter Manager. Event[874]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T15:22:14.6560000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'asrdmon' (6.1, ?2018?-?04?-?11T03:03:45.000000000Z) has successfully loaded and registered with Filter Manager. Event[875]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T15:22:14.8680000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'npsvctrig' (10.0, ?2025?-?01?-?06T10:41:12.000000000Z) has successfully loaded and registered with Filter Manager. Event[876]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-18T15:22:14.9130000Z Event ID: 41 Task: N/A Level: Critical Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Event[877]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-18T15:22:14.9130000Z Event ID: 172 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Connectivity state in standby: Disconnected, Reason: NIC compliance Event[878]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T15:22:15.1920000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume F: (\Device\HarddiskVolume10) is healthy. No action is needed. Event[879]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T15:22:15.5620000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[880]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T15:22:15.5630000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[881]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T15:22:15.5640000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[882]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T15:22:15.5640000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[883]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T15:22:15.5650000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[884]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T15:22:15.5650000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[885]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T15:22:15.5660000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[886]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T15:22:15.5660000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[887]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T15:22:15.5670000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 8 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[888]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T15:22:15.5680000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 9 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[889]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T15:22:15.5680000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 10 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[890]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T15:22:15.5690000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 11 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[891]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T15:22:15.8370000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume E: (\Device\HarddiskVolume8) is healthy. No action is needed. Event[892]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T15:22:16.8080000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume D: (\Device\HarddiskVolume2) is healthy. No action is needed. Event[893]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T15:22:16.9660000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume \\?\Volume{e3ef0fe5-7c3c-4ff5-abf0-7b7d955f212e} (\Device\HarddiskVolume6) is healthy. No action is needed. Event[894]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T15:22:17.6970000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[895]: Log Name: System Source: Microsoft-Windows-Wininit Date: 2021-05-18T15:22:19.1580000Z Event ID: 14 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Credential Guard configuration: 0x0, 0 Event[896]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-18T15:22:19.3480000Z Event ID: 16962 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. Event[897]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-18T15:22:19.3570000Z Event ID: 16977 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 RelaxMinimumPasswordLengthLimits: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. Event[898]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T15:22:20.2640000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'wcifs' (10.0, ?1971?-?08?-?10T19:27:38.000000000Z) has successfully loaded and registered with Filter Manager. Event[899]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T15:22:20.2950000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'luafv' (10.0, ?2041?-?09?-?19T13:13:33.000000000Z) has successfully loaded and registered with Filter Manager. Event[900]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T15:22:20.3040000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[901]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T15:22:20.3040000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (Version 10.0, ?2025?-?11?-?30T04:09:30.000000000Z) unloaded successfully. Event[902]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T15:22:20.3040000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[903]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T15:22:20.3090000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'storqosflt' (10.0, ?2007?-?04?-?10T02:08:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[904]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T15:22:20.3130000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'bindflt' (10.0, ?2006?-?02?-?14T16:00:32.000000000Z) has successfully loaded and registered with Filter Manager. Event[905]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-18T15:22:20.3340000Z Event ID: 50036 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client service is started Event[906]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-18T15:22:20.3340000Z Event ID: 50103 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client registered for shutdown notification Event[907]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-18T15:22:20.3540000Z Event ID: 51046 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service is started Event[908]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-18T15:22:20.6280000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logon Notification for Customer Experience Improvement Program Event[909]: Log Name: System Source: Service Control Manager Date: 2021-05-18T15:22:21.8450000Z Event ID: 7026 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The following boot-start or system-start driver(s) did not load: dam Event[910]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T15:22:40.1950000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[911]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T15:22:40.1950000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[912]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T15:22:40.1950000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[913]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T15:23:05.2800000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[914]: Log Name: System Source: Microsoft-Windows-Time-Service Date: 2021-05-18T15:23:21.1250000Z Event ID: 158 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The time provider 'VMICTimeProvider' has indicated that the current hardware and operating environment is not supported and has stopped. This behavior is expected for VMICTimeProvider on non-HyperV-guest environments. This may be the expected behavior for the current provider in the current operating environment as well. Event[915]: Log Name: System Source: Microsoft-Windows-Time-Service Date: 2021-05-18T15:23:22.7310000Z Event ID: 37 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The time provider NtpClient is currently receiving valid time data from time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->20.189.79.72:123). Event[916]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T15:40:44.9170000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[917]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T15:40:44.9170000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The system time has changed to ?2021?-?05?-?18T07:40:44.916891500Z from ?2021?-?05?-?18T07:23:22.745065700Z. Change Reason: An application or system component changed the time. Process: '\Device\HarddiskVolume5\Windows\System32\svchost.exe' (PID 3144). Event[918]: Log Name: System Source: Microsoft-Windows-Time-Service Date: 2021-05-18T15:40:44.9170000Z Event ID: 35 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The time service is now synchronizing the system time with the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->20.189.79.72:123) with reference id 1213185300. Current local stratum number is 4. Event[919]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T15:40:44.9170000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[920]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T15:40:44.9170000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The system time has changed to ?2021?-?05?-?18T07:40:44.917290700Z from ?2021?-?05?-?18T07:40:44.916891500Z. Change Reason: An application or system component changed the time. Process: '\Device\HarddiskVolume5\Windows\System32\svchost.exe' (PID 3144). Event[921]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T15:40:46.0490000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[922]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T15:40:46.0490000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The system time has changed to ?2021?-?05?-?18T07:40:46.048821800Z from ?2021?-?05?-?18T07:40:46.048292600Z. Change Reason: An application or system component changed the time. Process: '\Device\HarddiskVolume5\Windows\System32\svchost.exe' (PID 3144). Event[923]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T15:49:58.7360000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[924]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T15:49:59.3510000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Started: Windows has started installing the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.945.0) Event[925]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T15:50:04.7100000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Successful: Windows successfully installed the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.945.0) Event[926]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T15:54:05.4470000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat was cleared updating 0 keys and creating 0 modified pages. Event[927]: Log Name: System Source: Microsoft-Windows-WPDClassInstaller Date: 2021-05-18T16:23:19.3990000Z Event ID: 24576 Task: Driver Installation Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Drivers were successfully installed for device USB\VID_2717&PID_FF48&REV_0414&MI_00. Event[928]: Log Name: System Source: Microsoft-Windows-DriverFrameworks-UserMode Date: 2021-05-18T16:23:19.1370000Z Event ID: 10000 Task: Installation or update of device drivers. Level: Information Opcode: Start Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A driver package which uses user-mode driver framework version 2.31.0 is being installed on device USB\VID_2717&PID_FF48&MI_00\7&335F755D&0&0000. Event[929]: Log Name: System Source: Microsoft-Windows-DriverFrameworks-UserMode Date: 2021-05-18T16:23:19.1440000Z Event ID: 10001 Task: Installation or update of device drivers. Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The UMDF service WpdMtpDriver (CLSID {aaae762b-a6a2-4c45-b5d8-9a83afb6bb70}) was installed. It requires framework version 2.31.0 or higher. Event[930]: Log Name: System Source: Microsoft-Windows-DriverFrameworks-UserMode Date: 2021-05-18T16:23:19.1550000Z Event ID: 10100 Task: Installation or update of device drivers. Level: Information Opcode: Stop Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The driver package installation has succeeded. Event[931]: Log Name: System Source: Service Control Manager Date: 2021-05-18T16:23:19.1890000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: WUDFWpdMtp Service File Name: \SystemRoot\system32\DRIVERS\WUDFRd.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: Event[932]: Log Name: System Source: Microsoft-Windows-UserPnp Date: 2021-05-18T16:23:19.1940000Z Event ID: 20003 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Driver Management has concluded the process to add Service WUDFWpdMtp for Device Instance ID USB\VID_2717&PID_FF48&MI_00\7&335F755D&0&0000 with the following status: 0. Event[933]: Log Name: System Source: Microsoft-Windows-UserPnp Date: 2021-05-18T16:23:19.1990000Z Event ID: 20003 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Driver Management has concluded the process to add Service WinUsb for Device Instance ID USB\VID_2717&PID_FF48&MI_00\7&335F755D&0&0000 with the following status: 0. Event[934]: Log Name: System Source: Microsoft-Windows-WPDClassInstaller Date: 2021-05-18T16:23:20.2720000Z Event ID: 24577 Task: Driver Post-Install Configuration Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Media player and imaging program compatibility layers were successfully registered for device USB\VID_2717&PID_FF48&REV_0414&MI_00. Layer bits 0x00000003 were requested, layer bits 0x00000003 were registered. Event[935]: Log Name: System Source: Microsoft-Windows-WPDClassInstaller Date: 2021-05-18T16:23:20.2740000Z Event ID: 24578 Task: Driver Post-Install Configuration Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Autoplay was successfully registered for device USB\VID_2717&PID_FF48&REV_0414&MI_00. Event[936]: Log Name: System Source: Service Control Manager Date: 2021-05-18T16:23:20.2840000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Windows Image Acquisition (WIA) service was changed from demand start to auto start. Event[937]: Log Name: System Source: Microsoft-Windows-WPDClassInstaller Date: 2021-05-18T16:30:17.6990000Z Event ID: 24576 Task: Driver Installation Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Drivers were successfully installed for device WPD Device. Event[938]: Log Name: System Source: Microsoft-Windows-WPDClassInstaller Date: 2021-05-18T16:30:17.7270000Z Event ID: 24577 Task: Driver Post-Install Configuration Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Media player and imaging program compatibility layers were successfully registered for device %1. Layer bits %2 were requested, layer bits %3 were registered. Event[939]: Log Name: System Source: Microsoft-Windows-WPDClassInstaller Date: 2021-05-18T16:30:17.7280000Z Event ID: 24579 Task: Driver Post-Install Configuration Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Autoplay registration was skipped for device %1. Event[940]: Log Name: System Source: Microsoft-Windows-DriverFrameworks-UserMode Date: 2021-05-18T16:30:17.5470000Z Event ID: 10000 Task: Installation or update of device drivers. Level: Information Opcode: Start Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A driver package which uses user-mode driver framework version 2.31.0 is being installed on device SWD\WPDBUSENUM\_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER_BLADE&REV_1.00#4C530000321220111585&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}. Event[941]: Log Name: System Source: Microsoft-Windows-DriverFrameworks-UserMode Date: 2021-05-18T16:30:17.5510000Z Event ID: 10001 Task: Installation or update of device drivers. Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The UMDF service WpdFs (CLSID {112de495-ac4c-46f8-b663-6a4266c53313}) was installed. It requires framework version 2.31.0 or higher. Event[942]: Log Name: System Source: Microsoft-Windows-DriverFrameworks-UserMode Date: 2021-05-18T16:30:17.5560000Z Event ID: 10100 Task: Installation or update of device drivers. Level: Information Opcode: Stop Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The driver package installation has succeeded. Event[943]: Log Name: System Source: Service Control Manager Date: 2021-05-18T16:30:17.5720000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: WPD File System driver Service File Name: \SystemRoot\system32\DRIVERS\WUDFRd.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: Event[944]: Log Name: System Source: Microsoft-Windows-UserPnp Date: 2021-05-18T16:30:17.5750000Z Event ID: 20003 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Driver Management has concluded the process to add Service WUDFWpdFs for Device Instance ID SWD\WPDBUSENUM\_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER_BLADE&REV_1.00#4C530000321220111585&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} with the following status: 0. Event[945]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T16:30:18.1610000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[946]: Log Name: System Source: Service Control Manager Date: 2021-05-18T16:32:30.0680000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[947]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T16:33:01.8240000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[948]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T16:33:14.2150000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[949]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T16:33:14.2890000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[950]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T16:35:31.8400000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[951]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T16:39:42.6960000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[952]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T16:40:25.0410000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[953]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T16:40:33.7410000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[954]: Log Name: System Source: Service Control Manager Date: 2021-05-18T16:42:14.4460000Z Event ID: 7009 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Event[955]: Log Name: System Source: Service Control Manager Date: 2021-05-18T16:42:14.4460000Z Event ID: 7000 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Event[956]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T16:42:14.7240000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[957]: Log Name: System Source: disk Date: 2021-05-18T16:44:42.3150000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR6 during a paging operation. Event[958]: Log Name: System Source: disk Date: 2021-05-18T16:44:42.3150000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR6 during a paging operation. Event[959]: Log Name: System Source: disk Date: 2021-05-18T16:44:42.3150000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR6 during a paging operation. Event[960]: Log Name: System Source: disk Date: 2021-05-18T16:44:42.3150000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR6 during a paging operation. Event[961]: Log Name: System Source: disk Date: 2021-05-18T16:44:42.3150000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR6 during a paging operation. Event[962]: Log Name: System Source: disk Date: 2021-05-18T16:44:42.3150000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR6 during a paging operation. Event[963]: Log Name: System Source: disk Date: 2021-05-18T16:44:42.3150000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR6 during a paging operation. Event[964]: Log Name: System Source: disk Date: 2021-05-18T16:44:42.3150000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR6 during a paging operation. Event[965]: Log Name: System Source: disk Date: 2021-05-18T16:44:42.3150000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR6 during a paging operation. Event[966]: Log Name: System Source: disk Date: 2021-05-18T16:44:42.3150000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR6 during a paging operation. Event[967]: Log Name: System Source: disk Date: 2021-05-18T16:44:42.3150000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR6 during a paging operation. Event[968]: Log Name: System Source: disk Date: 2021-05-18T16:44:42.3150000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR6 during a paging operation. Event[969]: Log Name: System Source: disk Date: 2021-05-18T16:44:42.3150000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR6 during a paging operation. Event[970]: Log Name: System Source: disk Date: 2021-05-18T16:44:42.3150000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR6 during a paging operation. Event[971]: Log Name: System Source: disk Date: 2021-05-18T16:44:42.3150000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR6 during a paging operation. Event[972]: Log Name: System Source: disk Date: 2021-05-18T16:44:42.3150000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR6 during a paging operation. Event[973]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T17:25:27.6690000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[974]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T17:25:41.7420000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[975]: Log Name: System Source: Microsoft-Windows-Time-Service Date: 2021-05-18T17:30:50.5570000Z Event ID: 158 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The time provider 'VMICTimeProvider' has indicated that the current hardware and operating environment is not supported and has stopped. This behavior is expected for VMICTimeProvider on non-HyperV-guest environments. This may be the expected behavior for the current provider in the current operating environment as well. Event[976]: Log Name: System Source: Microsoft-Windows-Time-Service Date: 2021-05-18T17:30:52.3270000Z Event ID: 37 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The time provider NtpClient is currently receiving valid time data from time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->20.189.79.72:123). Event[977]: Log Name: System Source: Service Control Manager Date: 2021-05-18T17:30:56.9580000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Windows Modules Installer service was changed from demand start to auto start. Event[978]: Log Name: System Source: Service Control Manager Date: 2021-05-18T17:30:59.1290000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Windows Modules Installer service was changed from auto start to demand start. Event[979]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:01.2970000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\1527c705-839a-4832-9118-54d4bd6a0c89_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[980]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:01.3440000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\28017charlesmilette.translucenttb_v826wp6bftszj\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[981]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:01.3950000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[982]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:01.5490000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\e2a4f912-2574-4a75-9bb0-0d023378592b_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[983]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:01.6050000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\f46d4000-fd22-4db4-ac8e-4e1ddde828fe_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[984]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:01.7890000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.accountscontrol_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[985]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:01.9010000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.asynctextservice_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[986]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:02.1560000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.creddialoghost_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[987]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:02.3160000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.ecapp_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[988]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:02.4590000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.gethelp_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[989]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:02.5380000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.getstarted_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[990]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:02.7140000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.heifimageextension_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[991]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:02.8420000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.microsoft3dviewer_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[992]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:03.0500000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[993]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:03.1460000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.microsoftsolitairecollection_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[994]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:03.1820000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.microsoftstickynotes_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[995]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:03.2260000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.mixedreality.portal_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[996]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:03.3850000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.mspaint_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[997]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:03.5120000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.office.onenote_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[998]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:03.6410000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.people_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[999]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:03.6880000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.screensketch_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1000]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:03.7200000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.skypeapp_kzf8qxf38zg5c\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1001]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:03.8150000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.storepurchaseapp_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1002]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:03.9430000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.wallet_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1003]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:03.9750000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.webmediaextensions_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1004]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:04.0690000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.webpimageextension_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1005]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:04.2900000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.win32webviewhost_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1006]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:04.3370000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.windows.apprep.chxapp_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1007]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:04.4330000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1008]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:04.5130000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.windows.callingshellapp_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1009]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:04.6720000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.windows.capturepicker_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1010]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:04.9120000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1011]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:05.1990000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.windows.parentalcontrols_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1012]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:05.2940000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.windows.peopleexperiencehost_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1013]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:05.5030000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.windows.pinningconfirmationdialog_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1014]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:05.6460000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.windows.sechealthui_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1015]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:05.7420000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.windows.secureassessmentbrowser_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1016]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:05.8680000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.windows.xgpuejectdialog_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1017]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:06.1400000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.windowscalculator_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1018]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:06.2830000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.windowsfeedbackhub_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1019]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:06.4420000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.windowsmaps_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1020]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:06.5060000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.windowssoundrecorder_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1021]: Log Name: System Source: Microsoft-Windows-Time-Service Date: 2021-05-18T17:31:06.5850000Z Event ID: 35 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The time service is now synchronizing the system time with the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->20.189.79.72:123) with reference id 1213185300. Current local stratum number is 4. Event[1022]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:06.5850000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[1023]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:06.5850000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The system time has changed to ?2021?-?05?-?18T09:31:06.585440800Z from ?2021?-?05?-?18T09:31:06.584874600Z. Change Reason: An application or system component changed the time. Process: '\Device\HarddiskVolume5\Windows\System32\svchost.exe' (PID 7776). Event[1024]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:06.6650000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.xbox.tcui_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1025]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:06.8390000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.xboxgamecallableui_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1026]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:06.9510000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.xboxgameoverlay_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1027]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:07.1100000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.xboxspeechtotextoverlay_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1028]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:07.2220000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.zunemusic_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1029]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:07.3160000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\microsoft.zunevideo_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1030]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:07.4760000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\ncsiuwpapp_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1031]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:07.6670000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\windows.cbspreview_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1032]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T17:31:07.8730000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\Users\man_l\AppData\Local\Packages\windows.printdialog_cw5n1h2txyewy\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages. Event[1033]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T17:51:45.0690000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1034]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T17:51:56.4840000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FsDepends' (10.0, ?2075?-?05?-?13T20:47:34.000000000Z) has successfully loaded and registered with Filter Manager. Event[1035]: Log Name: System Source: Service Control Manager Date: 2021-05-18T17:54:53.0750000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[1036]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T17:54:58.0140000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1037]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T17:54:58.0540000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1038]: Log Name: System Source: Microsoft-Windows-GroupPolicy Date: 2021-05-18T17:57:27.0220000Z Event ID: 1502 Task: N/A Level: Information Opcode: Start Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The Group Policy settings for the computer were processed successfully. New settings from 1 Group Policy objects were detected and applied. Event[1039]: Log Name: System Source: Virtual Disk Service Date: 2021-05-18T17:58:17.1930000Z Event ID: 3 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Service started. Event[1040]: Log Name: System Source: Microsoft-Windows-WPDClassInstaller Date: 2021-05-18T17:58:20.0010000Z Event ID: 24576 Task: Driver Installation Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Drivers were successfully installed for device WPD Device. Event[1041]: Log Name: System Source: Microsoft-Windows-WPDClassInstaller Date: 2021-05-18T17:58:20.0340000Z Event ID: 24577 Task: Driver Post-Install Configuration Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Media player and imaging program compatibility layers were successfully registered for device %1. Layer bits %2 were requested, layer bits %3 were registered. Event[1042]: Log Name: System Source: Microsoft-Windows-WPDClassInstaller Date: 2021-05-18T17:58:20.0340000Z Event ID: 24579 Task: Driver Post-Install Configuration Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Autoplay registration was skipped for device %1. Event[1043]: Log Name: System Source: Microsoft-Windows-DriverFrameworks-UserMode Date: 2021-05-18T17:58:19.9010000Z Event ID: 10000 Task: Installation or update of device drivers. Level: Information Opcode: Start Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A driver package which uses user-mode driver framework version 2.31.0 is being installed on device SWD\WPDBUSENUM\{C334716C-B7A9-11EB-9A20-1C1B0DED9191}#00000003946F5400. Event[1044]: Log Name: System Source: Microsoft-Windows-DriverFrameworks-UserMode Date: 2021-05-18T17:58:19.9090000Z Event ID: 10002 Task: Installation or update of device drivers. Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The UMDF service WpdFs (CLSID {112de495-ac4c-46f8-b663-6a4266c53313}) was upgraded. It requires framework version 2.31.0 or higher. Event[1045]: Log Name: System Source: Microsoft-Windows-DriverFrameworks-UserMode Date: 2021-05-18T17:58:19.9150000Z Event ID: 10100 Task: Installation or update of device drivers. Level: Information Opcode: Stop Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The driver package installation has succeeded. Event[1046]: Log Name: System Source: Microsoft-Windows-UserPnp Date: 2021-05-18T17:58:19.9400000Z Event ID: 20003 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Driver Management has concluded the process to add Service WUDFWpdFs for Device Instance ID SWD\WPDBUSENUM\{C334716C-B7A9-11EB-9A20-1C1B0DED9191}#00000003946F5400 with the following status: 0. Event[1047]: Log Name: System Source: Microsoft-Windows-DriverFrameworks-UserMode Date: 2021-05-18T17:58:20.1340000Z Event ID: 10000 Task: Installation or update of device drivers. Level: Information Opcode: Start Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A driver package which uses user-mode driver framework version 2.31.0 is being installed on device SWD\WPDBUSENUM\{C334716C-B7A9-11EB-9A20-1C1B0DED9191}#0000000000100000. Event[1048]: Log Name: System Source: Microsoft-Windows-DriverFrameworks-UserMode Date: 2021-05-18T17:58:20.1410000Z Event ID: 10002 Task: Installation or update of device drivers. Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The UMDF service WpdFs (CLSID {112de495-ac4c-46f8-b663-6a4266c53313}) was upgraded. It requires framework version 2.31.0 or higher. Event[1049]: Log Name: System Source: Microsoft-Windows-DriverFrameworks-UserMode Date: 2021-05-18T17:58:20.1460000Z Event ID: 10100 Task: Installation or update of device drivers. Level: Information Opcode: Stop Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The driver package installation has succeeded. Event[1050]: Log Name: System Source: Microsoft-Windows-UserPnp Date: 2021-05-18T17:58:20.1640000Z Event ID: 20003 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Driver Management has concluded the process to add Service WUDFWpdFs for Device Instance ID SWD\WPDBUSENUM\{C334716C-B7A9-11EB-9A20-1C1B0DED9191}#0000000000100000 with the following status: 0. Event[1051]: Log Name: System Source: Microsoft-Windows-WPDClassInstaller Date: 2021-05-18T17:58:20.7430000Z Event ID: 24576 Task: Driver Installation Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Drivers were successfully installed for device WPD Device. Event[1052]: Log Name: System Source: Microsoft-Windows-WPDClassInstaller Date: 2021-05-18T17:58:21.2430000Z Event ID: 24577 Task: Driver Post-Install Configuration Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Media player and imaging program compatibility layers were successfully registered for device %1. Layer bits %2 were requested, layer bits %3 were registered. Event[1053]: Log Name: System Source: Microsoft-Windows-WPDClassInstaller Date: 2021-05-18T17:58:21.2440000Z Event ID: 24579 Task: Driver Post-Install Configuration Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Autoplay registration was skipped for device %1. Event[1054]: Log Name: System Source: Virtual Disk Service Date: 2021-05-18T18:13:34.6350000Z Event ID: 4 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Service stopped. Event[1055]: Log Name: System Source: Microsoft-Windows-GroupPolicy Date: 2021-05-18T18:13:56.8460000Z Event ID: 1502 Task: N/A Level: Information Opcode: Start Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The Group Policy settings for the computer were processed successfully. New settings from 1 Group Policy objects were detected and applied. Event[1056]: Log Name: System Source: disk Date: 2021-05-18T18:14:03.5230000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR9 during a paging operation. Event[1057]: Log Name: System Source: disk Date: 2021-05-18T18:14:03.5230000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR9 during a paging operation. Event[1058]: Log Name: System Source: disk Date: 2021-05-18T18:14:03.5230000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR9 during a paging operation. Event[1059]: Log Name: System Source: disk Date: 2021-05-18T18:14:03.5230000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR9 during a paging operation. Event[1060]: Log Name: System Source: disk Date: 2021-05-18T18:14:03.5230000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR9 during a paging operation. Event[1061]: Log Name: System Source: disk Date: 2021-05-18T18:14:03.5230000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR9 during a paging operation. Event[1062]: Log Name: System Source: disk Date: 2021-05-18T18:14:03.5230000Z Event ID: 51 Task: N/A Level: Warning Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: An error was detected on device \Device\Harddisk4\DR9 during a paging operation. Event[1063]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T18:17:18.7040000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1064]: Log Name: System Source: Service Control Manager Date: 2021-05-18T18:18:37.9270000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: Wallpaper Engine Service Service File Name: "E:\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe" Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem Event[1065]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T18:19:08.5150000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1066]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T18:19:43.1390000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1067]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T18:19:47.0300000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1068]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T18:19:47.0790000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1069]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T18:21:01.4520000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1070]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T18:21:28.9440000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1071]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T18:22:28.1270000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1072]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T18:23:05.9070000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1073]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T18:25:11.7560000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1074]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T18:26:37.4890000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1075]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T18:28:34.0520000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1076]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T18:29:01.0200000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1077]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T18:32:14.4060000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1078]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T18:32:14.4430000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1079]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T18:32:15.6180000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1080]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T18:33:40.9000000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1081]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T18:34:17.0380000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1082]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T18:34:40.5110000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1083]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T18:35:30.8090000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1084]: Log Name: System Source: Service Control Manager Date: 2021-05-18T18:49:33.7000000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[1085]: Log Name: System Source: Service Control Manager Date: 2021-05-18T18:57:38.7370000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[1086]: Log Name: System Source: User32 Date: 2021-05-18T19:31:49.9180000Z Event ID: 1074 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The process C:\Windows\System32\RuntimeBroker.exe (DESKTOP-5M67F4R) has initiated the power off of computer DESKTOP-5M67F4R on behalf of user DESKTOP-5M67F4R\man_l for the following reason: Other (Unplanned) Reason Code: 0x0 Shutdown Type: power off Comment: Event[1087]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-18T19:31:54.3160000Z Event ID: 7002 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logoff Notification for Customer Experience Improvement Program Event[1088]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-18T19:31:54.6530000Z Event ID: 187 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User-mode process attempted to change the system state by calling SetSuspendState or SetSystemPowerState APIs. Event[1089]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-18T19:31:55.1640000Z Event ID: 42 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system is entering sleep. Sleep Reason: Application API Event[1090]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-18T19:32:09.2520000Z Event ID: 107 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system has resumed from sleep. Event[1091]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T22:15:10.5000000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: Time User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system time has changed to ?2021?-?05?-?18T14:15:10.500000000Z from ?2021?-?05?-?18T11:32:09.252294000Z. Change Reason: System time synchronized with the hardware clock. Process: '' (PID 4). Event[1092]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T22:15:12.5270000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The firmware reported boot metrics. Event[1093]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T22:15:12.5270000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: There are 0x1 boot options on this system. Event[1094]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T22:15:12.5270000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The bootmgr spent 0 ms waiting for user input. Event[1095]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T22:15:12.5280000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The boot menu policy was 0x1. Event[1096]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T22:15:12.5280000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The boot type was 0x1. Event[1097]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-18T22:15:13.8270000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logon Notification for Customer Experience Improvement Program Event[1098]: Log Name: System Source: Microsoft-Windows-Power-Troubleshooter Date: 2021-05-18T22:15:14.5300000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The system has returned from a low power state. Sleep Time: ?2021?-?05?-?18T11:31:54.648778100Z Wake Time: ?2021?-?05?-?18T14:15:12.594561700Z Wake Source: Unknown Event[1099]: Log Name: System Source: Service Control Manager Date: 2021-05-18T22:15:15.5770000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[1100]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:15:29.2280000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1101]: Log Name: System Source: Service Control Manager Date: 2021-05-18T22:17:20.0560000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[1102]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:17:39.5970000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1103]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:18:53.6220000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1104]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:19:02.5870000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1105]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:19:02.6450000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1106]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:21:16.9110000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1107]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:24:17.5670000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1108]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:40:20.6310000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1109]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:41:59.5670000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1110]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:42:22.0780000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1111]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:42:46.5370000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1112]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:44:57.9490000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1113]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:45:29.1010000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1114]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:46:16.5720000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1115]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:47:39.9480000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1116]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:48:50.1800000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1117]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:49:18.0830000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1118]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T22:54:47.8100000Z Event ID: 12 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The operating system started at system time ?2021?-?05?-?18T14:54:47.500000000Z. Event[1119]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T22:54:47.8100000Z Event ID: 153 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Virtualization-based security (policies: 0) is disabled. Event[1120]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T22:54:47.8100000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The last shutdown's success status was false. The last boot's success status was true. Event[1121]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T22:54:47.8100000Z Event ID: 238 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: EFI time zone bias: 2047. Daylight flags: 0 Event[1122]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T22:54:47.8100000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot menu policy was 0x1. Event[1123]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T22:54:47.8100000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot type was 0x0. Event[1124]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T22:54:47.8100000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: There are 0x1 boot options on this system. Event[1125]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T22:54:47.8100000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The bootmgr spent 0 ms waiting for user input. Event[1126]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T22:54:47.8110000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The firmware reported boot metrics. Event[1127]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T22:54:47.8150000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The leap second configuration has been updated. Reason: Leap second data initialized from registry during boot Leap seconds enabled: true New leap second count: 0 Old leap second count: 0 Event[1128]: Log Name: System Source: EventLog Date: 2021-05-18T22:54:56.8870000Z Event ID: 6008 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The previous system shutdown at 10:53:46 pm on ?18/?05/?2021 was unexpected. Event[1129]: Log Name: System Source: EventLog Date: 2021-05-18T22:54:56.8870000Z Event ID: 6009 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Microsoft (R) Windows (R) 10.00. 19042 Multiprocessor Free. Event[1130]: Log Name: System Source: EventLog Date: 2021-05-18T22:54:56.8870000Z Event ID: 6005 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Event log service was started. Event[1131]: Log Name: System Source: EventLog Date: 2021-05-18T22:54:56.8870000Z Event ID: 6013 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system uptime is 9 seconds. Event[1132]: Log Name: System Source: Microsoft-Windows-HAL Date: 2021-05-18T22:54:47.9160000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The iommu fault reporting has been initialized. Event[1133]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:54:48.5770000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileInfo' (10.0, ?2062?-?12?-?23T13:21:06.000000000Z) has successfully loaded and registered with Filter Manager. Event[1134]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:54:48.5780000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'Wof' (10.0, ?2024?-?08?-?23T22:35:41.000000000Z) has successfully loaded and registered with Filter Manager. Event[1135]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:54:48.5790000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'WdFilter' (10.0, ?1993?-?07?-?24T01:48:40.000000000Z) has successfully loaded and registered with Filter Manager. Event[1136]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T22:54:50.1300000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume C: (\Device\HarddiskVolume5) is healthy. No action is needed. Event[1137]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:54:50.3790000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileCrypt' (10.0, ?2002?-?03?-?01T19:12:42.000000000Z) has successfully loaded and registered with Filter Manager. Event[1138]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:54:50.3820000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'asrdmon' (6.1, ?2018?-?04?-?11T03:03:45.000000000Z) has successfully loaded and registered with Filter Manager. Event[1139]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:54:50.5000000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'npsvctrig' (10.0, ?2025?-?01?-?06T10:41:12.000000000Z) has successfully loaded and registered with Filter Manager. Event[1140]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-18T22:54:50.5420000Z Event ID: 41 Task: N/A Level: Critical Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Event[1141]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-18T22:54:50.5430000Z Event ID: 172 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Connectivity state in standby: Disconnected, Reason: NIC compliance Event[1142]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T22:54:50.8400000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume F: (\Device\HarddiskVolume10) is healthy. No action is needed. Event[1143]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T22:54:51.3440000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume E: (\Device\HarddiskVolume8) is healthy. No action is needed. Event[1144]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T22:54:52.1530000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume D: (\Device\HarddiskVolume2) is healthy. No action is needed. Event[1145]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:54:52.1930000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1146]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:54:52.1940000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1147]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:54:52.1940000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1148]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:54:52.1950000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1149]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:54:52.1950000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1150]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:54:52.1960000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1151]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:54:52.1960000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1152]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:54:52.1970000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1153]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:54:52.1980000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 8 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1154]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:54:52.1980000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 9 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1155]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:54:52.1990000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 10 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1156]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:54:52.1990000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 11 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1157]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T22:54:54.0630000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume \\?\Volume{e3ef0fe5-7c3c-4ff5-abf0-7b7d955f212e} (\Device\HarddiskVolume6) is healthy. No action is needed. Event[1158]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T22:54:54.8330000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[1159]: Log Name: System Source: Microsoft-Windows-Wininit Date: 2021-05-18T22:54:56.2690000Z Event ID: 14 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Credential Guard configuration: 0x0, 0 Event[1160]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-18T22:54:56.4610000Z Event ID: 16962 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. Event[1161]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-18T22:54:56.4690000Z Event ID: 16977 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 RelaxMinimumPasswordLengthLimits: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. Event[1162]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:54:56.8660000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'wcifs' (10.0, ?1971?-?08?-?10T19:27:38.000000000Z) has successfully loaded and registered with Filter Manager. Event[1163]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:54:56.8990000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'luafv' (10.0, ?2041?-?09?-?19T13:13:33.000000000Z) has successfully loaded and registered with Filter Manager. Event[1164]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:54:56.9090000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1165]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:54:56.9090000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (Version 10.0, ?2025?-?11?-?30T04:09:30.000000000Z) unloaded successfully. Event[1166]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:54:56.9090000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1167]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:54:56.9150000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'storqosflt' (10.0, ?2007?-?04?-?10T02:08:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1168]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:54:56.9220000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'bindflt' (10.0, ?2006?-?02?-?14T16:00:32.000000000Z) has successfully loaded and registered with Filter Manager. Event[1169]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-18T22:54:56.9390000Z Event ID: 50036 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client service is started Event[1170]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-18T22:54:56.9390000Z Event ID: 50103 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client registered for shutdown notification Event[1171]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-18T22:54:56.9640000Z Event ID: 51046 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service is started Event[1172]: Log Name: System Source: Service Control Manager Date: 2021-05-18T22:54:58.2930000Z Event ID: 7026 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The following boot-start or system-start driver(s) did not load: dam Event[1173]: Log Name: System Source: Microsoft-Windows-WER-SystemErrorReporting Date: 2021-05-18T22:55:01.2390000Z Event ID: 1001 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000008886, 0xffffcd0000877b30, 0xffffcd000ae12f00, 0x0000000000000500). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: d5903925-d729-40f5-8952-b61cf54232c0. Event[1174]: Log Name: System Source: User32 Date: 2021-05-18T22:55:32.7460000Z Event ID: 1074 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The process C:\WINDOWS\system32\winlogon.exe (DESKTOP-5M67F4R) has initiated the restart of computer DESKTOP-5M67F4R on behalf of user NT AUTHORITY\SYSTEM for the following reason: No title for this reason could be found Reason Code: 0x500ff Shutdown Type: restart Comment: Event[1175]: Log Name: System Source: EventLog Date: 2021-05-18T22:55:34.1700000Z Event ID: 6006 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Event log service was stopped. Event[1176]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-18T22:55:34.1790000Z Event ID: 50104 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client received shutdown notification Event[1177]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-18T22:55:34.1800000Z Event ID: 50105 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client ProcessDHCPRequestForever received TERMINATE_EVENT Event[1178]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-18T22:55:34.1810000Z Event ID: 51047 Task: Service State Event Level: Information Opcode: ServiceStop Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service is stopped. ShutDown Flag value is 1 Event[1179]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-18T22:55:34.1820000Z Event ID: 50106 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 is waiting on DHCPv6 service to stop Event[1180]: Log Name: System Source: EventLog Date: 2021-05-18T22:56:01.7720000Z Event ID: 6009 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Microsoft (R) Windows (R) 10.00. 19042 Multiprocessor Free. Event[1181]: Log Name: System Source: EventLog Date: 2021-05-18T22:56:01.7720000Z Event ID: 6005 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Event log service was started. Event[1182]: Log Name: System Source: EventLog Date: 2021-05-18T22:56:01.7720000Z Event ID: 6013 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system uptime is 6 seconds. Event[1183]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-18T22:55:34.2950000Z Event ID: 51057 Task: Service State Event Level: Information Opcode: ServiceStopWithRefCount Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service stop is almost done.DHCP Context Ref count is 1 Event[1184]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-18T22:55:34.2950000Z Event ID: 50037 Task: Service State Event Level: Information Opcode: ServiceStop Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client service is stopped. ShutDown Flag value is 1 Event[1185]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-18T22:55:35.0020000Z Event ID: 109 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API Event[1186]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T22:55:36.0390000Z Event ID: 13 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The operating system is shutting down at system time ?2021?-?05?-?18T14:55:36.039077600Z. Event[1187]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T22:55:55.8130000Z Event ID: 12 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The operating system started at system time ?2021?-?05?-?18T14:55:55.500000000Z. Event[1188]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T22:55:55.8130000Z Event ID: 153 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Virtualization-based security (policies: 0) is disabled. Event[1189]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T22:55:55.8130000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The last shutdown's success status was true. The last boot's success status was true. Event[1190]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T22:55:55.8130000Z Event ID: 238 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: EFI time zone bias: 2047. Daylight flags: 0 Event[1191]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T22:55:55.8130000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot menu policy was 0x1. Event[1192]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T22:55:55.8130000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot type was 0x0. Event[1193]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T22:55:55.8130000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: There are 0x1 boot options on this system. Event[1194]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T22:55:55.8130000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The bootmgr spent 0 ms waiting for user input. Event[1195]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-18T22:55:55.8130000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The firmware reported boot metrics. Event[1196]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T22:55:55.8170000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The leap second configuration has been updated. Reason: Leap second data initialized from registry during boot Leap seconds enabled: true New leap second count: 0 Old leap second count: 0 Event[1197]: Log Name: System Source: Microsoft-Windows-HAL Date: 2021-05-18T22:55:55.9180000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The iommu fault reporting has been initialized. Event[1198]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:55:56.5770000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileInfo' (10.0, ?2062?-?12?-?23T13:21:06.000000000Z) has successfully loaded and registered with Filter Manager. Event[1199]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:55:56.5780000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'Wof' (10.0, ?2024?-?08?-?23T22:35:41.000000000Z) has successfully loaded and registered with Filter Manager. Event[1200]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:55:56.5790000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'WdFilter' (10.0, ?1993?-?07?-?24T01:48:40.000000000Z) has successfully loaded and registered with Filter Manager. Event[1201]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T22:55:57.0080000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume C: (\Device\HarddiskVolume5) is healthy. No action is needed. Event[1202]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:55:57.0740000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileCrypt' (10.0, ?2002?-?03?-?01T19:12:42.000000000Z) has successfully loaded and registered with Filter Manager. Event[1203]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:55:57.0770000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'asrdmon' (6.1, ?2018?-?04?-?11T03:03:45.000000000Z) has successfully loaded and registered with Filter Manager. Event[1204]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:55:57.1960000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'npsvctrig' (10.0, ?2025?-?01?-?06T10:41:12.000000000Z) has successfully loaded and registered with Filter Manager. Event[1205]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-18T22:55:57.2350000Z Event ID: 172 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Connectivity state in standby: Disconnected, Reason: NIC compliance Event[1206]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T22:55:57.5100000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume F: (\Device\HarddiskVolume10) is healthy. No action is needed. Event[1207]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:55:57.8870000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1208]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:55:57.8880000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1209]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:55:57.8910000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1210]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:55:57.8920000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1211]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:55:57.8930000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1212]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:55:57.8930000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1213]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:55:57.8940000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1214]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:55:57.8940000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1215]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:55:57.8950000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 8 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1216]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:55:57.8960000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 9 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1217]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:55:57.8960000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 10 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1218]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-18T22:55:57.8980000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 11 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1219]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T22:55:57.9730000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume E: (\Device\HarddiskVolume8) is healthy. No action is needed. Event[1220]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T22:55:58.6210000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume D: (\Device\HarddiskVolume2) is healthy. No action is needed. Event[1221]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-18T22:55:59.0400000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume \\?\Volume{e3ef0fe5-7c3c-4ff5-abf0-7b7d955f212e} (\Device\HarddiskVolume6) is healthy. No action is needed. Event[1222]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T22:55:59.7380000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[1223]: Log Name: System Source: Microsoft-Windows-Wininit Date: 2021-05-18T22:56:01.1780000Z Event ID: 14 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Credential Guard configuration: 0x0, 0 Event[1224]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-18T22:56:01.3700000Z Event ID: 16962 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. Event[1225]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-18T22:56:01.3820000Z Event ID: 16977 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 RelaxMinimumPasswordLengthLimits: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. Event[1226]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:56:01.7670000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'wcifs' (10.0, ?1971?-?08?-?10T19:27:38.000000000Z) has successfully loaded and registered with Filter Manager. Event[1227]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:56:01.8000000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'luafv' (10.0, ?2041?-?09?-?19T13:13:33.000000000Z) has successfully loaded and registered with Filter Manager. Event[1228]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:56:01.8100000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1229]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:56:01.8100000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (Version 10.0, ?2025?-?11?-?30T04:09:30.000000000Z) unloaded successfully. Event[1230]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:56:01.8100000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1231]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:56:01.8160000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'storqosflt' (10.0, ?2007?-?04?-?10T02:08:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1232]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-18T22:56:01.8210000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'bindflt' (10.0, ?2006?-?02?-?14T16:00:32.000000000Z) has successfully loaded and registered with Filter Manager. Event[1233]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-18T22:56:01.8300000Z Event ID: 50036 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client service is started Event[1234]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-18T22:56:01.8310000Z Event ID: 50103 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client registered for shutdown notification Event[1235]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-18T22:56:01.8460000Z Event ID: 51046 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service is started Event[1236]: Log Name: System Source: Service Control Manager Date: 2021-05-18T22:56:03.2570000Z Event ID: 7026 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The following boot-start or system-start driver(s) did not load: dam Event[1237]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-18T22:56:07.9830000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logon Notification for Customer Experience Improvement Program Event[1238]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:56:24.0480000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1239]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:56:27.1970000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1240]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:56:27.1980000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1241]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:56:27.1980000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1242]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:56:36.6630000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1243]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:56:41.4020000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1244]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:56:41.4740000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1245]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T22:57:56.4930000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[1246]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T22:57:56.9990000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Started: Windows has started installing the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.968.0) Event[1247]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T22:58:02.2160000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Successful: Windows successfully installed the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.968.0) Event[1248]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T22:58:11.4150000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[1249]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T22:58:11.4150000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Started: Windows has started installing the following update: LeMobile - Other hardware - Android Composite ADB Interface Event[1250]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T22:58:12.0720000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Successful: Windows successfully installed the following update: LeMobile - Other hardware - Android Composite ADB Interface Event[1251]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T22:59:09.5730000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1252]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-18T23:18:25.4360000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat was cleared updating 0 keys and creating 0 modified pages. Event[1253]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T23:21:30.7270000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1254]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T23:22:14.1990000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1255]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T23:23:04.8190000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1256]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T23:25:48.3100000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[1257]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T23:25:48.3100000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Started: Windows has started installing the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.970.0) Event[1258]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-18T23:25:53.4420000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Successful: Windows successfully installed the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.970.0) Event[1259]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T23:33:07.7500000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1260]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T23:35:05.6430000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1261]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T23:35:49.9000000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1262]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T23:37:22.3730000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1263]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T23:44:33.9820000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1264]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T23:47:29.1500000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1265]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-18T23:57:09.1390000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1266]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T00:00:57.2760000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1267]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T00:01:00.3080000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1268]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T00:14:34.6820000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1269]: Log Name: System Source: Service Control Manager Date: 2021-05-19T00:15:34.8660000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[1270]: Log Name: System Source: Service Control Manager Date: 2021-05-19T00:15:44.5870000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: TAP-ProtonVPN Windows Adapter V9 Service File Name: \SystemRoot\System32\drivers\tapprotonvpn.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: Event[1271]: Log Name: System Source: Service Control Manager Date: 2021-05-19T00:15:47.0820000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: Wintun Service File Name: \SystemRoot\system32\DRIVERS\wintun.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: Event[1272]: Log Name: System Source: Microsoft-Windows-UserPnp Date: 2021-05-19T00:15:47.0840000Z Event ID: 20003 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Driver Management has concluded the process to add Service wintun for Device Instance ID ROOT\NET\0001 with the following status: 0. Event[1273]: Log Name: System Source: Service Control Manager Date: 2021-05-19T00:15:49.5900000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: ProtonVPN Service Service File Name: "C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe" Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem Event[1274]: Log Name: System Source: Service Control Manager Date: 2021-05-19T00:15:49.5910000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: ProtonVPN Update Service Service File Name: "C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe" Service Type: user mode service Service Start Type: demand start Service Account: LocalSystem Event[1275]: Log Name: System Source: Service Control Manager Date: 2021-05-19T00:15:49.7320000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: ProtonVPN Callout Service File Name: "\??\C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.CalloutDriver.sys" Service Type: kernel mode driver Service Start Type: demand start Service Account: Event[1276]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T00:18:18.6210000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1277]: Log Name: System Source: Service Control Manager Date: 2021-05-19T00:24:16.2320000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[1278]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T00:29:45.6750000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1279]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T00:30:49.4380000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1280]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T00:31:17.7120000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1281]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T00:32:47.8600000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1282]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T00:35:52.7620000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1283]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T00:38:26.7630000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1284]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T00:40:13.5210000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1285]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T00:41:37.9200000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1286]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T00:42:34.3800000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1287]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-19T01:46:56.8200000Z Event ID: 12 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The operating system started at system time ?2021?-?05?-?18T17:46:56.500000000Z. Event[1288]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T01:46:56.8200000Z Event ID: 153 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Virtualization-based security (policies: 0) is disabled. Event[1289]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T01:46:56.8200000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The last shutdown's success status was false. The last boot's success status was true. Event[1290]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T01:46:56.8200000Z Event ID: 238 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: EFI time zone bias: 2047. Daylight flags: 0 Event[1291]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T01:46:56.8200000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot menu policy was 0x1. Event[1292]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T01:46:56.8200000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot type was 0x0. Event[1293]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T01:46:56.8200000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: There are 0x1 boot options on this system. Event[1294]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T01:46:56.8200000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The bootmgr spent 0 ms waiting for user input. Event[1295]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T01:46:56.8200000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The firmware reported boot metrics. Event[1296]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-19T01:46:56.8290000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The leap second configuration has been updated. Reason: Leap second data initialized from registry during boot Leap seconds enabled: true New leap second count: 0 Old leap second count: 0 Event[1297]: Log Name: System Source: EventLog Date: 2021-05-19T01:47:07.2820000Z Event ID: 6008 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The previous system shutdown at 1:46:03 am on ?19/?05/?2021 was unexpected. Event[1298]: Log Name: System Source: EventLog Date: 2021-05-19T01:47:07.2820000Z Event ID: 6009 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Microsoft (R) Windows (R) 10.00. 19042 Multiprocessor Free. Event[1299]: Log Name: System Source: EventLog Date: 2021-05-19T01:47:07.2820000Z Event ID: 6005 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Event log service was started. Event[1300]: Log Name: System Source: EventLog Date: 2021-05-19T01:47:07.2970000Z Event ID: 6013 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system uptime is 10 seconds. Event[1301]: Log Name: System Source: Microsoft-Windows-HAL Date: 2021-05-19T01:46:56.9410000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The iommu fault reporting has been initialized. Event[1302]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T01:46:57.6080000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileInfo' (10.0, ?2062?-?12?-?23T13:21:06.000000000Z) has successfully loaded and registered with Filter Manager. Event[1303]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T01:46:57.6090000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'Wof' (10.0, ?2024?-?08?-?23T22:35:41.000000000Z) has successfully loaded and registered with Filter Manager. Event[1304]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T01:46:57.6100000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'WdFilter' (10.0, ?1993?-?07?-?24T01:48:40.000000000Z) has successfully loaded and registered with Filter Manager. Event[1305]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-19T01:46:59.0640000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume C: (\Device\HarddiskVolume5) is healthy. No action is needed. Event[1306]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T01:46:59.1830000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileCrypt' (10.0, ?2002?-?03?-?01T19:12:42.000000000Z) has successfully loaded and registered with Filter Manager. Event[1307]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T01:46:59.1860000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'asrdmon' (6.1, ?2018?-?04?-?11T03:03:45.000000000Z) has successfully loaded and registered with Filter Manager. Event[1308]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T01:46:59.3040000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'npsvctrig' (10.0, ?2025?-?01?-?06T10:41:12.000000000Z) has successfully loaded and registered with Filter Manager. Event[1309]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-19T01:46:59.3490000Z Event ID: 41 Task: N/A Level: Critical Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Event[1310]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-19T01:46:59.3500000Z Event ID: 172 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Connectivity state in standby: Disconnected, Reason: NIC compliance Event[1311]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-19T01:46:59.6190000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume F: (\Device\HarddiskVolume10) is healthy. No action is needed. Event[1312]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-19T01:47:00.1880000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume E: (\Device\HarddiskVolume8) is healthy. No action is needed. Event[1313]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T01:47:01.3180000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1314]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T01:47:01.3180000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1315]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T01:47:01.3190000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1316]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T01:47:01.3190000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1317]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T01:47:01.3200000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1318]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T01:47:01.3210000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1319]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T01:47:01.3210000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1320]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T01:47:01.3220000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1321]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T01:47:01.3220000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 8 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1322]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T01:47:01.3230000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 9 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1323]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T01:47:01.3230000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 10 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1324]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T01:47:01.3240000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 11 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1325]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-19T01:47:01.4270000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume D: (\Device\HarddiskVolume2) is healthy. No action is needed. Event[1326]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-19T01:47:02.8490000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume \\?\Volume{e3ef0fe5-7c3c-4ff5-abf0-7b7d955f212e} (\Device\HarddiskVolume6) is healthy. No action is needed. Event[1327]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-19T01:47:04.2370000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[1328]: Log Name: System Source: Microsoft-Windows-Wininit Date: 2021-05-19T01:47:06.5220000Z Event ID: 14 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Credential Guard configuration: 0x0, 0 Event[1329]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-19T01:47:06.7260000Z Event ID: 16962 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. Event[1330]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-19T01:47:06.7340000Z Event ID: 16977 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 RelaxMinimumPasswordLengthLimits: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. Event[1331]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T01:47:07.2590000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'wcifs' (10.0, ?1971?-?08?-?10T19:27:38.000000000Z) has successfully loaded and registered with Filter Manager. Event[1332]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T01:47:07.3030000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'luafv' (10.0, ?2041?-?09?-?19T13:13:33.000000000Z) has successfully loaded and registered with Filter Manager. Event[1333]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T01:47:07.3130000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1334]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T01:47:07.3130000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (Version 10.0, ?2025?-?11?-?30T04:09:30.000000000Z) unloaded successfully. Event[1335]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T01:47:07.3130000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1336]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T01:47:07.3190000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'storqosflt' (10.0, ?2007?-?04?-?10T02:08:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1337]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T01:47:07.3240000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'bindflt' (10.0, ?2006?-?02?-?14T16:00:32.000000000Z) has successfully loaded and registered with Filter Manager. Event[1338]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-19T01:47:07.3550000Z Event ID: 50036 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client service is started Event[1339]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-19T01:47:07.3550000Z Event ID: 50103 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client registered for shutdown notification Event[1340]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-19T01:47:07.3760000Z Event ID: 51046 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service is started Event[1341]: Log Name: System Source: Service Control Manager Date: 2021-05-19T01:47:08.7190000Z Event ID: 7026 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The following boot-start or system-start driver(s) did not load: dam Event[1342]: Log Name: System Source: Microsoft-Windows-WER-SystemErrorReporting Date: 2021-05-19T01:47:11.8340000Z Event ID: 1001 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80717786f2d, 0xfffffe024e6bafb0, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 21786c6a-4023-4709-b05e-af4ca06a4d4b. Event[1343]: Log Name: System Source: Service Control Manager Date: 2021-05-19T01:57:18.3910000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: MpKsl8f8cdc1b Service File Name: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0C7F5AED-EE67-41F7-844D-9B1BB00BD237}\MpKslDrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: Event[1344]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-19T01:57:18.8600000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[1345]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-19T01:57:18.8600000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Started: Windows has started installing the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.978.0) Event[1346]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-19T01:57:23.9680000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Successful: Windows successfully installed the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.978.0) Event[1347]: Log Name: System Source: Service Control Manager Date: 2021-05-19T01:57:30.6430000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[1348]: Log Name: System Source: Service Control Manager Date: 2021-05-19T01:59:34.8160000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[1349]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-19T03:28:56.5030000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logon Notification for Customer Experience Improvement Program Event[1350]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T03:29:11.8040000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1351]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T03:30:25.6770000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1352]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T03:31:35.9040000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1353]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T03:31:38.6280000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1354]: Log Name: System Source: Service Control Manager Date: 2021-05-19T03:35:58.2150000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Windows Modules Installer service was changed from demand start to auto start. Event[1355]: Log Name: System Source: Service Control Manager Date: 2021-05-19T03:37:00.9110000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Windows Modules Installer service was changed from auto start to demand start. Event[1356]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T03:37:10.3390000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1357]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T03:37:10.4040000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1358]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T03:37:45.0890000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1359]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T03:38:10.8440000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1360]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T03:39:00.3450000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1361]: Log Name: System Source: User32 Date: 2021-05-19T03:41:45.7630000Z Event ID: 1074 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The process C:\Windows\System32\RuntimeBroker.exe (DESKTOP-5M67F4R) has initiated the restart of computer DESKTOP-5M67F4R on behalf of user DESKTOP-5M67F4R\man_l for the following reason: Other (Unplanned) Reason Code: 0x0 Shutdown Type: restart Comment: Event[1362]: Log Name: System Source: EventLog Date: 2021-05-19T03:41:49.4610000Z Event ID: 6006 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Event log service was stopped. Event[1363]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-19T03:41:49.0190000Z Event ID: 7002 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logoff Notification for Customer Experience Improvement Program Event[1364]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-19T03:41:49.4600000Z Event ID: 50104 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client received shutdown notification Event[1365]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-19T03:41:49.4600000Z Event ID: 50105 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client ProcessDHCPRequestForever received TERMINATE_EVENT Event[1366]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-19T03:41:49.4640000Z Event ID: 51047 Task: Service State Event Level: Information Opcode: ServiceStop Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service is stopped. ShutDown Flag value is 1 Event[1367]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-19T03:41:49.4640000Z Event ID: 51057 Task: Service State Event Level: Information Opcode: ServiceStopWithRefCount Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service stop is almost done.DHCP Context Ref count is 1 Event[1368]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-19T03:41:49.4640000Z Event ID: 50106 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 is waiting on DHCPv6 service to stop Event[1369]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-19T03:41:49.4660000Z Event ID: 50037 Task: Service State Event Level: Information Opcode: ServiceStop Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client service is stopped. ShutDown Flag value is 1 Event[1370]: Log Name: System Source: EventLog Date: 2021-05-19T03:42:14.8890000Z Event ID: 6009 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Microsoft (R) Windows (R) 10.00. 19042 Multiprocessor Free. Event[1371]: Log Name: System Source: EventLog Date: 2021-05-19T03:42:14.8890000Z Event ID: 6005 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Event log service was started. Event[1372]: Log Name: System Source: EventLog Date: 2021-05-19T03:42:14.8890000Z Event ID: 6013 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system uptime is 6 seconds. Event[1373]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-19T03:41:51.4260000Z Event ID: 109 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The kernel power manager has initiated a shutdown transition. Shutdown Reason: Kernel API Event[1374]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-19T03:41:53.0930000Z Event ID: 13 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The operating system is shutting down at system time ?2021?-?05?-?18T19:41:53.093456400Z. Event[1375]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-19T03:42:08.8170000Z Event ID: 12 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The operating system started at system time ?2021?-?05?-?18T19:42:08.500000000Z. Event[1376]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T03:42:08.8170000Z Event ID: 153 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Virtualization-based security (policies: 0) is disabled. Event[1377]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T03:42:08.8170000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The last shutdown's success status was true. The last boot's success status was true. Event[1378]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T03:42:08.8170000Z Event ID: 238 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: EFI time zone bias: 2047. Daylight flags: 0 Event[1379]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T03:42:08.8170000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot menu policy was 0x1. Event[1380]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T03:42:08.8170000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot type was 0x0. Event[1381]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T03:42:08.8170000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: There are 0x1 boot options on this system. Event[1382]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T03:42:08.8170000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The bootmgr spent 0 ms waiting for user input. Event[1383]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T03:42:08.8170000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The firmware reported boot metrics. Event[1384]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-19T03:42:08.8260000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The leap second configuration has been updated. Reason: Leap second data initialized from registry during boot Leap seconds enabled: true New leap second count: 0 Old leap second count: 0 Event[1385]: Log Name: System Source: Microsoft-Windows-HAL Date: 2021-05-19T03:42:08.9530000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The iommu fault reporting has been initialized. Event[1386]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T03:42:09.6240000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileInfo' (10.0, ?2062?-?12?-?23T13:21:06.000000000Z) has successfully loaded and registered with Filter Manager. Event[1387]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T03:42:09.6250000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'Wof' (10.0, ?2024?-?08?-?23T22:35:41.000000000Z) has successfully loaded and registered with Filter Manager. Event[1388]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T03:42:09.6260000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'WdFilter' (10.0, ?1993?-?07?-?24T01:48:40.000000000Z) has successfully loaded and registered with Filter Manager. Event[1389]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-19T03:42:10.0620000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume C: (\Device\HarddiskVolume5) is healthy. No action is needed. Event[1390]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T03:42:10.1290000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileCrypt' (10.0, ?2002?-?03?-?01T19:12:42.000000000Z) has successfully loaded and registered with Filter Manager. Event[1391]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T03:42:10.1320000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'asrdmon' (6.1, ?2018?-?04?-?11T03:03:45.000000000Z) has successfully loaded and registered with Filter Manager. Event[1392]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T03:42:10.2510000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'npsvctrig' (10.0, ?2025?-?01?-?06T10:41:12.000000000Z) has successfully loaded and registered with Filter Manager. Event[1393]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-19T03:42:10.2900000Z Event ID: 172 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Connectivity state in standby: Disconnected, Reason: NIC compliance Event[1394]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-19T03:42:10.5370000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume F: (\Device\HarddiskVolume10) is healthy. No action is needed. Event[1395]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T03:42:10.9450000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1396]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T03:42:10.9450000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1397]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T03:42:10.9460000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1398]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T03:42:10.9460000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1399]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T03:42:10.9470000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1400]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T03:42:10.9480000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1401]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T03:42:10.9480000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1402]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T03:42:10.9490000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1403]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T03:42:10.9490000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 8 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1404]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T03:42:10.9500000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 9 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1405]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T03:42:10.9510000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 10 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1406]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T03:42:10.9540000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 11 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1407]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-19T03:42:11.0050000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume E: (\Device\HarddiskVolume8) is healthy. No action is needed. Event[1408]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-19T03:42:11.6570000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume D: (\Device\HarddiskVolume2) is healthy. No action is needed. Event[1409]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-19T03:42:12.1210000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume \\?\Volume{e3ef0fe5-7c3c-4ff5-abf0-7b7d955f212e} (\Device\HarddiskVolume6) is healthy. No action is needed. Event[1410]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-19T03:42:12.8090000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[1411]: Log Name: System Source: Microsoft-Windows-Wininit Date: 2021-05-19T03:42:14.2260000Z Event ID: 14 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Credential Guard configuration: 0x0, 0 Event[1412]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-19T03:42:14.4210000Z Event ID: 16962 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. Event[1413]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-19T03:42:14.4330000Z Event ID: 16977 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 RelaxMinimumPasswordLengthLimits: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. Event[1414]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T03:42:14.8820000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'wcifs' (10.0, ?1971?-?08?-?10T19:27:38.000000000Z) has successfully loaded and registered with Filter Manager. Event[1415]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T03:42:14.9170000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'luafv' (10.0, ?2041?-?09?-?19T13:13:33.000000000Z) has successfully loaded and registered with Filter Manager. Event[1416]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T03:42:14.9270000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1417]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T03:42:14.9270000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (Version 10.0, ?2025?-?11?-?30T04:09:30.000000000Z) unloaded successfully. Event[1418]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T03:42:14.9270000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1419]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T03:42:14.9330000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'storqosflt' (10.0, ?2007?-?04?-?10T02:08:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1420]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T03:42:14.9370000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'bindflt' (10.0, ?2006?-?02?-?14T16:00:32.000000000Z) has successfully loaded and registered with Filter Manager. Event[1421]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-19T03:42:14.9490000Z Event ID: 50036 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client service is started Event[1422]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-19T03:42:14.9490000Z Event ID: 50103 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client registered for shutdown notification Event[1423]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-19T03:42:15.0170000Z Event ID: 51046 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service is started Event[1424]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-19T03:42:15.2470000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logon Notification for Customer Experience Improvement Program Event[1425]: Log Name: System Source: Service Control Manager Date: 2021-05-19T03:42:16.3420000Z Event ID: 7026 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The following boot-start or system-start driver(s) did not load: dam Event[1426]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T03:42:33.3470000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1427]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T03:42:37.0050000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1428]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T03:42:37.0050000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1429]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T03:42:37.0060000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1430]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-19T03:55:35.5220000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat was cleared updating 0 keys and creating 0 modified pages. Event[1431]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-19T04:42:11.8190000Z Event ID: 12 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The operating system started at system time ?2021?-?05?-?18T20:42:11.500000000Z. Event[1432]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T04:42:11.8200000Z Event ID: 153 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Virtualization-based security (policies: 0) is disabled. Event[1433]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T04:42:11.8200000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The last shutdown's success status was false. The last boot's success status was true. Event[1434]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T04:42:11.8200000Z Event ID: 238 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: EFI time zone bias: 2047. Daylight flags: 0 Event[1435]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T04:42:11.8200000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot menu policy was 0x1. Event[1436]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T04:42:11.8200000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot type was 0x0. Event[1437]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T04:42:11.8200000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: There are 0x1 boot options on this system. Event[1438]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T04:42:11.8200000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The bootmgr spent 0 ms waiting for user input. Event[1439]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T04:42:11.8200000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The firmware reported boot metrics. Event[1440]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-19T04:42:11.8290000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The leap second configuration has been updated. Reason: Leap second data initialized from registry during boot Leap seconds enabled: true New leap second count: 0 Old leap second count: 0 Event[1441]: Log Name: System Source: Microsoft-Windows-HAL Date: 2021-05-19T04:42:11.9340000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The iommu fault reporting has been initialized. Event[1442]: Log Name: System Source: EventLog Date: 2021-05-19T04:42:18.3050000Z Event ID: 6008 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The previous system shutdown at 4:41:15 am on ?19/?05/?2021 was unexpected. Event[1443]: Log Name: System Source: EventLog Date: 2021-05-19T04:42:18.3050000Z Event ID: 6009 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Microsoft (R) Windows (R) 10.00. 19042 Multiprocessor Free. Event[1444]: Log Name: System Source: EventLog Date: 2021-05-19T04:42:18.3050000Z Event ID: 6005 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Event log service was started. Event[1445]: Log Name: System Source: EventLog Date: 2021-05-19T04:42:18.3050000Z Event ID: 6013 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system uptime is 6 seconds. Event[1446]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T04:42:12.6240000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileInfo' (10.0, ?2062?-?12?-?23T13:21:06.000000000Z) has successfully loaded and registered with Filter Manager. Event[1447]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T04:42:12.6250000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'Wof' (10.0, ?2024?-?08?-?23T22:35:41.000000000Z) has successfully loaded and registered with Filter Manager. Event[1448]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T04:42:12.6260000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'WdFilter' (10.0, ?1993?-?07?-?24T01:48:40.000000000Z) has successfully loaded and registered with Filter Manager. Event[1449]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-19T04:42:13.1190000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume C: (\Device\HarddiskVolume5) is healthy. No action is needed. Event[1450]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T04:42:13.2320000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileCrypt' (10.0, ?2002?-?03?-?01T19:12:42.000000000Z) has successfully loaded and registered with Filter Manager. Event[1451]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T04:42:13.2350000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'asrdmon' (6.1, ?2018?-?04?-?11T03:03:45.000000000Z) has successfully loaded and registered with Filter Manager. Event[1452]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T04:42:13.3530000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'npsvctrig' (10.0, ?2025?-?01?-?06T10:41:12.000000000Z) has successfully loaded and registered with Filter Manager. Event[1453]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-19T04:42:13.4000000Z Event ID: 41 Task: N/A Level: Critical Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Event[1454]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-19T04:42:13.4000000Z Event ID: 172 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Connectivity state in standby: Disconnected, Reason: NIC compliance Event[1455]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-19T04:42:13.6620000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume F: (\Device\HarddiskVolume10) is healthy. No action is needed. Event[1456]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T04:42:14.1030000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1457]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T04:42:14.1030000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1458]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T04:42:14.1040000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1459]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T04:42:14.1040000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1460]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T04:42:14.1050000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1461]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T04:42:14.1050000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1462]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T04:42:14.1060000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1463]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T04:42:14.1070000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1464]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T04:42:14.1070000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 8 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1465]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T04:42:14.1080000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 9 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1466]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T04:42:14.1090000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 10 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1467]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T04:42:14.1130000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 11 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1468]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-19T04:42:14.2660000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume E: (\Device\HarddiskVolume8) is healthy. No action is needed. Event[1469]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-19T04:42:14.8810000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume D: (\Device\HarddiskVolume2) is healthy. No action is needed. Event[1470]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-19T04:42:15.3340000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume \\?\Volume{e3ef0fe5-7c3c-4ff5-abf0-7b7d955f212e} (\Device\HarddiskVolume6) is healthy. No action is needed. Event[1471]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-19T04:42:15.9940000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[1472]: Log Name: System Source: Microsoft-Windows-Wininit Date: 2021-05-19T04:42:17.4520000Z Event ID: 14 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Credential Guard configuration: 0x0, 0 Event[1473]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-19T04:42:17.6960000Z Event ID: 16962 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. Event[1474]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-19T04:42:17.7040000Z Event ID: 16977 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 RelaxMinimumPasswordLengthLimits: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. Event[1475]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T04:42:18.2810000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'wcifs' (10.0, ?1971?-?08?-?10T19:27:38.000000000Z) has successfully loaded and registered with Filter Manager. Event[1476]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T04:42:18.3170000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'luafv' (10.0, ?2041?-?09?-?19T13:13:33.000000000Z) has successfully loaded and registered with Filter Manager. Event[1477]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T04:42:18.3270000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1478]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T04:42:18.3270000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (Version 10.0, ?2025?-?11?-?30T04:09:30.000000000Z) unloaded successfully. Event[1479]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T04:42:18.3270000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1480]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T04:42:18.3330000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'storqosflt' (10.0, ?2007?-?04?-?10T02:08:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1481]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T04:42:18.3400000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'bindflt' (10.0, ?2006?-?02?-?14T16:00:32.000000000Z) has successfully loaded and registered with Filter Manager. Event[1482]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-19T04:42:18.3690000Z Event ID: 50036 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client service is started Event[1483]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-19T04:42:18.3690000Z Event ID: 50103 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client registered for shutdown notification Event[1484]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-19T04:42:18.3880000Z Event ID: 51046 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service is started Event[1485]: Log Name: System Source: Service Control Manager Date: 2021-05-19T04:42:19.8830000Z Event ID: 7026 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The following boot-start or system-start driver(s) did not load: dam Event[1486]: Log Name: System Source: Microsoft-Windows-WER-SystemErrorReporting Date: 2021-05-19T04:42:23.0620000Z Event ID: 1001 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80454ffec27, 0xffffd70d6abf6570, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 777055d3-c987-4718-ac13-537609376f20. Event[1487]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-19T04:53:47.0220000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[1488]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-19T04:53:47.0220000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Started: Windows has started installing the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.981.0) Event[1489]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-19T04:53:51.7520000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Successful: Windows successfully installed the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.981.0) Event[1490]: Log Name: System Source: EventLog Date: 2021-05-19T12:00:00.3050000Z Event ID: 6013 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system uptime is 26268 seconds. Event[1491]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-19T13:17:48.4410000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logon Notification for Customer Experience Improvement Program Event[1492]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T13:19:23.2140000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1493]: Log Name: System Source: Service Control Manager Date: 2021-05-19T13:20:29.5690000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[1494]: Log Name: System Source: Service Control Manager Date: 2021-05-19T13:22:41.7830000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[1495]: Log Name: System Source: Microsoft-Windows-GroupPolicy Date: 2021-05-19T13:23:59.4760000Z Event ID: 1502 Task: N/A Level: Information Opcode: Start Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The Group Policy settings for the computer were processed successfully. New settings from 1 Group Policy objects were detected and applied. Event[1496]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T13:28:35.3100000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1497]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T13:28:37.2500000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1498]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T13:30:03.4120000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1499]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T13:30:07.8940000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1500]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T13:33:23.2440000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1501]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T13:33:23.3110000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1502]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T13:34:37.2940000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1503]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T13:35:04.5730000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1504]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T13:35:38.0000000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1505]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T13:37:21.0560000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1506]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T13:37:42.2770000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1507]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-19T13:38:48.3920000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[1508]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-19T13:38:50.4380000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\RealtekSemiconductorCorp.RealtekAudioControl_1.11.217.0_x64__dt26b99r8h8gj\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[1509]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-19T13:38:55.2010000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Started: Windows has started installing the following update: 9P2B8MCSVPLN-RealtekSemiconductorCorp.RealtekAudioControl Event[1510]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-19T13:38:55.8910000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Successful: Windows successfully installed the following update: 9P2B8MCSVPLN-RealtekSemiconductorCorp.RealtekAudioControl Event[1511]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T13:40:48.7310000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1512]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T13:42:48.2760000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1513]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T13:43:13.8080000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1514]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T13:46:48.1060000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1515]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T13:47:06.9980000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1516]: Log Name: System Source: Microsoft-Windows-DNS-Client Date: 2021-05-19T13:47:49.3450000Z Event ID: 1014 Task: N/A Level: Warning Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: DESKTOP-5M67F4R Description: Name resolution for the name pxqfaumdituht timed out after none of the configured DNS servers responded. Event[1517]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-19T13:52:52.7520000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat was cleared updating 0 keys and creating 0 modified pages. Event[1518]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T14:04:32.2460000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1519]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T14:04:59.8930000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1520]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T14:04:59.9270000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1521]: Log Name: System Source: Service Control Manager Date: 2021-05-19T14:05:37.0190000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[1522]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T14:06:18.4460000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1523]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T14:07:28.5900000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1524]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T14:07:51.8840000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1525]: Log Name: System Source: Service Control Manager Date: 2021-05-19T14:08:09.2770000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[1526]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T14:10:13.1710000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1527]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T14:11:00.1500000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1528]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T14:38:14.1540000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1529]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T15:46:05.2760000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1530]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T15:53:32.1400000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FsDepends' (10.0, ?2075?-?05?-?13T20:47:34.000000000Z) has successfully loaded and registered with Filter Manager. Event[1531]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T17:02:33.4340000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1532]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T17:03:38.2500000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1533]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T17:03:38.2960000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1534]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T17:04:29.8950000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1535]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T17:05:09.9910000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1536]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T17:07:15.4450000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1537]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T17:09:09.6450000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1538]: Log Name: System Source: Microsoft-Windows-Time-Service Date: 2021-05-19T18:00:21.5820000Z Event ID: 158 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The time provider 'VMICTimeProvider' has indicated that the current hardware and operating environment is not supported and has stopped. This behavior is expected for VMICTimeProvider on non-HyperV-guest environments. This may be the expected behavior for the current provider in the current operating environment as well. Event[1539]: Log Name: System Source: Microsoft-Windows-Time-Service Date: 2021-05-19T18:00:23.1280000Z Event ID: 37 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The time provider NtpClient is currently receiving valid time data from time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->20.189.79.72:123). Event[1540]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T18:00:24.9460000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1541]: Log Name: System Source: Microsoft-Windows-Time-Service Date: 2021-05-19T18:00:37.5990000Z Event ID: 35 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The time service is now synchronizing the system time with the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->20.189.79.72:123) with reference id 1213185300. Current local stratum number is 4. Event[1542]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-19T18:00:37.6000000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[1543]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-19T18:00:37.6000000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The system time has changed to ?2021?-?05?-?19T10:00:37.600024100Z from ?2021?-?05?-?19T10:00:37.599588300Z. Change Reason: An application or system component changed the time. Process: '\Device\HarddiskVolume5\Windows\System32\svchost.exe' (PID 11232). Event[1544]: Log Name: System Source: Service Control Manager Date: 2021-05-19T18:00:39.6650000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: MpKslbfe6f8a6 Service File Name: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{22126AF6-B167-427A-8C91-5139A4FA9E34}\MpKslDrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: Event[1545]: Log Name: System Source: Service Control Manager Date: 2021-05-19T18:00:51.3610000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[1546]: Log Name: System Source: User32 Date: 2021-05-19T18:01:57.8800000Z Event ID: 1074 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The process C:\Windows\System32\RuntimeBroker.exe (DESKTOP-5M67F4R) has initiated the power off of computer DESKTOP-5M67F4R on behalf of user DESKTOP-5M67F4R\man_l for the following reason: Other (Unplanned) Reason Code: 0x0 Shutdown Type: power off Comment: Event[1547]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-19T18:02:01.7880000Z Event ID: 7002 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logoff Notification for Customer Experience Improvement Program Event[1548]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-19T18:02:02.1170000Z Event ID: 187 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User-mode process attempted to change the system state by calling SetSuspendState or SetSystemPowerState APIs. Event[1549]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-19T18:02:02.6750000Z Event ID: 42 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system is entering sleep. Sleep Reason: Application API Event[1550]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-19T18:02:05.2300000Z Event ID: 107 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system has resumed from sleep. Event[1551]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-19T21:55:12.5000000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: Time User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system time has changed to ?2021?-?05?-?19T13:55:12.500000000Z from ?2021?-?05?-?19T10:02:05.230171200Z. Change Reason: System time synchronized with the hardware clock. Process: '' (PID 4). Event[1552]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T21:55:15.5470000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The firmware reported boot metrics. Event[1553]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T21:55:15.5480000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: There are 0x1 boot options on this system. Event[1554]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T21:55:15.5480000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The bootmgr spent 0 ms waiting for user input. Event[1555]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T21:55:15.5480000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The boot menu policy was 0x1. Event[1556]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T21:55:15.5480000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The boot type was 0x1. Event[1557]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-19T21:55:16.8170000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logon Notification for Customer Experience Improvement Program Event[1558]: Log Name: System Source: Microsoft-Windows-Power-Troubleshooter Date: 2021-05-19T21:55:17.5400000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: The system has returned from a low power state. Sleep Time: ?2021?-?05?-?19T10:02:02.113461500Z Wake Time: ?2021?-?05?-?19T13:55:15.615011300Z Wake Source: Unknown Event[1559]: Log Name: System Source: Service Control Manager Date: 2021-05-19T21:56:02.8900000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[1560]: Log Name: System Source: Service Control Manager Date: 2021-05-19T21:58:15.3900000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[1561]: Log Name: System Source: Service Control Manager Date: 2021-05-19T22:00:20.1010000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[1562]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T22:15:55.9230000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1563]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T22:17:50.7300000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1564]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T22:17:50.7970000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1565]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T22:18:03.3030000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1566]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T22:27:34.0900000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1567]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T22:37:01.5000000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1568]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T22:39:16.7690000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1569]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T22:40:14.4060000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1570]: Log Name: System Source: Microsoft-Windows-DNS-Client Date: 2021-05-19T22:42:29.5830000Z Event ID: 1014 Task: N/A Level: Warning Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: DESKTOP-5M67F4R Description: Name resolution for the name music.youtube.com timed out after none of the configured DNS servers responded. Event[1571]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T22:42:49.7750000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1572]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T23:17:38.5580000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1573]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T23:19:14.7600000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1574]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T23:20:28.4540000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1575]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-19T23:22:26.8220000Z Event ID: 12 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The operating system started at system time ?2021?-?05?-?19T15:22:26.500000000Z. Event[1576]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T23:22:26.8220000Z Event ID: 153 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Virtualization-based security (policies: 0) is disabled. Event[1577]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T23:22:26.8220000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The last shutdown's success status was false. The last boot's success status was true. Event[1578]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T23:22:26.8220000Z Event ID: 238 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: EFI time zone bias: 2047. Daylight flags: 0 Event[1579]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T23:22:26.8220000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot menu policy was 0x1. Event[1580]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T23:22:26.8220000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot type was 0x0. Event[1581]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T23:22:26.8220000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: There are 0x1 boot options on this system. Event[1582]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T23:22:26.8220000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The bootmgr spent 0 ms waiting for user input. Event[1583]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-19T23:22:26.8220000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The firmware reported boot metrics. Event[1584]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-19T23:22:26.8310000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The leap second configuration has been updated. Reason: Leap second data initialized from registry during boot Leap seconds enabled: true New leap second count: 0 Old leap second count: 0 Event[1585]: Log Name: System Source: EventLog Date: 2021-05-19T23:22:33.2610000Z Event ID: 6008 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The previous system shutdown at 11:21:30 pm on ?19/?05/?2021 was unexpected. Event[1586]: Log Name: System Source: EventLog Date: 2021-05-19T23:22:33.2610000Z Event ID: 6009 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Microsoft (R) Windows (R) 10.00. 19042 Multiprocessor Free. Event[1587]: Log Name: System Source: EventLog Date: 2021-05-19T23:22:33.2610000Z Event ID: 6005 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Event log service was started. Event[1588]: Log Name: System Source: EventLog Date: 2021-05-19T23:22:33.2610000Z Event ID: 6013 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system uptime is 6 seconds. Event[1589]: Log Name: System Source: Microsoft-Windows-HAL Date: 2021-05-19T23:22:26.9500000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The iommu fault reporting has been initialized. Event[1590]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T23:22:27.6240000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileInfo' (10.0, ?2062?-?12?-?23T13:21:06.000000000Z) has successfully loaded and registered with Filter Manager. Event[1591]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T23:22:27.6250000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'Wof' (10.0, ?2024?-?08?-?23T22:35:41.000000000Z) has successfully loaded and registered with Filter Manager. Event[1592]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T23:22:27.6260000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'WdFilter' (10.0, ?1993?-?07?-?24T01:48:40.000000000Z) has successfully loaded and registered with Filter Manager. Event[1593]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-19T23:22:28.3360000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume C: (\Device\HarddiskVolume5) is healthy. No action is needed. Event[1594]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T23:22:28.4010000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileCrypt' (10.0, ?2002?-?03?-?01T19:12:42.000000000Z) has successfully loaded and registered with Filter Manager. Event[1595]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T23:22:28.4040000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'asrdmon' (6.1, ?2018?-?04?-?11T03:03:45.000000000Z) has successfully loaded and registered with Filter Manager. Event[1596]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T23:22:28.5220000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'npsvctrig' (10.0, ?2025?-?01?-?06T10:41:12.000000000Z) has successfully loaded and registered with Filter Manager. Event[1597]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-19T23:22:28.5660000Z Event ID: 41 Task: N/A Level: Critical Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Event[1598]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-19T23:22:28.5670000Z Event ID: 172 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Connectivity state in standby: Disconnected, Reason: NIC compliance Event[1599]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-19T23:22:28.8420000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume F: (\Device\HarddiskVolume10) is healthy. No action is needed. Event[1600]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T23:22:29.4110000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1601]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T23:22:29.4120000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1602]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T23:22:29.4130000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1603]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T23:22:29.4130000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1604]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T23:22:29.4140000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1605]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T23:22:29.4140000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1606]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T23:22:29.4150000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1607]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T23:22:29.4160000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1608]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T23:22:29.4160000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 8 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1609]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T23:22:29.4170000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 9 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1610]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T23:22:29.4180000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 10 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1611]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-19T23:22:29.4180000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 11 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1612]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-19T23:22:29.4320000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume E: (\Device\HarddiskVolume8) is healthy. No action is needed. Event[1613]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-19T23:22:30.0400000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume D: (\Device\HarddiskVolume2) is healthy. No action is needed. Event[1614]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-19T23:22:30.4800000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume \\?\Volume{e3ef0fe5-7c3c-4ff5-abf0-7b7d955f212e} (\Device\HarddiskVolume6) is healthy. No action is needed. Event[1615]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-19T23:22:31.1860000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[1616]: Log Name: System Source: Microsoft-Windows-Wininit Date: 2021-05-19T23:22:32.6150000Z Event ID: 14 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Credential Guard configuration: 0x0, 0 Event[1617]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-19T23:22:32.8110000Z Event ID: 16962 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. Event[1618]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-19T23:22:32.8190000Z Event ID: 16977 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 RelaxMinimumPasswordLengthLimits: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. Event[1619]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T23:22:33.2400000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'wcifs' (10.0, ?1971?-?08?-?10T19:27:38.000000000Z) has successfully loaded and registered with Filter Manager. Event[1620]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T23:22:33.3290000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'luafv' (10.0, ?2041?-?09?-?19T13:13:33.000000000Z) has successfully loaded and registered with Filter Manager. Event[1621]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T23:22:33.3390000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1622]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T23:22:33.3390000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (Version 10.0, ?2025?-?11?-?30T04:09:30.000000000Z) unloaded successfully. Event[1623]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T23:22:33.3390000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1624]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T23:22:33.3440000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'storqosflt' (10.0, ?2007?-?04?-?10T02:08:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1625]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-19T23:22:33.3500000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'bindflt' (10.0, ?2006?-?02?-?14T16:00:32.000000000Z) has successfully loaded and registered with Filter Manager. Event[1626]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-19T23:22:33.3630000Z Event ID: 50036 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client service is started Event[1627]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-19T23:22:33.3630000Z Event ID: 50103 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client registered for shutdown notification Event[1628]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-19T23:22:33.3870000Z Event ID: 51046 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service is started Event[1629]: Log Name: System Source: Service Control Manager Date: 2021-05-19T23:22:34.8700000Z Event ID: 7026 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The following boot-start or system-start driver(s) did not load: dam Event[1630]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-19T23:22:41.1230000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logon Notification for Customer Experience Improvement Program Event[1631]: Log Name: System Source: Service Control Manager Date: 2021-05-19T23:22:44.1860000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[1632]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T23:24:35.8160000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1633]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T23:24:35.8170000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1634]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-19T23:24:35.8170000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1635]: Log Name: System Source: Service Control Manager Date: 2021-05-19T23:24:48.6300000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[1636]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-19T23:32:48.4200000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[1637]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-19T23:32:48.4200000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Started: Windows has started installing the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.1035.0) Event[1638]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-19T23:32:54.2600000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Successful: Windows successfully installed the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.1035.0) Event[1639]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-20T00:18:05.8180000Z Event ID: 12 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The operating system started at system time ?2021?-?05?-?19T16:18:05.500000000Z. Event[1640]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T00:18:05.8180000Z Event ID: 153 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Virtualization-based security (policies: 0) is disabled. Event[1641]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T00:18:05.8180000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The last shutdown's success status was false. The last boot's success status was true. Event[1642]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T00:18:05.8180000Z Event ID: 238 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: EFI time zone bias: 2047. Daylight flags: 0 Event[1643]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T00:18:05.8180000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot menu policy was 0x1. Event[1644]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T00:18:05.8180000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot type was 0x0. Event[1645]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T00:18:05.8180000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: There are 0x1 boot options on this system. Event[1646]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T00:18:05.8180000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The bootmgr spent 0 ms waiting for user input. Event[1647]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T00:18:05.8180000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The firmware reported boot metrics. Event[1648]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-20T00:18:05.8270000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The leap second configuration has been updated. Reason: Leap second data initialized from registry during boot Leap seconds enabled: true New leap second count: 0 Old leap second count: 0 Event[1649]: Log Name: System Source: EventLog Date: 2021-05-20T00:18:12.1460000Z Event ID: 6008 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The previous system shutdown at 12:16:33 am on ?20/?05/?2021 was unexpected. Event[1650]: Log Name: System Source: EventLog Date: 2021-05-20T00:18:12.1460000Z Event ID: 6009 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Microsoft (R) Windows (R) 10.00. 19042 Multiprocessor Free. Event[1651]: Log Name: System Source: EventLog Date: 2021-05-20T00:18:12.1460000Z Event ID: 6005 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Event log service was started. Event[1652]: Log Name: System Source: EventLog Date: 2021-05-20T00:18:12.1460000Z Event ID: 6013 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system uptime is 6 seconds. Event[1653]: Log Name: System Source: Microsoft-Windows-HAL Date: 2021-05-20T00:18:05.9580000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The iommu fault reporting has been initialized. Event[1654]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T00:18:06.6550000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileInfo' (10.0, ?2062?-?12?-?23T13:21:06.000000000Z) has successfully loaded and registered with Filter Manager. Event[1655]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T00:18:06.6560000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'Wof' (10.0, ?2024?-?08?-?23T22:35:41.000000000Z) has successfully loaded and registered with Filter Manager. Event[1656]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T00:18:06.6570000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'WdFilter' (10.0, ?1993?-?07?-?24T01:48:40.000000000Z) has successfully loaded and registered with Filter Manager. Event[1657]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-20T00:18:07.1180000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume C: (\Device\HarddiskVolume5) is healthy. No action is needed. Event[1658]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T00:18:07.1830000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileCrypt' (10.0, ?2002?-?03?-?01T19:12:42.000000000Z) has successfully loaded and registered with Filter Manager. Event[1659]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T00:18:07.1860000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'asrdmon' (6.1, ?2018?-?04?-?11T03:03:45.000000000Z) has successfully loaded and registered with Filter Manager. Event[1660]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T00:18:07.3510000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'npsvctrig' (10.0, ?2025?-?01?-?06T10:41:12.000000000Z) has successfully loaded and registered with Filter Manager. Event[1661]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-20T00:18:07.3960000Z Event ID: 41 Task: N/A Level: Critical Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Event[1662]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-20T00:18:07.3960000Z Event ID: 172 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Connectivity state in standby: Disconnected, Reason: NIC compliance Event[1663]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-20T00:18:07.6730000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume F: (\Device\HarddiskVolume10) is healthy. No action is needed. Event[1664]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T00:18:08.1460000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1665]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T00:18:08.1460000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1666]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T00:18:08.1470000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1667]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T00:18:08.1480000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1668]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T00:18:08.1480000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1669]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T00:18:08.1490000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1670]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T00:18:08.1490000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1671]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T00:18:08.1500000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1672]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T00:18:08.1510000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 8 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1673]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T00:18:08.1510000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 9 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1674]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T00:18:08.1520000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 10 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1675]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T00:18:08.1530000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 11 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1676]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-20T00:18:08.1790000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume E: (\Device\HarddiskVolume8) is healthy. No action is needed. Event[1677]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-20T00:18:08.8750000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume D: (\Device\HarddiskVolume2) is healthy. No action is needed. Event[1678]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-20T00:18:09.3370000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume \\?\Volume{e3ef0fe5-7c3c-4ff5-abf0-7b7d955f212e} (\Device\HarddiskVolume6) is healthy. No action is needed. Event[1679]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-20T00:18:10.0420000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[1680]: Log Name: System Source: Microsoft-Windows-Wininit Date: 2021-05-20T00:18:11.5110000Z Event ID: 14 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Credential Guard configuration: 0x0, 0 Event[1681]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-20T00:18:11.7030000Z Event ID: 16962 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. Event[1682]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-20T00:18:11.7110000Z Event ID: 16977 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 RelaxMinimumPasswordLengthLimits: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. Event[1683]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T00:18:12.1260000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'wcifs' (10.0, ?1971?-?08?-?10T19:27:38.000000000Z) has successfully loaded and registered with Filter Manager. Event[1684]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T00:18:12.1630000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'luafv' (10.0, ?2041?-?09?-?19T13:13:33.000000000Z) has successfully loaded and registered with Filter Manager. Event[1685]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T00:18:12.1720000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1686]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T00:18:12.1720000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (Version 10.0, ?2025?-?11?-?30T04:09:30.000000000Z) unloaded successfully. Event[1687]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T00:18:12.1720000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1688]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T00:18:12.1780000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'storqosflt' (10.0, ?2007?-?04?-?10T02:08:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1689]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T00:18:12.1830000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'bindflt' (10.0, ?2006?-?02?-?14T16:00:32.000000000Z) has successfully loaded and registered with Filter Manager. Event[1690]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-20T00:18:12.2000000Z Event ID: 50036 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client service is started Event[1691]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-20T00:18:12.2000000Z Event ID: 50103 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client registered for shutdown notification Event[1692]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-20T00:18:12.2230000Z Event ID: 51046 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service is started Event[1693]: Log Name: System Source: Service Control Manager Date: 2021-05-20T00:18:13.5060000Z Event ID: 7026 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The following boot-start or system-start driver(s) did not load: dam Event[1694]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-20T00:18:29.0760000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logon Notification for Customer Experience Improvement Program Event[1695]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T00:20:14.3250000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1696]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T00:20:14.3250000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1697]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T00:20:14.3260000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1698]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T00:22:10.8330000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1699]: Log Name: System Source: Microsoft-Windows-DNS-Client Date: 2021-05-20T00:25:22.7330000Z Event ID: 1014 Task: N/A Level: Warning Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: DESKTOP-5M67F4R Description: Name resolution for the name wpad timed out after none of the configured DNS servers responded. Event[1700]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-20T00:28:20.6160000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Windows Update started downloading an update. Event[1701]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-20T00:28:20.6160000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Started: Windows has started installing the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.1041.0) Event[1702]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-20T00:28:25.9580000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Installation Successful: Windows successfully installed the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.1041.0) Event[1703]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:13:07.5430000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1704]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:13:34.2220000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1705]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:13:41.4560000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1706]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:17:16.1300000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1707]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:18:13.2070000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1708]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:18:20.6770000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1709]: Log Name: System Source: Service Control Manager Date: 2021-05-20T01:18:21.0730000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[1710]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:18:25.3110000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1711]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:19:14.1180000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1712]: Log Name: System Source: Service Control Manager Date: 2021-05-20T01:19:18.7680000Z Event ID: 7045 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: A service was installed in the system. Service Name: SoundFlowPicker Service File Name: C:\ProgramData\SoundFlowPicker\SoundFlowPicker.exe Service Type: user mode service Service Start Type: auto start Service Account: LocalSystem Event[1713]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:19:25.3540000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1714]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:19:43.5920000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1715]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:19:56.3730000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1716]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:20:11.0540000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1717]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:20:22.3990000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1718]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:20:22.4730000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1719]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:20:27.1210000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1720]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:21:28.0110000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1721]: Log Name: System Source: Service Control Manager Date: 2021-05-20T01:22:24.7000000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[1722]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:22:30.0990000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1723]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:22:35.3370000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1724]: Log Name: System Source: Service Control Manager Date: 2021-05-20T01:22:40.8630000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[1725]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:22:45.6290000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1726]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:22:55.6660000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1727]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:23:09.2320000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1728]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:23:43.0980000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1729]: Log Name: System Source: Service Control Manager Date: 2021-05-20T01:25:07.1870000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[1730]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:27:28.2560000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1731]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:28:09.1380000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1732]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:30:06.3520000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1733]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:31:02.0910000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1734]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:31:55.3060000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1735]: Log Name: System Source: Microsoft-Windows-DNS-Client Date: 2021-05-20T01:34:35.8960000Z Event ID: 1014 Task: N/A Level: Warning Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: DESKTOP-5M67F4R Description: Name resolution for the name wpad timed out after none of the configured DNS servers responded. Event[1736]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:35:50.1650000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1737]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-20T01:38:08.9040000Z Event ID: 12 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The operating system started at system time ?2021?-?05?-?19T17:38:08.500000000Z. Event[1738]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T01:38:08.9040000Z Event ID: 153 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Virtualization-based security (policies: 0) is disabled. Event[1739]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T01:38:08.9040000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The last shutdown's success status was false. The last boot's success status was true. Event[1740]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T01:38:08.9050000Z Event ID: 238 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: EFI time zone bias: 2047. Daylight flags: 0 Event[1741]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T01:38:08.9050000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot menu policy was 0x1. Event[1742]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T01:38:08.9050000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The boot type was 0x0. Event[1743]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T01:38:08.9050000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: There are 0x1 boot options on this system. Event[1744]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T01:38:08.9050000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The bootmgr spent 0 ms waiting for user input. Event[1745]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T01:38:08.9050000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The firmware reported boot metrics. Event[1746]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-20T01:38:08.9130000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The leap second configuration has been updated. Reason: Leap second data initialized from registry during boot Leap seconds enabled: true New leap second count: 0 Old leap second count: 0 Event[1747]: Log Name: System Source: EventLog Date: 2021-05-20T01:38:20.4210000Z Event ID: 6008 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The previous system shutdown at 1:37:12 am on ?20/?05/?2021 was unexpected. Event[1748]: Log Name: System Source: EventLog Date: 2021-05-20T01:38:20.4210000Z Event ID: 6009 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: Microsoft (R) Windows (R) 10.00. 19042 Multiprocessor Free. Event[1749]: Log Name: System Source: EventLog Date: 2021-05-20T01:38:20.4210000Z Event ID: 6005 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The Event log service was started. Event[1750]: Log Name: System Source: EventLog Date: 2021-05-20T01:38:20.4360000Z Event ID: 6013 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The system uptime is 11 seconds. Event[1751]: Log Name: System Source: Microsoft-Windows-HAL Date: 2021-05-20T01:38:09.0120000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The iommu fault reporting has been initialized. Event[1752]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T01:38:09.7330000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileInfo' (10.0, ?2062?-?12?-?23T13:21:06.000000000Z) has successfully loaded and registered with Filter Manager. Event[1753]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T01:38:09.7340000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'Wof' (10.0, ?2024?-?08?-?23T22:35:41.000000000Z) has successfully loaded and registered with Filter Manager. Event[1754]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T01:38:09.7360000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'WdFilter' (10.0, ?1993?-?07?-?24T01:48:40.000000000Z) has successfully loaded and registered with Filter Manager. Event[1755]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-20T01:38:12.2340000Z Event ID: 98 Task: N/A Level: Error Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume C: (\Device\HarddiskVolume5) needs to be taken offline to perform a Full Chkdsk. Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME " locally or remotely via PowerShell. Event[1756]: Log Name: System Source: Ntfs Date: 2021-05-20T01:38:12.2580000Z Event ID: 55 Task: N/A Level: Error Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: A corruption was discovered in the file system structure on volume C:. The exact nature of the corruption is unknown. The file system structures need to be scanned and fixed offline. Event[1757]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T01:38:12.3470000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'FileCrypt' (10.0, ?2002?-?03?-?01T19:12:42.000000000Z) has successfully loaded and registered with Filter Manager. Event[1758]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T01:38:12.3500000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'asrdmon' (6.1, ?2018?-?04?-?11T03:03:45.000000000Z) has successfully loaded and registered with Filter Manager. Event[1759]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T01:38:12.4680000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'npsvctrig' (10.0, ?2025?-?01?-?06T10:41:12.000000000Z) has successfully loaded and registered with Filter Manager. Event[1760]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-20T01:38:12.5140000Z Event ID: 41 Task: N/A Level: Critical Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Event[1761]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-20T01:38:12.5140000Z Event ID: 172 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Connectivity state in standby: Disconnected, Reason: NIC compliance Event[1762]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-20T01:38:12.7620000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume F: (\Device\HarddiskVolume10) is healthy. No action is needed. Event[1763]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-20T01:38:13.4170000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume E: (\Device\HarddiskVolume8) is healthy. No action is needed. Event[1764]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T01:38:14.4740000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1765]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T01:38:14.4750000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1766]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T01:38:14.4750000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1767]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T01:38:14.4760000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1768]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T01:38:14.4760000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1769]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T01:38:14.4770000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1770]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T01:38:14.4780000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1771]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T01:38:14.4780000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1772]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T01:38:14.4790000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 8 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1773]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T01:38:14.4790000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 9 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1774]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T01:38:14.4800000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 10 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1775]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T01:38:14.4810000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Processor 11 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1776]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-20T01:38:14.5510000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume D: (\Device\HarddiskVolume2) is healthy. No action is needed. Event[1777]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-20T01:38:17.6040000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Volume \\?\Volume{e3ef0fe5-7c3c-4ff5-abf0-7b7d955f212e} (\Device\HarddiskVolume6) is healthy. No action is needed. Event[1778]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-20T01:38:18.3180000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[1779]: Log Name: System Source: Microsoft-Windows-Wininit Date: 2021-05-20T01:38:19.7720000Z Event ID: 14 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Credential Guard configuration: 0x0, 0 Event[1780]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-20T01:38:19.9720000Z Event ID: 16962 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. Event[1781]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-20T01:38:19.9800000Z Event ID: 16977 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 RelaxMinimumPasswordLengthLimits: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. Event[1782]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T01:38:20.4350000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'wcifs' (10.0, ?1971?-?08?-?10T19:27:38.000000000Z) has successfully loaded and registered with Filter Manager. Event[1783]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T01:38:20.4760000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'luafv' (10.0, ?2041?-?09?-?19T13:13:33.000000000Z) has successfully loaded and registered with Filter Manager. Event[1784]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-20T01:38:20.4800000Z Event ID: 50036 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client service is started Event[1785]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-20T01:38:20.4800000Z Event ID: 50103 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv4 client registered for shutdown notification Event[1786]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T01:38:20.4890000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1787]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T01:38:20.4890000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (Version 10.0, ?2025?-?11?-?30T04:09:30.000000000Z) unloaded successfully. Event[1788]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T01:38:20.4900000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1789]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T01:38:20.5200000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'storqosflt' (10.0, ?2007?-?04?-?10T02:08:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1790]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T01:38:20.5240000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: File System Filter 'bindflt' (10.0, ?2006?-?02?-?14T16:00:32.000000000Z) has successfully loaded and registered with Filter Manager. Event[1791]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-20T01:38:20.5260000Z Event ID: 51046 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: DESKTOP-5M67F4R Description: DHCPv6 client service is started Event[1792]: Log Name: System Source: Service Control Manager Date: 2021-05-20T01:38:21.9360000Z Event ID: 7026 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The following boot-start or system-start driver(s) did not load: dam Event[1793]: Log Name: System Source: Microsoft-Windows-WER-SystemErrorReporting Date: 2021-05-20T01:38:24.5650000Z Event ID: 1001 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: DESKTOP-5M67F4R Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x00000000000a3d6c, 0x0000000000000004, 0x0000000000070014). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: ec7b72f8-3ce6-4893-8143-afac5fc6b6a7. Event[1794]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-20T01:38:26.2030000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: User Logon Notification for Customer Experience Improvement Program Event[1795]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:38:41.4580000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1796]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:38:41.4590000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1797]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:38:41.4590000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1798]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T01:39:20.1620000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1799]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T02:21:43.0620000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1800]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T02:25:40.5830000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1801]: Log Name: System Source: Service Control Manager Date: 2021-05-20T02:26:13.8570000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The start type of the IKE and AuthIP IPsec Keying Modules service was changed from demand start to auto start. Event[1802]: Log Name: System Source: Microsoft-Windows-DNS-Client Date: 2021-05-20T02:26:59.1420000Z Event ID: 1014 Task: N/A Level: Warning Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: DESKTOP-5M67F4R Description: Name resolution for the name dm2304.storage.live.com timed out after none of the configured DNS servers responded. Event[1803]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T02:28:40.7850000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1804]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T02:36:15.8530000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1805]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T02:40:51.1140000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: DESKTOP-5M67F4R Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-5M67F4R\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1806]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-20T02:47:22.8300000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: DESKTOP-5M67F4R Description: The access history in hive \??\C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat was cleared updating 0 keys and creating 0 modified pages. Event[1807]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-20T02:49:52.8180000Z Event ID: 12 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The operating system started at system time ?2021?-?05?-?19T18:49:52.500000000Z. Event[1808]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T02:49:52.8180000Z Event ID: 153 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Virtualization-based security (policies: 0) is disabled. Event[1809]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T02:49:52.8180000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The last shutdown's success status was false. The last boot's success status was false. Event[1810]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T02:49:52.8180000Z Event ID: 238 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: EFI time zone bias: 2047. Daylight flags: 0 Event[1811]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T02:49:52.8180000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The boot menu policy was 0x1. Event[1812]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T02:49:52.8180000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The boot type was 0x0. Event[1813]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T02:49:52.8180000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: There are 0x1 boot options on this system. Event[1814]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T02:49:52.8180000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The bootmgr spent 0 ms waiting for user input. Event[1815]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T02:49:52.8180000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The firmware reported boot metrics. Event[1816]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-20T02:49:52.8270000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The leap second configuration has been updated. Reason: Leap second data initialized from registry during boot Leap seconds enabled: true New leap second count: 0 Old leap second count: 0 Event[1817]: Log Name: System Source: EventLog Date: 2021-05-20T02:50:00.4970000Z Event ID: 6011 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: Manman Description: The NetBIOS name and DNS host name of this machine have been changed from DESKTOP-5M67F4R to MANMAN. Event[1818]: Log Name: System Source: EventLog Date: 2021-05-20T02:50:00.5130000Z Event ID: 6008 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: Manman Description: The previous system shutdown at 2:47:20 am on ?20/?05/?2021 was unexpected. Event[1819]: Log Name: System Source: EventLog Date: 2021-05-20T02:50:00.5130000Z Event ID: 6009 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: Manman Description: Microsoft (R) Windows (R) 10.00. 19042 Multiprocessor Free. Event[1820]: Log Name: System Source: EventLog Date: 2021-05-20T02:50:00.5130000Z Event ID: 6005 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: Manman Description: The Event log service was started. Event[1821]: Log Name: System Source: EventLog Date: 2021-05-20T02:50:00.5130000Z Event ID: 6013 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: Manman Description: The system uptime is 8 seconds. Event[1822]: Log Name: System Source: Microsoft-Windows-HAL Date: 2021-05-20T02:49:52.9580000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The iommu fault reporting has been initialized. Event[1823]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T02:49:53.6240000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'FileInfo' (10.0, ?2062?-?12?-?23T13:21:06.000000000Z) has successfully loaded and registered with Filter Manager. Event[1824]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T02:49:53.6250000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'Wof' (10.0, ?2024?-?08?-?23T22:35:41.000000000Z) has successfully loaded and registered with Filter Manager. Event[1825]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T02:49:53.6260000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'WdFilter' (10.0, ?1993?-?07?-?24T01:48:40.000000000Z) has successfully loaded and registered with Filter Manager. Event[1826]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-20T02:49:54.5200000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Volume C: (\Device\HarddiskVolume5) is healthy. No action is needed. Event[1827]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T02:49:54.5860000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'FileCrypt' (10.0, ?2002?-?03?-?01T19:12:42.000000000Z) has successfully loaded and registered with Filter Manager. Event[1828]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T02:49:54.5880000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'asrdmon' (6.1, ?2018?-?04?-?11T03:03:45.000000000Z) has successfully loaded and registered with Filter Manager. Event[1829]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T02:49:54.7290000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'npsvctrig' (10.0, ?2025?-?01?-?06T10:41:12.000000000Z) has successfully loaded and registered with Filter Manager. Event[1830]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-20T02:49:54.7740000Z Event ID: 41 Task: N/A Level: Critical Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Event[1831]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-20T02:49:54.7750000Z Event ID: 172 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Connectivity state in standby: Disconnected, Reason: NIC compliance Event[1832]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-20T02:49:55.0220000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Volume F: (\Device\HarddiskVolume10) is healthy. No action is needed. Event[1833]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-20T02:49:55.4240000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Volume E: (\Device\HarddiskVolume8) is healthy. No action is needed. Event[1834]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T02:49:55.4270000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1835]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T02:49:55.4270000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1836]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T02:49:55.4280000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1837]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T02:49:55.4280000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1838]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T02:49:55.4290000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1839]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T02:49:55.4300000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1840]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T02:49:55.4300000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1841]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T02:49:55.4310000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1842]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T02:49:55.4310000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 8 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1843]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T02:49:55.4320000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 9 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1844]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T02:49:55.4330000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 10 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1845]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-20T02:49:55.4330000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 11 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[1846]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-20T02:49:56.0420000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Volume D: (\Device\HarddiskVolume2) is healthy. No action is needed. Event[1847]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-20T02:49:56.5940000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Volume \\?\Volume{e3ef0fe5-7c3c-4ff5-abf0-7b7d955f212e} (\Device\HarddiskVolume6) is healthy. No action is needed. Event[1848]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-20T02:49:57.4540000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[1849]: Log Name: System Source: Microsoft-Windows-Wininit Date: 2021-05-20T02:49:59.8740000Z Event ID: 14 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Credential Guard configuration: 0x0, 0 Event[1850]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-20T02:50:00.0800000Z Event ID: 16962 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. Event[1851]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-20T02:50:00.0880000Z Event ID: 16977 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 RelaxMinimumPasswordLengthLimits: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. Event[1852]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T02:50:00.4910000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'wcifs' (10.0, ?1971?-?08?-?10T19:27:38.000000000Z) has successfully loaded and registered with Filter Manager. Event[1853]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T02:50:00.5210000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'luafv' (10.0, ?2041?-?09?-?19T13:13:33.000000000Z) has successfully loaded and registered with Filter Manager. Event[1854]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T02:50:00.5320000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1855]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T02:50:00.5320000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'CldFlt' (Version 10.0, ?2025?-?11?-?30T04:09:30.000000000Z) unloaded successfully. Event[1856]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T02:50:00.5320000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1857]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T02:50:00.5620000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'storqosflt' (10.0, ?2007?-?04?-?10T02:08:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[1858]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-20T02:50:00.5670000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'bindflt' (10.0, ?2006?-?02?-?14T16:00:32.000000000Z) has successfully loaded and registered with Filter Manager. Event[1859]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-20T02:50:00.5860000Z Event ID: 50036 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: Manman Description: DHCPv4 client service is started Event[1860]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-20T02:50:00.5860000Z Event ID: 50103 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: Manman Description: DHCPv4 client registered for shutdown notification Event[1861]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-20T02:50:00.6050000Z Event ID: 51046 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: Manman Description: DHCPv6 client service is started Event[1862]: Log Name: System Source: Service Control Manager Date: 2021-05-20T02:50:02.0440000Z Event ID: 7026 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: Manman Description: The following boot-start or system-start driver(s) did not load: dam Event[1863]: Log Name: System Source: Microsoft-Windows-WER-SystemErrorReporting Date: 2021-05-20T02:50:05.0760000Z Event ID: 1001 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: Manman Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80637a9f62d, 0xffff9d852b55c5d0, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 64fdd2a9-41c3-4299-a589-adbeb3d6fe67. Event[1864]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-20T03:00:13.1150000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Windows Update started downloading an update. Event[1865]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-20T03:00:13.1160000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Installation Started: Windows has started installing the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.1052.0) Event[1866]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-20T03:00:18.5820000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Installation Successful: Windows successfully installed the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.1052.0) Event[1867]: Log Name: System Source: Microsoft-Windows-DNS-Client Date: 2021-05-20T03:17:49.3620000Z Event ID: 1014 Task: N/A Level: Warning Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: Manman Description: Name resolution for the name wpad timed out after none of the configured DNS servers responded. Event[1868]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-20T03:47:28.9450000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Windows Update started downloading an update. Event[1869]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-20T03:47:28.9450000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Windows Update started downloading an update. Event[1870]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-20T03:47:28.9450000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Windows Update started downloading an update. Event[1871]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-20T03:47:31.7600000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. Event[1872]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-20T03:47:34.2780000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Windows Update started downloading an update. Event[1873]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-20T03:47:34.2780000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Windows Update started downloading an update. Event[1874]: Log Name: System Source: EventLog Date: 2021-05-20T12:00:00.5130000Z Event ID: 6013 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: Manman Description: The system uptime is 33008 seconds. Event[1875]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-20T13:47:12.0950000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: User Logon Notification for Customer Experience Improvement Program Event[1876]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T13:48:16.7310000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1877]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T13:48:54.8030000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1878]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T13:48:54.8650000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1879]: Log Name: System Source: Service Control Manager Date: 2021-05-20T13:49:21.9550000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[1880]: Log Name: System Source: Service Control Manager Date: 2021-05-20T13:51:38.1840000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[1881]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T14:00:47.0400000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1882]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T14:07:51.4970000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1883]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T14:08:14.2770000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1884]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T14:08:14.3160000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1885]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T14:14:41.3130000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1886]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T14:20:12.6380000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1887]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T14:26:29.6730000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1888]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T14:31:54.3440000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1889]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T14:37:52.8330000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1890]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T14:42:21.2200000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1891]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T14:46:57.1720000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1892]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-20T14:51:09.1300000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The access history in hive \??\C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat was cleared updating 0 keys and creating 0 modified pages. Event[1893]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T14:51:28.0490000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1894]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T14:54:43.0990000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1895]: Log Name: System Source: User32 Date: 2021-05-20T14:59:38.9380000Z Event ID: 1074 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The process C:\Windows\System32\RuntimeBroker.exe (MANMAN) has initiated the power off of computer MANMAN on behalf of user MANMAN\man_l for the following reason: Other (Unplanned) Reason Code: 0x0 Shutdown Type: power off Comment: Event[1896]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-20T14:59:42.3710000Z Event ID: 7002 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: User Logoff Notification for Customer Experience Improvement Program Event[1897]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-20T14:59:42.7570000Z Event ID: 187 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: User-mode process attempted to change the system state by calling SetSuspendState or SetSystemPowerState APIs. Event[1898]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-20T14:59:43.0890000Z Event ID: 42 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: Manman Description: The system is entering sleep. Sleep Reason: Application API Event[1899]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-20T14:59:45.2750000Z Event ID: 107 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: Manman Description: The system has resumed from sleep. Event[1900]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-20T15:40:50.5000000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: Time User: N/A User Name: N/A Computer: Manman Description: The system time has changed to ?2021?-?05?-?20T07:40:50.500000000Z from ?2021?-?05?-?20T06:59:45.275369900Z. Change Reason: System time synchronized with the hardware clock. Process: '' (PID 4). Event[1901]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T15:40:53.0790000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: Manman Description: The firmware reported boot metrics. Event[1902]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T15:40:53.0790000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: Manman Description: There are 0x1 boot options on this system. Event[1903]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T15:40:53.0790000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: Manman Description: The bootmgr spent 0 ms waiting for user input. Event[1904]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T15:40:53.0790000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: Manman Description: The boot menu policy was 0x1. Event[1905]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T15:40:53.0790000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: Manman Description: The boot type was 0x1. Event[1906]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-20T15:40:54.3100000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: User Logon Notification for Customer Experience Improvement Program Event[1907]: Log Name: System Source: Microsoft-Windows-Power-Troubleshooter Date: 2021-05-20T15:40:55.0720000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: Manman Description: The system has returned from a low power state. Sleep Time: ?2021?-?05?-?20T06:59:42.753857900Z Wake Time: ?2021?-?05?-?20T07:40:53.096630500Z Wake Source: Unknown Event[1908]: Log Name: System Source: Service Control Manager Date: 2021-05-20T15:46:12.6610000Z Event ID: 7009 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: Manman Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Event[1909]: Log Name: System Source: Service Control Manager Date: 2021-05-20T15:46:12.6610000Z Event ID: 7000 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: Manman Description: The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Event[1910]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T15:46:12.9180000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1911]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T15:47:25.2070000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1912]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T15:47:27.3750000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1913]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T15:47:27.4400000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1914]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T15:47:50.3350000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1915]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T15:49:47.8140000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1916]: Log Name: System Source: Microsoft-Windows-DNS-Client Date: 2021-05-20T16:20:17.2950000Z Event ID: 1014 Task: N/A Level: Warning Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: Manman Description: Name resolution for the name opstm.paradoxplaza.com timed out after none of the configured DNS servers responded. Event[1917]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T18:15:42.2790000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1918]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T18:54:57.4200000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1919]: Log Name: System Source: Service Control Manager Date: 2021-05-20T18:55:26.0740000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[1920]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T18:55:59.5950000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1921]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T18:55:59.6380000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1922]: Log Name: System Source: Service Control Manager Date: 2021-05-20T18:57:30.8000000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[1923]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T18:59:30.7540000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1924]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T19:02:31.6290000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1925]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-20T19:03:17.6210000Z Event ID: 7002 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: User Logoff Notification for Customer Experience Improvement Program Event[1926]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-20T19:03:18.0060000Z Event ID: 187 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: User-mode process attempted to change the system state by calling SetSuspendState or SetSystemPowerState APIs. Event[1927]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-20T19:03:18.5790000Z Event ID: 42 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: Manman Description: The system is entering sleep. Sleep Reason: Application API Event[1928]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-20T19:03:24.1600000Z Event ID: 107 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: Manman Description: The system has resumed from sleep. Event[1929]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-20T22:20:02.5000000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: Time User: N/A User Name: N/A Computer: Manman Description: The system time has changed to ?2021?-?05?-?20T14:20:02.500000000Z from ?2021?-?05?-?20T11:03:24.154211200Z. Change Reason: System time synchronized with the hardware clock. Process: '' (PID 4). Event[1930]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T22:20:03.4280000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: Manman Description: The firmware reported boot metrics. Event[1931]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T22:20:03.4280000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: Manman Description: There are 0x1 boot options on this system. Event[1932]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T22:20:03.4280000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: Manman Description: The bootmgr spent 0 ms waiting for user input. Event[1933]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T22:20:03.4280000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: Manman Description: The boot menu policy was 0x1. Event[1934]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-20T22:20:03.4280000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: N/A User Name: N/A Computer: Manman Description: The boot type was 0x1. Event[1935]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-20T22:20:04.6920000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: User Logon Notification for Customer Experience Improvement Program Event[1936]: Log Name: System Source: Microsoft-Windows-Power-Troubleshooter Date: 2021-05-20T22:20:05.4260000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: Manman Description: The system has returned from a low power state. Sleep Time: ?2021?-?05?-?20T11:03:18.002148100Z Wake Time: ?2021?-?05?-?20T14:20:03.482355400Z Wake Source: Unknown Event[1937]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T22:21:21.4010000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1938]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T22:22:21.1930000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1939]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T22:22:21.2610000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1940]: Log Name: System Source: Service Control Manager Date: 2021-05-20T22:22:25.2210000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[1941]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T22:22:56.0810000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1942]: Log Name: System Source: Service Control Manager Date: 2021-05-20T22:24:45.4360000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[1943]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T22:25:27.6130000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1944]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T22:26:56.8010000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1945]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T22:27:07.5910000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1946]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T22:27:24.3270000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1947]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T22:39:45.9830000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1948]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T22:40:53.0150000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1949]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T22:41:18.2220000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1950]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T22:50:04.0060000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1951]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T22:56:09.9870000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1952]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T23:04:14.7610000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1953]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T23:05:18.8290000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1954]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T23:05:54.2820000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1955]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T23:08:45.8100000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1956]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T23:25:56.5050000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1957]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T23:32:00.5800000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1958]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T23:46:48.1440000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1959]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T23:49:49.5910000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1960]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T23:49:50.1940000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1961]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T23:50:33.0420000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1962]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T23:50:34.4550000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1963]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T23:55:34.9730000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1964]: Log Name: System Source: Microsoft-Windows-UserPnp Date: 2021-05-20T23:55:49.4280000Z Event ID: 20003 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Driver Management has concluded the process to add Service nvlddmkm for Device Instance ID PCI\VEN_10DE&DEV_1C82&SUBSYS_1C8210DE&REV_A1\4&1C3D25BB&0&0019 with the following status: 0. Event[1965]: Log Name: System Source: Service Control Manager Date: 2021-05-20T23:55:49.5500000Z Event ID: 7023 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: Manman Description: The NVIDIA LocalSystem Container service terminated with the following error: A generic command executable returned a result that indicates failure. Event[1966]: Log Name: System Source: Service Control Manager Date: 2021-05-20T23:55:49.5500000Z Event ID: 7031 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: Manman Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service. Event[1967]: Log Name: System Source: Microsoft-Windows-UserPnp Date: 2021-05-20T23:55:50.0020000Z Event ID: 20003 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Driver Management has concluded the process to add Service NVDisplay.ContainerLocalSystem for Device Instance ID PCI\VEN_10DE&DEV_1C82&SUBSYS_1C8210DE&REV_A1\4&1C3D25BB&0&0019 with the following status: 0. Event[1968]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T23:55:51.4940000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1969]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T23:59:13.0630000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1970]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-20T23:59:20.1110000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[1971]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-21T00:07:47.5720000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1972]: Log Name: System Source: Microsoft-Windows-DNS-Client Date: 2021-05-21T00:20:30.2880000Z Event ID: 1014 Task: N/A Level: Warning Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: Manman Description: Name resolution for the name wpad timed out after none of the configured DNS servers responded. Event[1973]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-21T00:33:19.6610000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1974]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-21T00:54:09.8540000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1975]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-21T01:47:43.5640000Z Event ID: 44 Task: Windows Update Agent Level: Information Opcode: Download Keyword: Download,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Windows Update started downloading an update. Event[1976]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-21T01:47:44.1900000Z Event ID: 43 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Started User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Installation Started: Windows has started installing the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.1121.0) Event[1977]: Log Name: System Source: Microsoft-Windows-WindowsUpdateClient Date: 2021-05-21T01:47:49.8430000Z Event ID: 19 Task: Windows Update Agent Level: Information Opcode: Installation Keyword: Installation,Success User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Installation Successful: Windows successfully installed the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.339.1121.0) Event[1978]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-21T01:53:42.0910000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[1979]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-21T01:55:16.8230000Z Event ID: 12 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The operating system started at system time ?2021?-?05?-?20T17:55:16.500000000Z. Event[1980]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-21T01:55:16.8240000Z Event ID: 153 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Virtualization-based security (policies: 0) is disabled. Event[1981]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-21T01:55:16.8240000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The last shutdown's success status was false. The last boot's success status was true. Event[1982]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-21T01:55:16.8240000Z Event ID: 238 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: EFI time zone bias: 2047. Daylight flags: 0 Event[1983]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-21T01:55:16.8240000Z Event ID: 25 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The boot menu policy was 0x1. Event[1984]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-21T01:55:16.8240000Z Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The boot type was 0x0. Event[1985]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-21T01:55:16.8240000Z Event ID: 18 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: There are 0x1 boot options on this system. Event[1986]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-21T01:55:16.8240000Z Event ID: 32 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The bootmgr spent 0 ms waiting for user input. Event[1987]: Log Name: System Source: Microsoft-Windows-Kernel-Boot Date: 2021-05-21T01:55:16.8240000Z Event ID: 30 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The firmware reported boot metrics. Event[1988]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-21T01:55:16.8330000Z Event ID: 20 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The leap second configuration has been updated. Reason: Leap second data initialized from registry during boot Leap seconds enabled: true New leap second count: 0 Old leap second count: 0 Event[1989]: Log Name: System Source: Microsoft-Windows-HAL Date: 2021-05-21T01:55:16.9630000Z Event ID: 16 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The iommu fault reporting has been initialized. Event[1990]: Log Name: System Source: EventLog Date: 2021-05-21T01:55:26.5000000Z Event ID: 6008 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: Manman Description: The previous system shutdown at 1:53:50 am on ?21/?05/?2021 was unexpected. Event[1991]: Log Name: System Source: EventLog Date: 2021-05-21T01:55:26.5000000Z Event ID: 6009 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: Manman Description: Microsoft (R) Windows (R) 10.00. 19042 Multiprocessor Free. Event[1992]: Log Name: System Source: EventLog Date: 2021-05-21T01:55:26.5000000Z Event ID: 6005 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: Manman Description: The Event log service was started. Event[1993]: Log Name: System Source: EventLog Date: 2021-05-21T01:55:26.5000000Z Event ID: 6013 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: Manman Description: The system uptime is 10 seconds. Event[1994]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-21T01:55:17.6240000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'FileInfo' (10.0, ?2062?-?12?-?23T13:21:06.000000000Z) has successfully loaded and registered with Filter Manager. Event[1995]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-21T01:55:17.6250000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'Wof' (10.0, ?2024?-?08?-?23T22:35:41.000000000Z) has successfully loaded and registered with Filter Manager. Event[1996]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-21T01:55:17.6260000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'WdFilter' (10.0, ?1993?-?07?-?24T01:48:40.000000000Z) has successfully loaded and registered with Filter Manager. Event[1997]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-21T01:55:19.8630000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Volume C: (\Device\HarddiskVolume5) is healthy. No action is needed. Event[1998]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-21T01:55:20.0390000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'FileCrypt' (10.0, ?2002?-?03?-?01T19:12:42.000000000Z) has successfully loaded and registered with Filter Manager. Event[1999]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-21T01:55:20.0420000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'asrdmon' (6.1, ?2018?-?04?-?11T03:03:45.000000000Z) has successfully loaded and registered with Filter Manager. Event[2000]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-21T01:55:20.1590000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'npsvctrig' (10.0, ?2025?-?01?-?06T10:41:12.000000000Z) has successfully loaded and registered with Filter Manager. Event[2001]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-21T01:55:20.2020000Z Event ID: 41 Task: N/A Level: Critical Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Event[2002]: Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 2021-05-21T01:55:20.2030000Z Event ID: 172 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Connectivity state in standby: Disconnected, Reason: NIC compliance Event[2003]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-21T01:55:20.4730000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Volume F: (\Device\HarddiskVolume10) is healthy. No action is needed. Event[2004]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-21T01:55:20.9910000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Volume E: (\Device\HarddiskVolume8) is healthy. No action is needed. Event[2005]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-21T01:55:21.9430000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 0 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[2006]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-21T01:55:21.9440000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 1 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[2007]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-21T01:55:21.9450000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 2 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[2008]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-21T01:55:21.9450000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 3 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[2009]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-21T01:55:21.9460000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 4 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[2010]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-21T01:55:21.9460000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 5 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[2011]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-21T01:55:21.9470000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 6 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[2012]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-21T01:55:21.9470000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 7 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[2013]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-21T01:55:21.9480000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 8 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[2014]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-21T01:55:21.9490000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 9 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[2015]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-21T01:55:21.9490000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 10 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[2016]: Log Name: System Source: Microsoft-Windows-Kernel-Processor-Power Date: 2021-05-21T01:55:21.9500000Z Event ID: 55 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Processor 11 in group 0 exposes the following power management capabilities: Idle state type: ACPI Idle (C) States (2 state(s)) Performance state type: ACPI Performance (P) / Throttle (T) States Nominal Frequency (MHz): 3200 Maximum performance percentage: 100 Minimum performance percentage: 48 Minimum throttle percentage: 48 Event[2017]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-21T01:55:22.0590000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Volume D: (\Device\HarddiskVolume2) is healthy. No action is needed. Event[2018]: Log Name: System Source: Microsoft-Windows-Ntfs Date: 2021-05-21T01:55:23.6730000Z Event ID: 98 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Volume \\?\Volume{e3ef0fe5-7c3c-4ff5-abf0-7b7d955f212e} (\Device\HarddiskVolume6) is healthy. No action is needed. Event[2019]: Log Name: System Source: Microsoft-Windows-Kernel-General Date: 2021-05-21T01:55:24.3920000Z Event ID: 24 Task: N/A Level: Information Opcode: Info Keyword: Time User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The time zone information was refreshed with exit reason 0. Current time zone bias is -480. Event[2020]: Log Name: System Source: Microsoft-Windows-Wininit Date: 2021-05-21T01:55:25.8770000Z Event ID: 14 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Credential Guard configuration: 0x0, 0 Event[2021]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-21T01:55:26.0680000Z Event ID: 16962 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. Event[2022]: Log Name: System Source: Microsoft-Windows-Directory-Services-SAM Date: 2021-05-21T01:55:26.0760000Z Event ID: 16977 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The domain is configured with the following minimum password length-related settings. MinimumPasswordLength: 0 RelaxMinimumPasswordLengthLimits: 0 MinimumPasswordLengthAudit: -1 For more information see https://go.microsoft.com/fwlink/?LinkId=2097191. Event[2023]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-21T01:55:26.4790000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'wcifs' (10.0, ?1971?-?08?-?10T19:27:38.000000000Z) has successfully loaded and registered with Filter Manager. Event[2024]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-21T01:55:26.5160000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'luafv' (10.0, ?2041?-?09?-?19T13:13:33.000000000Z) has successfully loaded and registered with Filter Manager. Event[2025]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-21T01:55:26.5260000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[2026]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-21T01:55:26.5260000Z Event ID: 1 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'CldFlt' (Version 10.0, ?2025?-?11?-?30T04:09:30.000000000Z) unloaded successfully. Event[2027]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-21T01:55:26.5260000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'CldFlt' (10.0, ?2025?-?11?-?30T04:09:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[2028]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-21T01:55:26.5310000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'storqosflt' (10.0, ?2007?-?04?-?10T02:08:30.000000000Z) has successfully loaded and registered with Filter Manager. Event[2029]: Log Name: System Source: Microsoft-Windows-FilterManager Date: 2021-05-21T01:55:26.5360000Z Event ID: 6 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: File System Filter 'bindflt' (10.0, ?2006?-?02?-?14T16:00:32.000000000Z) has successfully loaded and registered with Filter Manager. Event[2030]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-21T01:55:26.5590000Z Event ID: 50036 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: Manman Description: DHCPv4 client service is started Event[2031]: Log Name: System Source: Microsoft-Windows-Dhcp-Client Date: 2021-05-21T01:55:26.5590000Z Event ID: 50103 Task: Service State Event Level: Information Opcode: ServiceShutdown Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: Manman Description: DHCPv4 client registered for shutdown notification Event[2032]: Log Name: System Source: Microsoft-Windows-DHCPv6-Client Date: 2021-05-21T01:55:26.5820000Z Event ID: 51046 Task: Service State Event Level: Information Opcode: ServiceStart Keyword: N/A User: S-1-5-19 User Name: NT AUTHORITY\LOCAL SERVICE Computer: Manman Description: DHCPv6 client service is started Event[2033]: Log Name: System Source: Service Control Manager Date: 2021-05-21T01:55:27.9840000Z Event ID: 7026 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: Manman Description: The following boot-start or system-start driver(s) did not load: dam Event[2034]: Log Name: System Source: Microsoft-Windows-WER-SystemErrorReporting Date: 2021-05-21T01:55:30.8600000Z Event ID: 1001 Task: N/A Level: Error Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: Manman Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x00000139 (0x0000000000000004, 0xffffd800755e4010, 0xffffd800755e3f68, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 8abaf90e-8a75-4b21-9f1e-2616956bb66b. Event[2035]: Log Name: System Source: Microsoft-Windows-Winlogon Date: 2021-05-21T01:55:34.4900000Z Event ID: 7001 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: User Logon Notification for Customer Experience Improvement Program Event[2036]: Log Name: System Source: Service Control Manager Date: 2021-05-21T01:55:37.7040000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[2037]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-21T01:56:04.4900000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[2038]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-21T01:56:12.3480000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[2039]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-21T01:57:28.9900000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[2040]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-21T01:57:28.9900000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[2041]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-21T01:57:28.9900000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[2042]: Log Name: System Source: Service Control Manager Date: 2021-05-21T01:57:42.5930000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[2043]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-21T01:58:52.1220000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[2044]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-21T02:15:04.9360000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[2045]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-21T02:15:12.7040000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[2046]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-21T02:15:12.7420000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[2047]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-21T02:15:43.7670000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[2048]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-21T03:07:37.3660000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[2049]: Log Name: System Source: Service Control Manager Date: 2021-05-21T03:07:51.7510000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. Event[2050]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-21T03:09:30.6790000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Event[2051]: Log Name: System Source: Service Control Manager Date: 2021-05-21T03:09:55.9310000Z Event ID: 7040 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: S-1-5-18 User Name: NT AUTHORITY\SYSTEM Computer: Manman Description: The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. Event[2052]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-21T03:11:21.0690000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[2053]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-21T03:11:22.1960000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Event[2054]: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2021-05-21T03:16:14.1430000Z Event ID: 10016 Task: N/A Level: Warning Opcode: Info Keyword: Classic User: S-1-5-21-3867765244-2907753920-1278016626-1001 User Name: MANMAN\man_l Computer: Manman Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user MANMAN\man_l SID (S-1-5-21-3867765244-2907753920-1278016626-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.964_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.