Trying to see if somebody is trying to get in my networkLog Name: System

1. Trying to see if somebody is trying to get in my network
2. Log Name: System
3. Source: Microsoft-Windows-DNS-Client
4. Date: 10/16/2017 4:22:01 PM
5. Event ID: 1014
6. Task Category: (1014)
7. Level: Warning
8. Keywords: (268435456)
9. User: NETWORK SERVICE
10. Computer: Anonymous
11. Description:
12. Name resolution for the name wdcp.microsoft.com timed out after none of the configured DNS servers responded.
13. Event Xml:
14. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
15. <System>
16. <Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
17. <EventID>1014</EventID>
18. <Version>0</Version>
19. <Level>3</Level>
20. <Task>1014</Task>
21. <Opcode>0</Opcode>
22. <Keywords>0x4000000010000000</Keywords>
23. <TimeCreated SystemTime="2017-10-16T21:22:01.862715000Z" />
24. <EventRecordID>34847</EventRecordID>
25. <Correlation />
26. <Execution ProcessID="1076" ThreadID="5948" />
27. <Channel>System</Channel>
28. <Computer>Anonymous</Computer>
29. <Security UserID="S-1-5-20" />
30. </System>
31. <EventData>
32. <Data Name="QueryName">wdcp.microsoft.com</Data>
33. <Data Name="AddressLength">128</Data>
34. <Data Name="Address">020000000A080801000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Data>
35. </EventData>
36. </Event>
37.  
38. Log Name: System
39. Source: BROWSER
40. Date: 10/16/2017 4:10:42 PM
41. Event ID: 8033
42. Task Category: None
43. Level: Information
44. Keywords: Classic
45. User: N/A
46. Computer: Anonymous
47. Description:
48. The browser has forced an election on network \Device\NetBT_Tcpip_{FDC350A4-00C1-4D17-B653-F2A12F37A11D} because a master browser was stopped.
49. Event Xml:
50. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
51. <System>
52. <Provider Name="BROWSER" />
53. <EventID Qualifiers="16384">8033</EventID>
54. <Level>4</Level>
55. <Task>0</Task>
56. <Keywords>0x80000000000000</Keywords>
57. <TimeCreated SystemTime="2017-10-16T21:10:42.000000000Z" />
58. <EventRecordID>34846</EventRecordID>
59. <Channel>System</Channel>
60. <Computer>Anonymous</Computer>
61. <Security />
62. </System>
63. <EventData>
64. <Data>\Device\NetBT_Tcpip_{FDC350A4-00C1-4D17-B653-F2A12F37A11D}</Data>
65. </EventData>
66. </Event>
67.  
68. Log Name: System
69. Source: Microsoft-Windows-DNS-Client
70. Date: 10/16/2017 3:38:49 PM
71. Event ID: 1014
72. Task Category: (1014)
73. Level: Warning
74. Keywords: (268435456)
75. User: NETWORK SERVICE
76. Computer: Anonymous
77. Description:
78. Name resolution for the name DB5SCH103082510.wns.windows.com timed out after none of the configured DNS servers responded.
79. Event Xml:
80. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
81. <System>
82. <Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
83. <EventID>1014</EventID>
84. <Version>0</Version>
85. <Level>3</Level>
86. <Task>1014</Task>
87. <Opcode>0</Opcode>
88. <Keywords>0x4000000010000000</Keywords>
89. <TimeCreated SystemTime="2017-10-16T20:38:49.349801100Z" />
90. <EventRecordID>34845</EventRecordID>
91. <Correlation />
92. <Execution ProcessID="1076" ThreadID="5476" />
93. <Channel>System</Channel>
94. <Computer>Anonymous</Computer>
95. <Security UserID="S-1-5-20" />
96. </System>
97. <EventData>
98. <Data Name="QueryName">DB5SCH103082510.wns.windows.com</Data>
99. <Data Name="AddressLength">128</Data>
100. <Data Name="Address">020000000A080801000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Data>
101. </EventData>
102. </Event>
103.  
104. Log Name: System
105. Source: BROWSER
106. Date: 10/16/2017 1:42:38 PM
107. Event ID: 8033
108. Task Category: None
109. Level: Information
110. Keywords: Classic
111. User: N/A
112. Computer: Anonymous
113. Description:
114. The browser has forced an election on network \Device\NetBT_Tcpip_{FDC350A4-00C1-4D17-B653-F2A12F37A11D} because a master browser was stopped.
115. Event Xml:
116. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
117. <System>
118. <Provider Name="BROWSER" />
119. <EventID Qualifiers="16384">8033</EventID>
120. <Level>4</Level>
121. <Task>0</Task>
122. <Keywords>0x80000000000000</Keywords>
123. <TimeCreated SystemTime="2017-10-16T18:42:38.000000000Z" />
124. <EventRecordID>34844</EventRecordID>
125. <Channel>System</Channel>
126. <Computer>Anonymous</Computer>
127. <Security />
128. </System>
129. <EventData>
130. <Data>\Device\NetBT_Tcpip_{FDC350A4-00C1-4D17-B653-F2A12F37A11D}</Data>
131. </EventData>
132. </Event>
133.  
134. Log Name: System
135. Source: EventLog
136. Date: 10/16/2017 12:00:00 PM
137. Event ID: 6013
138. Task Category: None
139. Level: Information
140. Keywords: Classic
141. User: N/A
142. Computer: Anonymous
143. Description:
144. The system uptime is 139838 seconds.
145. Event Xml:
146. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
147. <System>
148. <Provider Name="EventLog" />
149. <EventID Qualifiers="32768">6013</EventID>
150. <Level>4</Level>
151. <Task>0</Task>
152. <Keywords>0x80000000000000</Keywords>
153. <TimeCreated SystemTime="2017-10-16T17:00:00.000000000Z" />
154. <EventRecordID>34843</EventRecordID>
155. <Channel>System</Channel>
156. <Computer>Anonymous</Computer>
157. <Security />
158. </System>
159. <EventData>
160. <Data>
161. </Data>
162. <Data>
163. </Data>
164. <Data>
165. </Data>
166. <Data>
167. </Data>
168. <Data>139838</Data>
169. <Data>60</Data>
170. <Data>360 Central Standard Time</Data>
171. <Binary>31002E003100000030000000570069006E0064006F0077007300200038002E003100000036002E0033002E00390036003000300020004200750069006C006400200039003600300030002000200000004D0075006C0074006900700072006F0063006500730073006F00720020004600720065006500000039003600300030002E00770069006E0062006C00750065005F006C007400730062002E003100370030003900310034002D00300036003000300000003500340031003700330065003700650000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003400000038003100310032000000340030003900000041006E006F006E0079006D006F007500730000000000</Binary>
172. </EventData>
173. </Event>
174.  
175. Log Name: System
176. Source: Microsoft-Windows-DNS-Client
177. Date: 10/16/2017 11:21:08 AM
178. Event ID: 1014
179. Task Category: (1014)
180. Level: Warning
181. Keywords: (268435456)
182. User: NETWORK SERVICE
183. Computer: Anonymous
184. Description:
185. Name resolution for the name shavar.services.mozilla.com timed out after none of the configured DNS servers responded.
186. Event Xml:
187. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
188. <System>
189. <Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
190. <EventID>1014</EventID>
191. <Version>0</Version>
192. <Level>3</Level>
193. <Task>1014</Task>
194. <Opcode>0</Opcode>
195. <Keywords>0x4000000010000000</Keywords>
196. <TimeCreated SystemTime="2017-10-16T16:21:08.880099000Z" />
197. <EventRecordID>34842</EventRecordID>
198. <Correlation />
199. <Execution ProcessID="1076" ThreadID="5536" />
200. <Channel>System</Channel>
201. <Computer>Anonymous</Computer>
202. <Security UserID="S-1-5-20" />
203. </System>
204. <EventData>
205. <Data Name="QueryName">shavar.services.mozilla.com</Data>
206. <Data Name="AddressLength">128</Data>
207. <Data Name="Address">020000000A080801000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Data>
208. </EventData>
209. </Event>
210.  
211. Log Name: System
212. Source: Microsoft-Windows-DistributedCOM
213. Date: 10/16/2017 7:43:16 AM
214. Event ID: 10010
215. Task Category: None
216. Level: Error
217. Keywords: Classic
218. User: ANONYMOUS\Anon&anonanon
219. Computer: Anonymous
220. Description:
221. The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
222. Event Xml:
223. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
224. <System>
225. <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
226. <EventID Qualifiers="0">10010</EventID>
227. <Version>0</Version>
228. <Level>2</Level>
229. <Task>0</Task>
230. <Opcode>0</Opcode>
231. <Keywords>0x8080000000000000</Keywords>
232. <TimeCreated SystemTime="2017-10-16T12:43:16.306482800Z" />
233. <EventRecordID>34841</EventRecordID>
234. <Correlation />
235. <Execution ProcessID="828" ThreadID="4772" />
236. <Channel>System</Channel>
237. <Computer>Anonymous</Computer>
238. <Security UserID="S-1-5-21-1957288335-908928117-3208654089-1001" />
239. </System>
240. <EventData>
241. <Data Name="param1">{1B1F472E-3221-4826-97DB-2C2324D389AE}</Data>
242. </EventData>
243. </Event>
244.  
245. Log Name: System
246. Source: Microsoft-Windows-DNS-Client
247. Date: 10/16/2017 7:10:24 AM
248. Event ID: 1014
249. Task Category: (1014)
250. Level: Warning
251. Keywords: (268435456)
252. User: NETWORK SERVICE
253. Computer: Anonymous
254. Description:
255. Name resolution for the name isatap.kc.rr.com timed out after none of the configured DNS servers responded.
256. Event Xml:
257. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
258. <System>
259. <Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
260. <EventID>1014</EventID>
261. <Version>0</Version>
262. <Level>3</Level>
263. <Task>1014</Task>
264. <Opcode>0</Opcode>
265. <Keywords>0x4000000010000000</Keywords>
266. <TimeCreated SystemTime="2017-10-16T12:10:24.647481500Z" />
267. <EventRecordID>34840</EventRecordID>
268. <Correlation />
269. <Execution ProcessID="1076" ThreadID="2996" />
270. <Channel>System</Channel>
271. <Computer>Anonymous</Computer>
272. <Security UserID="S-1-5-20" />
273. </System>
274. <EventData>
275. <Data Name="QueryName">isatap.kc.rr.com</Data>
276. <Data Name="AddressLength">128</Data>
277. <Data Name="Address">1700000000000000260560001A0C0004F299BFFFFE02B7740000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Data>
278. </EventData>
279. </Event>
280.  
281. Log Name: System
282. Source: BROWSER
283. Date: 10/16/2017 7:10:17 AM
284. Event ID: 8033
285. Task Category: None
286. Level: Information
287. Keywords: Classic
288. User: N/A
289. Computer: Anonymous
290. Description:
291. The browser has forced an election on network \Device\NetBT_Tcpip_{FDC350A4-00C1-4D17-B653-F2A12F37A11D} because a master browser was stopped.
292. Event Xml:
293. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
294. <System>
295. <Provider Name="BROWSER" />
296. <EventID Qualifiers="16384">8033</EventID>
297. <Level>4</Level>
298. <Task>0</Task>
299. <Keywords>0x80000000000000</Keywords>
300. <TimeCreated SystemTime="2017-10-16T12:10:17.000000000Z" />
301. <EventRecordID>34839</EventRecordID>
302. <Channel>System</Channel>
303. <Computer>Anonymous</Computer>
304. <Security />
305. </System>
306. <EventData>
307. <Data>\Device\NetBT_Tcpip_{FDC350A4-00C1-4D17-B653-F2A12F37A11D}</Data>
308. </EventData>
309. </Event>
310.  
311. Log Name: System
312. Source: Microsoft-Windows-Kernel-General
313. Date: 10/16/2017 3:00:08 AM
314. Event ID: 16
315. Task Category: None
316. Level: Information
317. Keywords:
318. User: SYSTEM
319. Computer: Anonymous
320. Description:
321. The access history in hive \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Users\default\ntuser.dat was cleared updating 5 keys and creating 1 modified pages.
322. Event Xml:
323. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
324. <System>
325. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
326. <EventID>16</EventID>
327. <Version>0</Version>
328. <Level>4</Level>
329. <Task>0</Task>
330. <Opcode>0</Opcode>
331. <Keywords>0x8000000000000000</Keywords>
332. <TimeCreated SystemTime="2017-10-16T08:00:08.174193200Z" />
333. <EventRecordID>34838</EventRecordID>
334. <Correlation />
335. <Execution ProcessID="2036" ThreadID="204" />
336. <Channel>System</Channel>
337. <Computer>Anonymous</Computer>
338. <Security UserID="S-1-5-18" />
339. </System>
340. <EventData>
341. <Data Name="HiveNameLength">72</Data>
342. <Data Name="HiveName">\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\Users\default\ntuser.dat</Data>
343. <Data Name="KeysUpdated">5</Data>
344. <Data Name="DirtyPages">1</Data>
345. </EventData>
346. </Event>
347.  
348. Log Name: System
349. Source: Microsoft-Windows-Kernel-General
350. Date: 10/16/2017 3:00:07 AM
351. Event ID: 15
352. Task Category: None
353. Level: Information
354. Keywords:
355. User: SYSTEM
356. Computer: Anonymous
357. Description:
358. Hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{904C2A30-6D08-419F-AA72-0CBED13E01D7} was reorganized with a starting size of 87166976 bytes and an ending size of 82034688 bytes.
359. Event Xml:
360. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
361. <System>
362. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
363. <EventID>15</EventID>
364. <Version>0</Version>
365. <Level>4</Level>
366. <Task>0</Task>
367. <Opcode>0</Opcode>
368. <Keywords>0x8000000000000000</Keywords>
369. <TimeCreated SystemTime="2017-10-16T08:00:07.286070000Z" />
370. <EventRecordID>34837</EventRecordID>
371. <Correlation />
372. <Execution ProcessID="2696" ThreadID="5140" />
373. <Channel>System</Channel>
374. <Computer>Anonymous</Computer>
375. <Security UserID="S-1-5-18" />
376. </System>
377. <EventData>
378. <Data Name="HiveNameLength">171</Data>
379. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{904C2A30-6D08-419F-AA72-0CBED13E01D7}</Data>
380. <Data Name="OriginalSize">87166976</Data>
381. <Data Name="NewSize">82034688</Data>
382. </EventData>
383. </Event>
384.  
385. Log Name: System
386. Source: Microsoft-Windows-Kernel-General
387. Date: 10/16/2017 3:00:04 AM
388. Event ID: 16
389. Task Category: None
390. Level: Information
391. Keywords:
392. User: SYSTEM
393. Computer: Anonymous
394. Description:
395. The access history in hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{6FE205CA-CA08-4591-AE30-0AED525D0D1C} was cleared updating 335 keys and creating 49 modified pages.
396. Event Xml:
397. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
398. <System>
399. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
400. <EventID>16</EventID>
401. <Version>0</Version>
402. <Level>4</Level>
403. <Task>0</Task>
404. <Opcode>0</Opcode>
405. <Keywords>0x8000000000000000</Keywords>
406. <TimeCreated SystemTime="2017-10-16T08:00:04.751251900Z" />
407. <EventRecordID>34836</EventRecordID>
408. <Correlation />
409. <Execution ProcessID="2696" ThreadID="5140" />
410. <Channel>System</Channel>
411. <Computer>Anonymous</Computer>
412. <Security UserID="S-1-5-18" />
413. </System>
414. <EventData>
415. <Data Name="HiveNameLength">171</Data>
416. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{6FE205CA-CA08-4591-AE30-0AED525D0D1C}</Data>
417. <Data Name="KeysUpdated">335</Data>
418. <Data Name="DirtyPages">49</Data>
419. </EventData>
420. </Event>
421.  
422. Log Name: System
423. Source: Microsoft-Windows-Kernel-General
424. Date: 10/16/2017 3:00:04 AM
425. Event ID: 16
426. Task Category: None
427. Level: Information
428. Keywords:
429. User: SYSTEM
430. Computer: Anonymous
431. Description:
432. The access history in hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E57E008F-E4D7-4B77-82EB-24271DD6B880} was cleared updating 0 keys and creating 0 modified pages.
433. Event Xml:
434. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
435. <System>
436. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
437. <EventID>16</EventID>
438. <Version>0</Version>
439. <Level>4</Level>
440. <Task>0</Task>
441. <Opcode>0</Opcode>
442. <Keywords>0x8000000000000000</Keywords>
443. <TimeCreated SystemTime="2017-10-16T08:00:04.299070800Z" />
444. <EventRecordID>34835</EventRecordID>
445. <Correlation />
446. <Execution ProcessID="2696" ThreadID="5140" />
447. <Channel>System</Channel>
448. <Computer>Anonymous</Computer>
449. <Security UserID="S-1-5-18" />
450. </System>
451. <EventData>
452. <Data Name="HiveNameLength">171</Data>
453. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E57E008F-E4D7-4B77-82EB-24271DD6B880}</Data>
454. <Data Name="KeysUpdated">0</Data>
455. <Data Name="DirtyPages">0</Data>
456. </EventData>
457. </Event>
458.  
459. Log Name: System
460. Source: Microsoft-Windows-Kernel-General
461. Date: 10/16/2017 3:00:03 AM
462. Event ID: 16
463. Task Category: None
464. Level: Information
465. Keywords:
466. User: SYSTEM
467. Computer: Anonymous
468. Description:
469. The access history in hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{2087449F-85DF-4699-ABF7-C3E53115A41C} was cleared updating 146695 keys and creating 18625 modified pages.
470. Event Xml:
471. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
472. <System>
473. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
474. <EventID>16</EventID>
475. <Version>0</Version>
476. <Level>4</Level>
477. <Task>0</Task>
478. <Opcode>0</Opcode>
479. <Keywords>0x8000000000000000</Keywords>
480. <TimeCreated SystemTime="2017-10-16T08:00:03.102746000Z" />
481. <EventRecordID>34834</EventRecordID>
482. <Correlation />
483. <Execution ProcessID="2696" ThreadID="5140" />
484. <Channel>System</Channel>
485. <Computer>Anonymous</Computer>
486. <Security UserID="S-1-5-18" />
487. </System>
488. <EventData>
489. <Data Name="HiveNameLength">171</Data>
490. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{2087449F-85DF-4699-ABF7-C3E53115A41C}</Data>
491. <Data Name="KeysUpdated">146695</Data>
492. <Data Name="DirtyPages">18625</Data>
493. </EventData>
494. </Event>
495.  
496. Log Name: System
497. Source: Microsoft-Windows-Kernel-General
498. Date: 10/16/2017 3:00:01 AM
499. Event ID: 16
500. Task Category: None
501. Level: Information
502. Keywords:
503. User: SYSTEM
504. Computer: Anonymous
505. Description:
506. The access history in hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{4EB1E864-C797-4EBF-902B-273BECA7A3BC} was cleared updating 68 keys and creating 5 modified pages.
507. Event Xml:
508. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
509. <System>
510. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
511. <EventID>16</EventID>
512. <Version>0</Version>
513. <Level>4</Level>
514. <Task>0</Task>
515. <Opcode>0</Opcode>
516. <Keywords>0x8000000000000000</Keywords>
517. <TimeCreated SystemTime="2017-10-16T08:00:01.607772600Z" />
518. <EventRecordID>34833</EventRecordID>
519. <Correlation />
520. <Execution ProcessID="2696" ThreadID="5140" />
521. <Channel>System</Channel>
522. <Computer>Anonymous</Computer>
523. <Security UserID="S-1-5-18" />
524. </System>
525. <EventData>
526. <Data Name="HiveNameLength">171</Data>
527. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{4EB1E864-C797-4EBF-902B-273BECA7A3BC}</Data>
528. <Data Name="KeysUpdated">68</Data>
529. <Data Name="DirtyPages">5</Data>
530. </EventData>
531. </Event>
532.  
533. Log Name: System
534. Source: Microsoft-Windows-Kernel-General
535. Date: 10/16/2017 3:00:01 AM
536. Event ID: 16
537. Task Category: None
538. Level: Information
539. Keywords:
540. User: SYSTEM
541. Computer: Anonymous
542. Description:
543. The access history in hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{EBB400C8-0D14-433B-9A17-2F3F8F36A4B2} was cleared updating 48 keys and creating 5 modified pages.
544. Event Xml:
545. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
546. <System>
547. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
548. <EventID>16</EventID>
549. <Version>0</Version>
550. <Level>4</Level>
551. <Task>0</Task>
552. <Opcode>0</Opcode>
553. <Keywords>0x8000000000000000</Keywords>
554. <TimeCreated SystemTime="2017-10-16T08:00:01.090673800Z" />
555. <EventRecordID>34832</EventRecordID>
556. <Correlation />
557. <Execution ProcessID="2696" ThreadID="5140" />
558. <Channel>System</Channel>
559. <Computer>Anonymous</Computer>
560. <Security UserID="S-1-5-18" />
561. </System>
562. <EventData>
563. <Data Name="HiveNameLength">171</Data>
564. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{EBB400C8-0D14-433B-9A17-2F3F8F36A4B2}</Data>
565. <Data Name="KeysUpdated">48</Data>
566. <Data Name="DirtyPages">5</Data>
567. </EventData>
568. </Event>
569.  
570. Log Name: System
571. Source: Microsoft-Windows-Kernel-General
572. Date: 10/16/2017 2:59:59 AM
573. Event ID: 15
574. Task Category: None
575. Level: Information
576. Keywords:
577. User: SYSTEM
578. Computer: Anonymous
579. Description:
580. Hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{BFBBF9FC-D0C0-4C1B-936C-7B1053C6FC56} was reorganized with a starting size of 14708736 bytes and an ending size of 12599296 bytes.
581. Event Xml:
582. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
583. <System>
584. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
585. <EventID>15</EventID>
586. <Version>0</Version>
587. <Level>4</Level>
588. <Task>0</Task>
589. <Opcode>0</Opcode>
590. <Keywords>0x8000000000000000</Keywords>
591. <TimeCreated SystemTime="2017-10-16T07:59:59.978259100Z" />
592. <EventRecordID>34831</EventRecordID>
593. <Correlation />
594. <Execution ProcessID="2696" ThreadID="5140" />
595. <Channel>System</Channel>
596. <Computer>Anonymous</Computer>
597. <Security UserID="S-1-5-18" />
598. </System>
599. <EventData>
600. <Data Name="HiveNameLength">171</Data>
601. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{BFBBF9FC-D0C0-4C1B-936C-7B1053C6FC56}</Data>
602. <Data Name="OriginalSize">14708736</Data>
603. <Data Name="NewSize">12599296</Data>
604. </EventData>
605. </Event>
606.  
607. Log Name: System
608. Source: Microsoft-Windows-Kernel-General
609. Date: 10/16/2017 2:59:53 AM
610. Event ID: 16
611. Task Category: None
612. Level: Information
613. Keywords:
614. User: SYSTEM
615. Computer: Anonymous
616. Description:
617. The access history in hive \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\Users\default\ntuser.dat was cleared updating 5 keys and creating 1 modified pages.
618. Event Xml:
619. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
620. <System>
621. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
622. <EventID>16</EventID>
623. <Version>0</Version>
624. <Level>4</Level>
625. <Task>0</Task>
626. <Opcode>0</Opcode>
627. <Keywords>0x8000000000000000</Keywords>
628. <TimeCreated SystemTime="2017-10-16T07:59:53.167428400Z" />
629. <EventRecordID>34830</EventRecordID>
630. <Correlation />
631. <Execution ProcessID="2036" ThreadID="204" />
632. <Channel>System</Channel>
633. <Computer>Anonymous</Computer>
634. <Security UserID="S-1-5-18" />
635. </System>
636. <EventData>
637. <Data Name="HiveNameLength">72</Data>
638. <Data Name="HiveName">\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\Users\default\ntuser.dat</Data>
639. <Data Name="KeysUpdated">5</Data>
640. <Data Name="DirtyPages">1</Data>
641. </EventData>
642. </Event>
643.  
644. Log Name: System
645. Source: Microsoft-Windows-Kernel-General
646. Date: 10/16/2017 2:59:52 AM
647. Event ID: 15
648. Task Category: None
649. Level: Information
650. Keywords:
651. User: SYSTEM
652. Computer: Anonymous
653. Description:
654. Hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{BD28871E-64D0-4C8F-8708-EEF402459E7F} was reorganized with a starting size of 87166976 bytes and an ending size of 81883136 bytes.
655. Event Xml:
656. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
657. <System>
658. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
659. <EventID>15</EventID>
660. <Version>0</Version>
661. <Level>4</Level>
662. <Task>0</Task>
663. <Opcode>0</Opcode>
664. <Keywords>0x8000000000000000</Keywords>
665. <TimeCreated SystemTime="2017-10-16T07:59:52.254793700Z" />
666. <EventRecordID>34829</EventRecordID>
667. <Correlation />
668. <Execution ProcessID="2696" ThreadID="5140" />
669. <Channel>System</Channel>
670. <Computer>Anonymous</Computer>
671. <Security UserID="S-1-5-18" />
672. </System>
673. <EventData>
674. <Data Name="HiveNameLength">171</Data>
675. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{BD28871E-64D0-4C8F-8708-EEF402459E7F}</Data>
676. <Data Name="OriginalSize">87166976</Data>
677. <Data Name="NewSize">81883136</Data>
678. </EventData>
679. </Event>
680.  
681. Log Name: System
682. Source: Microsoft-Windows-Kernel-General
683. Date: 10/16/2017 2:59:49 AM
684. Event ID: 16
685. Task Category: None
686. Level: Information
687. Keywords:
688. User: SYSTEM
689. Computer: Anonymous
690. Description:
691. The access history in hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{223F783C-5777-4700-9745-03BCF41B766A} was cleared updating 336 keys and creating 49 modified pages.
692. Event Xml:
693. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
694. <System>
695. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
696. <EventID>16</EventID>
697. <Version>0</Version>
698. <Level>4</Level>
699. <Task>0</Task>
700. <Opcode>0</Opcode>
701. <Keywords>0x8000000000000000</Keywords>
702. <TimeCreated SystemTime="2017-10-16T07:59:49.599744300Z" />
703. <EventRecordID>34828</EventRecordID>
704. <Correlation />
705. <Execution ProcessID="2696" ThreadID="5140" />
706. <Channel>System</Channel>
707. <Computer>Anonymous</Computer>
708. <Security UserID="S-1-5-18" />
709. </System>
710. <EventData>
711. <Data Name="HiveNameLength">171</Data>
712. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{223F783C-5777-4700-9745-03BCF41B766A}</Data>
713. <Data Name="KeysUpdated">336</Data>
714. <Data Name="DirtyPages">49</Data>
715. </EventData>
716. </Event>
717.  
718. Log Name: System
719. Source: Microsoft-Windows-Kernel-General
720. Date: 10/16/2017 2:59:49 AM
721. Event ID: 16
722. Task Category: None
723. Level: Information
724. Keywords:
725. User: SYSTEM
726. Computer: Anonymous
727. Description:
728. The access history in hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E80F92BA-F042-4137-8F25-40866FFD40C1} was cleared updating 0 keys and creating 0 modified pages.
729. Event Xml:
730. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
731. <System>
732. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
733. <EventID>16</EventID>
734. <Version>0</Version>
735. <Level>4</Level>
736. <Task>0</Task>
737. <Opcode>0</Opcode>
738. <Keywords>0x8000000000000000</Keywords>
739. <TimeCreated SystemTime="2017-10-16T07:59:49.112554500Z" />
740. <EventRecordID>34827</EventRecordID>
741. <Correlation />
742. <Execution ProcessID="2696" ThreadID="5140" />
743. <Channel>System</Channel>
744. <Computer>Anonymous</Computer>
745. <Security UserID="S-1-5-18" />
746. </System>
747. <EventData>
748. <Data Name="HiveNameLength">171</Data>
749. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E80F92BA-F042-4137-8F25-40866FFD40C1}</Data>
750. <Data Name="KeysUpdated">0</Data>
751. <Data Name="DirtyPages">0</Data>
752. </EventData>
753. </Event>
754.  
755. Log Name: System
756. Source: Microsoft-Windows-Kernel-General
757. Date: 10/16/2017 2:59:48 AM
758. Event ID: 16
759. Task Category: None
760. Level: Information
761. Keywords:
762. User: SYSTEM
763. Computer: Anonymous
764. Description:
765. The access history in hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{4703D705-086E-4984-A7FF-D9D40F331E71} was cleared updating 146695 keys and creating 18625 modified pages.
766. Event Xml:
767. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
768. <System>
769. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
770. <EventID>16</EventID>
771. <Version>0</Version>
772. <Level>4</Level>
773. <Task>0</Task>
774. <Opcode>0</Opcode>
775. <Keywords>0x8000000000000000</Keywords>
776. <TimeCreated SystemTime="2017-10-16T07:59:48.072615800Z" />
777. <EventRecordID>34826</EventRecordID>
778. <Correlation />
779. <Execution ProcessID="2696" ThreadID="5140" />
780. <Channel>System</Channel>
781. <Computer>Anonymous</Computer>
782. <Security UserID="S-1-5-18" />
783. </System>
784. <EventData>
785. <Data Name="HiveNameLength">171</Data>
786. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{4703D705-086E-4984-A7FF-D9D40F331E71}</Data>
787. <Data Name="KeysUpdated">146695</Data>
788. <Data Name="DirtyPages">18625</Data>
789. </EventData>
790. </Event>
791.  
792. Log Name: System
793. Source: Microsoft-Windows-Kernel-General
794. Date: 10/16/2017 2:59:46 AM
795. Event ID: 16
796. Task Category: None
797. Level: Information
798. Keywords:
799. User: SYSTEM
800. Computer: Anonymous
801. Description:
802. The access history in hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{C96E97DE-DF15-4C98-BC99-B83774D3EEAF} was cleared updating 68 keys and creating 5 modified pages.
803. Event Xml:
804. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
805. <System>
806. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
807. <EventID>16</EventID>
808. <Version>0</Version>
809. <Level>4</Level>
810. <Task>0</Task>
811. <Opcode>0</Opcode>
812. <Keywords>0x8000000000000000</Keywords>
813. <TimeCreated SystemTime="2017-10-16T07:59:46.474533200Z" />
814. <EventRecordID>34825</EventRecordID>
815. <Correlation />
816. <Execution ProcessID="2696" ThreadID="5140" />
817. <Channel>System</Channel>
818. <Computer>Anonymous</Computer>
819. <Security UserID="S-1-5-18" />
820. </System>
821. <EventData>
822. <Data Name="HiveNameLength">171</Data>
823. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{C96E97DE-DF15-4C98-BC99-B83774D3EEAF}</Data>
824. <Data Name="KeysUpdated">68</Data>
825. <Data Name="DirtyPages">5</Data>
826. </EventData>
827. </Event>
828.  
829. Log Name: System
830. Source: Microsoft-Windows-Kernel-General
831. Date: 10/16/2017 2:59:46 AM
832. Event ID: 16
833. Task Category: None
834. Level: Information
835. Keywords:
836. User: SYSTEM
837. Computer: Anonymous
838. Description:
839. The access history in hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{9C4378C2-740C-4293-A75C-B115C69B4A64} was cleared updating 48 keys and creating 5 modified pages.
840. Event Xml:
841. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
842. <System>
843. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
844. <EventID>16</EventID>
845. <Version>0</Version>
846. <Level>4</Level>
847. <Task>0</Task>
848. <Opcode>0</Opcode>
849. <Keywords>0x8000000000000000</Keywords>
850. <TimeCreated SystemTime="2017-10-16T07:59:46.004963700Z" />
851. <EventRecordID>34824</EventRecordID>
852. <Correlation />
853. <Execution ProcessID="2696" ThreadID="5140" />
854. <Channel>System</Channel>
855. <Computer>Anonymous</Computer>
856. <Security UserID="S-1-5-18" />
857. </System>
858. <EventData>
859. <Data Name="HiveNameLength">171</Data>
860. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{9C4378C2-740C-4293-A75C-B115C69B4A64}</Data>
861. <Data Name="KeysUpdated">48</Data>
862. <Data Name="DirtyPages">5</Data>
863. </EventData>
864. </Event>
865.  
866. Log Name: System
867. Source: Microsoft-Windows-Kernel-General
868. Date: 10/16/2017 2:59:45 AM
869. Event ID: 15
870. Task Category: None
871. Level: Information
872. Keywords:
873. User: SYSTEM
874. Computer: Anonymous
875. Description:
876. Hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{771190DE-4AC6-4A92-A865-49B31A504ED6} was reorganized with a starting size of 14708736 bytes and an ending size of 12574720 bytes.
877. Event Xml:
878. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
879. <System>
880. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
881. <EventID>15</EventID>
882. <Version>0</Version>
883. <Level>4</Level>
884. <Task>0</Task>
885. <Opcode>0</Opcode>
886. <Keywords>0x8000000000000000</Keywords>
887. <TimeCreated SystemTime="2017-10-16T07:59:45.113700900Z" />
888. <EventRecordID>34823</EventRecordID>
889. <Correlation />
890. <Execution ProcessID="2696" ThreadID="5140" />
891. <Channel>System</Channel>
892. <Computer>Anonymous</Computer>
893. <Security UserID="S-1-5-18" />
894. </System>
895. <EventData>
896. <Data Name="HiveNameLength">171</Data>
897. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{771190DE-4AC6-4A92-A865-49B31A504ED6}</Data>
898. <Data Name="OriginalSize">14708736</Data>
899. <Data Name="NewSize">12574720</Data>
900. </EventData>
901. </Event>
902.  
903. Log Name: System
904. Source: Microsoft-Windows-Kernel-General
905. Date: 10/16/2017 2:59:39 AM
906. Event ID: 16
907. Task Category: None
908. Level: Information
909. Keywords:
910. User: SYSTEM
911. Computer: Anonymous
912. Description:
913. The access history in hive \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\Users\default\ntuser.dat was cleared updating 5 keys and creating 1 modified pages.
914. Event Xml:
915. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
916. <System>
917. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
918. <EventID>16</EventID>
919. <Version>0</Version>
920. <Level>4</Level>
921. <Task>0</Task>
922. <Opcode>0</Opcode>
923. <Keywords>0x8000000000000000</Keywords>
924. <TimeCreated SystemTime="2017-10-16T07:59:39.813667000Z" />
925. <EventRecordID>34822</EventRecordID>
926. <Correlation />
927. <Execution ProcessID="2036" ThreadID="204" />
928. <Channel>System</Channel>
929. <Computer>Anonymous</Computer>
930. <Security UserID="S-1-5-18" />
931. </System>
932. <EventData>
933. <Data Name="HiveNameLength">72</Data>
934. <Data Name="HiveName">\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\Users\default\ntuser.dat</Data>
935. <Data Name="KeysUpdated">5</Data>
936. <Data Name="DirtyPages">1</Data>
937. </EventData>
938. </Event>
939.  
940. Log Name: System
941. Source: Microsoft-Windows-Kernel-General
942. Date: 10/16/2017 2:59:38 AM
943. Event ID: 15
944. Task Category: None
945. Level: Information
946. Keywords:
947. User: SYSTEM
948. Computer: Anonymous
949. Description:
950. Hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{38B90FC2-DC5A-44A2-A973-EA88C16014D4} was reorganized with a starting size of 87166976 bytes and an ending size of 82579456 bytes.
951. Event Xml:
952. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
953. <System>
954. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
955. <EventID>15</EventID>
956. <Version>0</Version>
957. <Level>4</Level>
958. <Task>0</Task>
959. <Opcode>0</Opcode>
960. <Keywords>0x8000000000000000</Keywords>
961. <TimeCreated SystemTime="2017-10-16T07:59:38.903502400Z" />
962. <EventRecordID>34821</EventRecordID>
963. <Correlation />
964. <Execution ProcessID="2696" ThreadID="5140" />
965. <Channel>System</Channel>
966. <Computer>Anonymous</Computer>
967. <Security UserID="S-1-5-18" />
968. </System>
969. <EventData>
970. <Data Name="HiveNameLength">171</Data>
971. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{38B90FC2-DC5A-44A2-A973-EA88C16014D4}</Data>
972. <Data Name="OriginalSize">87166976</Data>
973. <Data Name="NewSize">82579456</Data>
974. </EventData>
975. </Event>
976.  
977. Log Name: System
978. Source: Microsoft-Windows-Kernel-General
979. Date: 10/16/2017 2:59:36 AM
980. Event ID: 16
981. Task Category: None
982. Level: Information
983. Keywords:
984. User: SYSTEM
985. Computer: Anonymous
986. Description:
987. The access history in hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{4BC01C60-A44B-431D-B4B3-ABE369F1FB4F} was cleared updating 317 keys and creating 47 modified pages.
988. Event Xml:
989. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
990. <System>
991. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
992. <EventID>16</EventID>
993. <Version>0</Version>
994. <Level>4</Level>
995. <Task>0</Task>
996. <Opcode>0</Opcode>
997. <Keywords>0x8000000000000000</Keywords>
998. <TimeCreated SystemTime="2017-10-16T07:59:36.195767000Z" />
999. <EventRecordID>34820</EventRecordID>
1000. <Correlation />
1001. <Execution ProcessID="2696" ThreadID="5140" />
1002. <Channel>System</Channel>
1003. <Computer>Anonymous</Computer>
1004. <Security UserID="S-1-5-18" />
1005. </System>
1006. <EventData>
1007. <Data Name="HiveNameLength">171</Data>
1008. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{4BC01C60-A44B-431D-B4B3-ABE369F1FB4F}</Data>
1009. <Data Name="KeysUpdated">317</Data>
1010. <Data Name="DirtyPages">47</Data>
1011. </EventData>
1012. </Event>
1013.  
1014. Log Name: System
1015. Source: Microsoft-Windows-Kernel-General
1016. Date: 10/16/2017 2:59:35 AM
1017. Event ID: 16
1018. Task Category: None
1019. Level: Information
1020. Keywords:
1021. User: SYSTEM
1022. Computer: Anonymous
1023. Description:
1024. The access history in hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{5D05CE6C-28EE-4904-9383-F4FF4C635DFC} was cleared updating 0 keys and creating 0 modified pages.
1025. Event Xml:
1026. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1027. <System>
1028. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
1029. <EventID>16</EventID>
1030. <Version>0</Version>
1031. <Level>4</Level>
1032. <Task>0</Task>
1033. <Opcode>0</Opcode>
1034. <Keywords>0x8000000000000000</Keywords>
1035. <TimeCreated SystemTime="2017-10-16T07:59:35.748475800Z" />
1036. <EventRecordID>34819</EventRecordID>
1037. <Correlation />
1038. <Execution ProcessID="2696" ThreadID="5140" />
1039. <Channel>System</Channel>
1040. <Computer>Anonymous</Computer>
1041. <Security UserID="S-1-5-18" />
1042. </System>
1043. <EventData>
1044. <Data Name="HiveNameLength">171</Data>
1045. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{5D05CE6C-28EE-4904-9383-F4FF4C635DFC}</Data>
1046. <Data Name="KeysUpdated">0</Data>
1047. <Data Name="DirtyPages">0</Data>
1048. </EventData>
1049. </Event>
1050.  
1051. Log Name: System
1052. Source: Microsoft-Windows-Kernel-General
1053. Date: 10/16/2017 2:59:33 AM
1054. Event ID: 16
1055. Task Category: None
1056. Level: Information
1057. Keywords:
1058. User: SYSTEM
1059. Computer: Anonymous
1060. Description:
1061. The access history in hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{75B12FDC-4390-4A49-B01A-190F509FF153} was cleared updating 68 keys and creating 5 modified pages.
1062. Event Xml:
1063. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1064. <System>
1065. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
1066. <EventID>16</EventID>
1067. <Version>0</Version>
1068. <Level>4</Level>
1069. <Task>0</Task>
1070. <Opcode>0</Opcode>
1071. <Keywords>0x8000000000000000</Keywords>
1072. <TimeCreated SystemTime="2017-10-16T07:59:33.582284300Z" />
1073. <EventRecordID>34818</EventRecordID>
1074. <Correlation />
1075. <Execution ProcessID="2696" ThreadID="5140" />
1076. <Channel>System</Channel>
1077. <Computer>Anonymous</Computer>
1078. <Security UserID="S-1-5-18" />
1079. </System>
1080. <EventData>
1081. <Data Name="HiveNameLength">171</Data>
1082. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{75B12FDC-4390-4A49-B01A-190F509FF153}</Data>
1083. <Data Name="KeysUpdated">68</Data>
1084. <Data Name="DirtyPages">5</Data>
1085. </EventData>
1086. </Event>
1087.  
1088. Log Name: System
1089. Source: Microsoft-Windows-Kernel-General
1090. Date: 10/16/2017 2:59:33 AM
1091. Event ID: 16
1092. Task Category: None
1093. Level: Information
1094. Keywords:
1095. User: SYSTEM
1096. Computer: Anonymous
1097. Description:
1098. The access history in hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{23499330-07F7-43CF-A045-11C3C71C390A} was cleared updating 47 keys and creating 6 modified pages.
1099. Event Xml:
1100. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1101. <System>
1102. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
1103. <EventID>16</EventID>
1104. <Version>0</Version>
1105. <Level>4</Level>
1106. <Task>0</Task>
1107. <Opcode>0</Opcode>
1108. <Keywords>0x8000000000000000</Keywords>
1109. <TimeCreated SystemTime="2017-10-16T07:59:33.145940800Z" />
1110. <EventRecordID>34817</EventRecordID>
1111. <Correlation />
1112. <Execution ProcessID="2696" ThreadID="5140" />
1113. <Channel>System</Channel>
1114. <Computer>Anonymous</Computer>
1115. <Security UserID="S-1-5-18" />
1116. </System>
1117. <EventData>
1118. <Data Name="HiveNameLength">171</Data>
1119. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{23499330-07F7-43CF-A045-11C3C71C390A}</Data>
1120. <Data Name="KeysUpdated">47</Data>
1121. <Data Name="DirtyPages">6</Data>
1122. </EventData>
1123. </Event>
1124.  
1125. Log Name: System
1126. Source: Microsoft-Windows-Kernel-General
1127. Date: 10/16/2017 2:59:32 AM
1128. Event ID: 15
1129. Task Category: None
1130. Level: Information
1131. Keywords:
1132. User: SYSTEM
1133. Computer: Anonymous
1134. Description:
1135. Hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{8B4C2587-633A-454F-8FE7-6C9DDCA15E6F} was reorganized with a starting size of 12587008 bytes and an ending size of 12562432 bytes.
1136. Event Xml:
1137. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1138. <System>
1139. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
1140. <EventID>15</EventID>
1141. <Version>0</Version>
1142. <Level>4</Level>
1143. <Task>0</Task>
1144. <Opcode>0</Opcode>
1145. <Keywords>0x8000000000000000</Keywords>
1146. <TimeCreated SystemTime="2017-10-16T07:59:32.235424800Z" />
1147. <EventRecordID>34816</EventRecordID>
1148. <Correlation />
1149. <Execution ProcessID="2696" ThreadID="5140" />
1150. <Channel>System</Channel>
1151. <Computer>Anonymous</Computer>
1152. <Security UserID="S-1-5-18" />
1153. </System>
1154. <EventData>
1155. <Data Name="HiveNameLength">171</Data>
1156. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{8B4C2587-633A-454F-8FE7-6C9DDCA15E6F}</Data>
1157. <Data Name="OriginalSize">12587008</Data>
1158. <Data Name="NewSize">12562432</Data>
1159. </EventData>
1160. </Event>
1161.  
1162. Log Name: System
1163. Source: Microsoft-Windows-Kernel-General
1164. Date: 10/16/2017 2:59:26 AM
1165. Event ID: 16
1166. Task Category: None
1167. Level: Information
1168. Keywords:
1169. User: SYSTEM
1170. Computer: Anonymous
1171. Description:
1172. The access history in hive \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Users\default\ntuser.dat was cleared updating 5 keys and creating 1 modified pages.
1173. Event Xml:
1174. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1175. <System>
1176. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
1177. <EventID>16</EventID>
1178. <Version>0</Version>
1179. <Level>4</Level>
1180. <Task>0</Task>
1181. <Opcode>0</Opcode>
1182. <Keywords>0x8000000000000000</Keywords>
1183. <TimeCreated SystemTime="2017-10-16T07:59:26.812518900Z" />
1184. <EventRecordID>34815</EventRecordID>
1185. <Correlation />
1186. <Execution ProcessID="2036" ThreadID="204" />
1187. <Channel>System</Channel>
1188. <Computer>Anonymous</Computer>
1189. <Security UserID="S-1-5-18" />
1190. </System>
1191. <EventData>
1192. <Data Name="HiveNameLength">72</Data>
1193. <Data Name="HiveName">\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Users\default\ntuser.dat</Data>
1194. <Data Name="KeysUpdated">5</Data>
1195. <Data Name="DirtyPages">1</Data>
1196. </EventData>
1197. </Event>
1198.  
1199. Log Name: System
1200. Source: Microsoft-Windows-Kernel-General
1201. Date: 10/16/2017 2:59:25 AM
1202. Event ID: 15
1203. Task Category: None
1204. Level: Information
1205. Keywords:
1206. User: SYSTEM
1207. Computer: Anonymous
1208. Description:
1209. Hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{CB1AA828-3F71-4A02-87FB-118322AB3330} was reorganized with a starting size of 87166976 bytes and an ending size of 84848640 bytes.
1210. Event Xml:
1211. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1212. <System>
1213. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
1214. <EventID>15</EventID>
1215. <Version>0</Version>
1216. <Level>4</Level>
1217. <Task>0</Task>
1218. <Opcode>0</Opcode>
1219. <Keywords>0x8000000000000000</Keywords>
1220. <TimeCreated SystemTime="2017-10-16T07:59:25.740010700Z" />
1221. <EventRecordID>34814</EventRecordID>
1222. <Correlation />
1223. <Execution ProcessID="2696" ThreadID="5140" />
1224. <Channel>System</Channel>
1225. <Computer>Anonymous</Computer>
1226. <Security UserID="S-1-5-18" />
1227. </System>
1228. <EventData>
1229. <Data Name="HiveNameLength">171</Data>
1230. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{CB1AA828-3F71-4A02-87FB-118322AB3330}</Data>
1231. <Data Name="OriginalSize">87166976</Data>
1232. <Data Name="NewSize">84848640</Data>
1233. </EventData>
1234. </Event>
1235.  
1236. Log Name: System
1237. Source: Microsoft-Windows-Kernel-General
1238. Date: 10/16/2017 2:59:23 AM
1239. Event ID: 16
1240. Task Category: None
1241. Level: Information
1242. Keywords:
1243. User: SYSTEM
1244. Computer: Anonymous
1245. Description:
1246. The access history in hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{7207FB21-9330-44A0-9438-23EDC5A687FD} was cleared updating 326 keys and creating 49 modified pages.
1247. Event Xml:
1248. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1249. <System>
1250. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
1251. <EventID>16</EventID>
1252. <Version>0</Version>
1253. <Level>4</Level>
1254. <Task>0</Task>
1255. <Opcode>0</Opcode>
1256. <Keywords>0x8000000000000000</Keywords>
1257. <TimeCreated SystemTime="2017-10-16T07:59:23.314414000Z" />
1258. <EventRecordID>34813</EventRecordID>
1259. <Correlation />
1260. <Execution ProcessID="2696" ThreadID="5140" />
1261. <Channel>System</Channel>
1262. <Computer>Anonymous</Computer>
1263. <Security UserID="S-1-5-18" />
1264. </System>
1265. <EventData>
1266. <Data Name="HiveNameLength">171</Data>
1267. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{7207FB21-9330-44A0-9438-23EDC5A687FD}</Data>
1268. <Data Name="KeysUpdated">326</Data>
1269. <Data Name="DirtyPages">49</Data>
1270. </EventData>
1271. </Event>
1272.  
1273. Log Name: System
1274. Source: Microsoft-Windows-Kernel-General
1275. Date: 10/16/2017 2:59:20 AM
1276. Event ID: 16
1277. Task Category: None
1278. Level: Information
1279. Keywords:
1280. User: SYSTEM
1281. Computer: Anonymous
1282. Description:
1283. The access history in hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{97E7AE52-3F3B-4FB4-98FA-4F3956716B0D} was cleared updating 68 keys and creating 5 modified pages.
1284. Event Xml:
1285. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1286. <System>
1287. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
1288. <EventID>16</EventID>
1289. <Version>0</Version>
1290. <Level>4</Level>
1291. <Task>0</Task>
1292. <Opcode>0</Opcode>
1293. <Keywords>0x8000000000000000</Keywords>
1294. <TimeCreated SystemTime="2017-10-16T07:59:20.201322200Z" />
1295. <EventRecordID>34812</EventRecordID>
1296. <Correlation />
1297. <Execution ProcessID="2696" ThreadID="5140" />
1298. <Channel>System</Channel>
1299. <Computer>Anonymous</Computer>
1300. <Security UserID="S-1-5-18" />
1301. </System>
1302. <EventData>
1303. <Data Name="HiveNameLength">171</Data>
1304. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{97E7AE52-3F3B-4FB4-98FA-4F3956716B0D}</Data>
1305. <Data Name="KeysUpdated">68</Data>
1306. <Data Name="DirtyPages">5</Data>
1307. </EventData>
1308. </Event>
1309.  
1310. Log Name: System
1311. Source: Microsoft-Windows-Kernel-General
1312. Date: 10/16/2017 2:59:19 AM
1313. Event ID: 16
1314. Task Category: None
1315. Level: Information
1316. Keywords:
1317. User: SYSTEM
1318. Computer: Anonymous
1319. Description:
1320. The access history in hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{701A7F09-BB41-46B2-BE63-690D5B9C4539} was cleared updating 47 keys and creating 6 modified pages.
1321. Event Xml:
1322. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1323. <System>
1324. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
1325. <EventID>16</EventID>
1326. <Version>0</Version>
1327. <Level>4</Level>
1328. <Task>0</Task>
1329. <Opcode>0</Opcode>
1330. <Keywords>0x8000000000000000</Keywords>
1331. <TimeCreated SystemTime="2017-10-16T07:59:19.769751600Z" />
1332. <EventRecordID>34811</EventRecordID>
1333. <Correlation />
1334. <Execution ProcessID="2696" ThreadID="5140" />
1335. <Channel>System</Channel>
1336. <Computer>Anonymous</Computer>
1337. <Security UserID="S-1-5-18" />
1338. </System>
1339. <EventData>
1340. <Data Name="HiveNameLength">171</Data>
1341. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{701A7F09-BB41-46B2-BE63-690D5B9C4539}</Data>
1342. <Data Name="KeysUpdated">47</Data>
1343. <Data Name="DirtyPages">6</Data>
1344. </EventData>
1345. </Event>
1346.  
1347. Log Name: System
1348. Source: Microsoft-Windows-Kernel-General
1349. Date: 10/16/2017 2:59:18 AM
1350. Event ID: 15
1351. Task Category: None
1352. Level: Information
1353. Keywords:
1354. User: SYSTEM
1355. Computer: Anonymous
1356. Description:
1357. Hive \??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{C62192AF-5DDC-42AE-8F0E-2D1EE6B426F8} was reorganized with a starting size of 12587008 bytes and an ending size of 12488704 bytes.
1358. Event Xml:
1359. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1360. <System>
1361. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
1362. <EventID>15</EventID>
1363. <Version>0</Version>
1364. <Level>4</Level>
1365. <Task>0</Task>
1366. <Opcode>0</Opcode>
1367. <Keywords>0x8000000000000000</Keywords>
1368. <TimeCreated SystemTime="2017-10-16T07:59:18.852378000Z" />
1369. <EventRecordID>34810</EventRecordID>
1370. <Correlation />
1371. <Execution ProcessID="2696" ThreadID="5140" />
1372. <Channel>System</Channel>
1373. <Computer>Anonymous</Computer>
1374. <Security UserID="S-1-5-18" />
1375. </System>
1376. <EventData>
1377. <Data Name="HiveNameLength">171</Data>
1378. <Data Name="HiveName">\??\Volume{f9d2b0da-705c-42df-9eb2-041ba73e7a55}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{C62192AF-5DDC-42AE-8F0E-2D1EE6B426F8}</Data>
1379. <Data Name="OriginalSize">12587008</Data>
1380. <Data Name="NewSize">12488704</Data>
1381. </EventData>
1382. </Event>
1383.  
1384. Log Name: System
1385. Source: Microsoft-Windows-DistributedCOM
1386. Date: 10/16/2017 2:48:21 AM
1387. Event ID: 10010
1388. Task Category: None
1389. Level: Error
1390. Keywords: Classic
1391. User: ANONYMOUS\Anon&anonanon
1392. Computer: Anonymous
1393. Description:
1394. The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
1395. Event Xml:
1396. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1397. <System>
1398. <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
1399. <EventID Qualifiers="0">10010</EventID>
1400. <Version>0</Version>
1401. <Level>2</Level>
1402. <Task>0</Task>
1403. <Opcode>0</Opcode>
1404. <Keywords>0x8080000000000000</Keywords>
1405. <TimeCreated SystemTime="2017-10-16T07:48:21.794192600Z" />
1406. <EventRecordID>34809</EventRecordID>
1407. <Correlation />
1408. <Execution ProcessID="828" ThreadID="3836" />
1409. <Channel>System</Channel>
1410. <Computer>Anonymous</Computer>
1411. <Security UserID="S-1-5-21-1957288335-908928117-3208654089-1001" />
1412. </System>
1413. <EventData>
1414. <Data Name="param1">{1B1F472E-3221-4826-97DB-2C2324D389AE}</Data>
1415. </EventData>
1416. </Event>
1417.  
1418. Log Name: System
1419. Source: Microsoft-Windows-Kernel-General
1420. Date: 10/16/2017 2:48:05 AM
1421. Event ID: 16
1422. Task Category: None
1423. Level: Information
1424. Keywords:
1425. User: SYSTEM
1426. Computer: Anonymous
1427. Description:
1428. The access history in hive \??\c:\users\backoffice computer\AppData\Local\Microsoft\Windows\usrclass.dat was cleared updating 5 keys and creating 1 modified pages.
1429. Event Xml:
1430. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1431. <System>
1432. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
1433. <EventID>16</EventID>
1434. <Version>0</Version>
1435. <Level>4</Level>
1436. <Task>0</Task>
1437. <Opcode>0</Opcode>
1438. <Keywords>0x8000000000000000</Keywords>
1439. <TimeCreated SystemTime="2017-10-16T07:48:05.347527400Z" />
1440. <EventRecordID>34808</EventRecordID>
1441. <Correlation />
1442. <Execution ProcessID="2004" ThreadID="5208" />
1443. <Channel>System</Channel>
1444. <Computer>Anonymous</Computer>
1445. <Security UserID="S-1-5-18" />
1446. </System>
1447. <EventData>
1448. <Data Name="HiveNameLength">77</Data>
1449. <Data Name="HiveName">\??\c:\users\backoffice computer\AppData\Local\Microsoft\Windows\usrclass.dat</Data>
1450. <Data Name="KeysUpdated">5</Data>
1451. <Data Name="DirtyPages">1</Data>
1452. </EventData>
1453. </Event>
1454.  
1455. Log Name: System
1456. Source: Microsoft-Windows-Kernel-General
1457. Date: 10/16/2017 2:48:05 AM
1458. Event ID: 16
1459. Task Category: None
1460. Level: Information
1461. Keywords:
1462. User: SYSTEM
1463. Computer: Anonymous
1464. Description:
1465. The access history in hive \??\c:\users\backoffice computer\ntuser.dat was cleared updating 10 keys and creating 3 modified pages.
1466. Event Xml:
1467. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1468. <System>
1469. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
1470. <EventID>16</EventID>
1471. <Version>0</Version>
1472. <Level>4</Level>
1473. <Task>0</Task>
1474. <Opcode>0</Opcode>
1475. <Keywords>0x8000000000000000</Keywords>
1476. <TimeCreated SystemTime="2017-10-16T07:48:05.220438100Z" />
1477. <EventRecordID>34807</EventRecordID>
1478. <Correlation />
1479. <Execution ProcessID="2004" ThreadID="5208" />
1480. <Channel>System</Channel>
1481. <Computer>Anonymous</Computer>
1482. <Security UserID="S-1-5-18" />
1483. </System>
1484. <EventData>
1485. <Data Name="HiveNameLength">43</Data>
1486. <Data Name="HiveName">\??\c:\users\backoffice computer\ntuser.dat</Data>
1487. <Data Name="KeysUpdated">10</Data>
1488. <Data Name="DirtyPages">3</Data>
1489. </EventData>
1490. </Event>
1491.  
1492. Log Name: System
1493. Source: Microsoft-Windows-Kernel-General
1494. Date: 10/16/2017 2:48:05 AM
1495. Event ID: 16
1496. Task Category: None
1497. Level: Information
1498. Keywords:
1499. User: SYSTEM
1500. Computer: Anonymous
1501. Description:
1502. The access history in hive \??\c:\users\guest\AppData\Local\Microsoft\Windows\usrclass.dat was cleared updating 1 keys and creating 1 modified pages.
1503. Event Xml:
1504. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1505. <System>
1506. <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
1507. <EventID>16</EventID>
1508. <Version>0</Version>
1509. <Level>4</Level>
1510. <Task>0</Task>
1511. <Opcode>0</Opcode>
1512. <Keywords>0x8000000000000000</Keywords>
1513. <TimeCreated SystemTime="2017-10-16T07:48:05.181410000Z" />
1514. <EventRecordID>34806</EventRecordID>
1515. <Correlation />
1516. <Execution ProcessID="2004" ThreadID="5208" />
1517. <Channel>System</Channel>
1518. <Computer>Anonymous</Computer>
1519. <Security UserID="S-1-5-18" />
1520. </System>
1521. <EventData>
1522. <Data Name="HiveNameLength">63</Data>
1523. <Data Name="HiveName">\??\c:\users\guest\AppData\Local\Microsoft\Windows\usrclass.dat</Data>
1524. <Data Name="KeysUpdated">1</Data>
1525. <Data Name="DirtyPages">1</Data>
1526. </EventData>
1527. </Event>
1528.  
1529. Log Name: System
1530. Source: Microsoft-Windows-DistributedCOM
1531. Date: 10/16/2017 2:47:51 AM
1532. Event ID: 10010
1533. Task Category: None
1534. Level: Error
1535. Keywords: Classic
1536. User: ANONYMOUS\Anon&anonanon
1537. Computer: Anonymous
1538. Description:
1539. The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
1540. Event Xml:
1541. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1542. <System>
1543. <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
1544. <EventID Qualifiers="0">10010</EventID>
1545. <Version>0</Version>
1546. <Level>2</Level>
1547. <Task>0</Task>
1548. <Opcode>0</Opcode>
1549. <Keywords>0x8080000000000000</Keywords>
1550. <TimeCreated SystemTime="2017-10-16T07:47:51.766925900Z" />
1551. <EventRecordID>34805</EventRecordID>
1552. <Correlation />
1553. <Execution ProcessID="828" ThreadID="4560" />
1554. <Channel>System</Channel>
1555. <Computer>Anonymous</Computer>
1556. <Security UserID="S-1-5-21-1957288335-908928117-3208654089-1001" />
1557. </System>
1558. <EventData>
1559. <Data Name="param1">{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}</Data>
1560. </EventData>
1561. </Event>
1562.  
1563. Log Name: System
1564. Source: Microsoft-Windows-DNS-Client
1565. Date: 10/15/2017 9:33:33 PM
1566. Event ID: 1014
1567. Task Category: (1014)
1568. Level: Warning
1569. Keywords: (268435456)
1570. User: NETWORK SERVICE
1571. Computer: Anonymous
1572. Description:
1573. Name resolution for the name client.wns.windows.com timed out after none of the configured DNS servers responded.
1574. Event Xml:
1575. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1576. <System>
1577. <Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
1578. <EventID>1014</EventID>
1579. <Version>0</Version>
1580. <Level>3</Level>
1581. <Task>1014</Task>
1582. <Opcode>0</Opcode>
1583. <Keywords>0x4000000010000000</Keywords>
1584. <TimeCreated SystemTime="2017-10-16T02:33:33.147162500Z" />
1585. <EventRecordID>34804</EventRecordID>
1586. <Correlation />
1587. <Execution ProcessID="1076" ThreadID="5544" />
1588. <Channel>System</Channel>
1589. <Computer>Anonymous</Computer>
1590. <Security UserID="S-1-5-20" />
1591. </System>
1592. <EventData>
1593. <Data Name="QueryName">client.wns.windows.com</Data>
1594. <Data Name="AddressLength">128</Data>
1595. <Data Name="Address">020000000A080801000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Data>
1596. </EventData>
1597. </Event>
1598.  
1599. Log Name: System
1600. Source: Service Control Manager
1601. Date: 10/15/2017 9:22:47 PM
1602. Event ID: 7040
1603. Task Category: None
1604. Level: Information
1605. Keywords: Classic
1606. User: SYSTEM
1607. Computer: Anonymous
1608. Description:
1609. The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start.
1610. Event Xml:
1611. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1612. <System>
1613. <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
1614. <EventID Qualifiers="16384">7040</EventID>
1615. <Version>0</Version>
1616. <Level>4</Level>
1617. <Task>0</Task>
1618. <Opcode>0</Opcode>
1619. <Keywords>0x8080000000000000</Keywords>
1620. <TimeCreated SystemTime="2017-10-16T02:22:47.510487800Z" />
1621. <EventRecordID>34803</EventRecordID>
1622. <Correlation />
1623. <Execution ProcessID="644" ThreadID="5352" />
1624. <Channel>System</Channel>
1625. <Computer>Anonymous</Computer>
1626. <Security UserID="S-1-5-18" />
1627. </System>
1628. <EventData>
1629. <Data Name="param1">Background Intelligent Transfer Service</Data>
1630. <Data Name="param2">auto start</Data>
1631. <Data Name="param3">demand start</Data>
1632. <Data Name="param4">BITS</Data>
1633. </EventData>
1634. </Event>
1635.  
1636. Log Name: System
1637. Source: Microsoft-Windows-WindowsUpdateClient
1638. Date: 10/15/2017 8:23:08 PM
1639. Event ID: 19
1640. Task Category: Windows Update Agent
1641. Level: Information
1642. Keywords: Success,Installation
1643. User: SYSTEM
1644. Computer: Anonymous
1645. Description:
1646. Installation Successful: Windows successfully installed the following update: Definition Update for Windows Defender - KB2267602 (Definition 1.253.791.0)
1647. Event Xml:
1648. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1649. <System>
1650. <Provider Name="Microsoft-Windows-WindowsUpdateClient" Guid="{945A8954-C147-4ACD-923F-40C45405A658}" />
1651. <EventID>19</EventID>
1652. <Version>1</Version>
1653. <Level>4</Level>
1654. <Task>1</Task>
1655. <Opcode>13</Opcode>
1656. <Keywords>0x8000000000000018</Keywords>
1657. <TimeCreated SystemTime="2017-10-16T01:23:08.622616700Z" />
1658. <EventRecordID>34802</EventRecordID>
1659. <Correlation />
1660. <Execution ProcessID="304" ThreadID="5200" />
1661. <Channel>System</Channel>
1662. <Computer>Anonymous</Computer>
1663. <Security UserID="S-1-5-18" />
1664. </System>
1665. <EventData>
1666. <Data Name="updateTitle">Definition Update for Windows Defender - KB2267602 (Definition 1.253.791.0)</Data>
1667. <Data Name="updateGuid">{52DF0684-E6C8-4ACC-BE86-99E6CF8DEBA6}</Data>
1668. <Data Name="updateRevisionNumber">200</Data>
1669. <Data Name="serviceGuid">{9482F4B4-E343-43B6-B170-9A65BC822C77}</Data>
1670. </EventData>
1671. </Event>
1672.  
1673. Log Name: System
1674. Source: Service Control Manager
1675. Date: 10/15/2017 8:23:07 PM
1676. Event ID: 7045
1677. Task Category: None
1678. Level: Information
1679. Keywords: Classic
1680. User: SYSTEM
1681. Computer: Anonymous
1682. Description:
1683. A service was installed in the system.
1684.  
1685. Service Name: MpKsle4d59446
1686. Service File Name: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{37029531-18F6-4838-86C8-7CF53BD6B1B8}\MpKsle4d59446.sys
1687. Service Type: kernel mode driver
1688. Service Start Type: system start
1689. Service Account:
1690. Event Xml:
1691. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1692. <System>
1693. <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
1694. <EventID Qualifiers="16384">7045</EventID>
1695. <Version>0</Version>
1696. <Level>4</Level>
1697. <Task>0</Task>
1698. <Opcode>0</Opcode>
1699. <Keywords>0x8080000000000000</Keywords>
1700. <TimeCreated SystemTime="2017-10-16T01:23:07.880477500Z" />
1701. <EventRecordID>34801</EventRecordID>
1702. <Correlation />
1703. <Execution ProcessID="644" ThreadID="5512" />
1704. <Channel>System</Channel>
1705. <Computer>Anonymous</Computer>
1706. <Security UserID="S-1-5-18" />
1707. </System>
1708. <EventData>
1709. <Data Name="ServiceName">MpKsle4d59446</Data>
1710. <Data Name="ImagePath">C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{37029531-18F6-4838-86C8-7CF53BD6B1B8}\MpKsle4d59446.sys</Data>
1711. <Data Name="ServiceType">kernel mode driver</Data>
1712. <Data Name="StartType">system start</Data>
1713. <Data Name="AccountName">
1714. </Data>
1715. </EventData>
1716. </Event>
1717.  
1718. Log Name: System
1719. Source: Microsoft-Windows-WindowsUpdateClient
1720. Date: 10/15/2017 8:22:52 PM
1721. Event ID: 43
1722. Task Category: Windows Update Agent
1723. Level: Information
1724. Keywords: Started,Installation
1725. User: SYSTEM
1726. Computer: Anonymous
1727. Description:
1728. Installation Started: Windows has started installing the following update: Definition Update for Windows Defender - KB2267602 (Definition 1.253.791.0)
1729. Event Xml:
1730. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1731. <System>
1732. <Provider Name="Microsoft-Windows-WindowsUpdateClient" Guid="{945A8954-C147-4ACD-923F-40C45405A658}" />
1733. <EventID>43</EventID>
1734. <Version>1</Version>
1735. <Level>4</Level>
1736. <Task>1</Task>
1737. <Opcode>13</Opcode>
1738. <Keywords>0x8000000000002008</Keywords>
1739. <TimeCreated SystemTime="2017-10-16T01:22:52.863386700Z" />
1740. <EventRecordID>34800</EventRecordID>
1741. <Correlation />
1742. <Execution ProcessID="304" ThreadID="5200" />
1743. <Channel>System</Channel>
1744. <Computer>Anonymous</Computer>
1745. <Security UserID="S-1-5-18" />
1746. </System>
1747. <EventData>
1748. <Data Name="updateTitle">Definition Update for Windows Defender - KB2267602 (Definition 1.253.791.0)</Data>
1749. <Data Name="updateGuid">{52DF0684-E6C8-4ACC-BE86-99E6CF8DEBA6}</Data>
1750. <Data Name="updateRevisionNumber">200</Data>
1751. </EventData>
1752. </Event>
1753.  
1754. Log Name: System
1755. Source: Microsoft-Windows-WindowsUpdateClient
1756. Date: 10/15/2017 8:22:52 PM
1757. Event ID: 17
1758. Task Category: Automatic Updates
1759. Level: Information
1760. Keywords: Success,Download
1761. User: SYSTEM
1762. Computer: Anonymous
1763. Description:
1764. Installation Ready: The following updates are downloaded and ready for installation:
1765. - Definition Update for Windows Defender - KB2267602 (Definition 1.253.791.0)
1766. Event Xml:
1767. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1768. <System>
1769. <Provider Name="Microsoft-Windows-WindowsUpdateClient" Guid="{945A8954-C147-4ACD-923F-40C45405A658}" />
1770. <EventID>17</EventID>
1771. <Version>1</Version>
1772. <Level>4</Level>
1773. <Task>2</Task>
1774. <Opcode>12</Opcode>
1775. <Keywords>0x8000000000000014</Keywords>
1776. <TimeCreated SystemTime="2017-10-16T01:22:52.863386700Z" />
1777. <EventRecordID>34799</EventRecordID>
1778. <Correlation />
1779. <Execution ProcessID="304" ThreadID="5200" />
1780. <Channel>System</Channel>
1781. <Computer>Anonymous</Computer>
1782. <Security UserID="S-1-5-18" />
1783. </System>
1784. <UserData>
1785. <updatelist xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
1786. - Definition Update for Windows Defender - KB2267602 (Definition 1.253.791.0)</updatelist>
1787. </UserData>
1788. </Event>
1789.  
1790. Log Name: System
1791. Source: Microsoft-Windows-WindowsUpdateClient
1792. Date: 10/15/2017 8:22:52 PM
1793. Event ID: 17
1794. Task Category: Automatic Updates
1795. Level: Information
1796. Keywords: Success,Download
1797. User: SYSTEM
1798. Computer: Anonymous
1799. Description:
1800. Installation Ready: The following updates are downloaded and ready for installation:
1801. - Microsoft.Reader
1802. Event Xml:
1803. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1804. <System>
1805. <Provider Name="Microsoft-Windows-WindowsUpdateClient" Guid="{945A8954-C147-4ACD-923F-40C45405A658}" />
1806. <EventID>17</EventID>
1807. <Version>1</Version>
1808. <Level>4</Level>
1809. <Task>2</Task>
1810. <Opcode>12</Opcode>
1811. <Keywords>0x8000000000000014</Keywords>
1812. <TimeCreated SystemTime="2017-10-16T01:22:52.863386700Z" />
1813. <EventRecordID>34798</EventRecordID>
1814. <Correlation />
1815. <Execution ProcessID="304" ThreadID="5200" />
1816. <Channel>System</Channel>
1817. <Computer>Anonymous</Computer>
1818. <Security UserID="S-1-5-18" />
1819. </System>
1820. <UserData>
1821. <updatelist xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
1822. - Microsoft.Reader</updatelist>
1823. </UserData>
1824. </Event>
1825.  
1826. Log Name: System
1827. Source: Microsoft-Windows-WindowsUpdateClient
1828. Date: 10/15/2017 8:20:46 PM
1829. Event ID: 44
1830. Task Category: Windows Update Agent
1831. Level: Information
1832. Keywords: Started,Download
1833. User: SYSTEM
1834. Computer: Anonymous
1835. Description:
1836. Windows Update started downloading an update.
1837. Event Xml:
1838. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1839. <System>
1840. <Provider Name="Microsoft-Windows-WindowsUpdateClient" Guid="{945A8954-C147-4ACD-923F-40C45405A658}" />
1841. <EventID>44</EventID>
1842. <Version>0</Version>
1843. <Level>4</Level>
1844. <Task>1</Task>
1845. <Opcode>12</Opcode>
1846. <Keywords>0x8000000000002004</Keywords>
1847. <TimeCreated SystemTime="2017-10-16T01:20:46.569554200Z" />
1848. <EventRecordID>34797</EventRecordID>
1849. <Correlation />
1850. <Execution ProcessID="304" ThreadID="5200" />
1851. <Channel>System</Channel>
1852. <Computer>Anonymous</Computer>
1853. <Security UserID="S-1-5-18" />
1854. </System>
1855. <EventData>
1856. <Data Name="updateGuid">{52DF0684-E6C8-4ACC-BE86-99E6CF8DEBA6}</Data>
1857. <Data Name="updateRevisionNumber">200</Data>
1858. </EventData>
1859. </Event>
1860.  
1861. Log Name: System
1862. Source: Service Control Manager
1863. Date: 10/15/2017 8:20:43 PM
1864. Event ID: 7040
1865. Task Category: None
1866. Level: Information
1867. Keywords: Classic
1868. User: SYSTEM
1869. Computer: Anonymous
1870. Description:
1871. The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start.
1872. Event Xml:
1873. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1874. <System>
1875. <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
1876. <EventID Qualifiers="16384">7040</EventID>
1877. <Version>0</Version>
1878. <Level>4</Level>
1879. <Task>0</Task>
1880. <Opcode>0</Opcode>
1881. <Keywords>0x8080000000000000</Keywords>
1882. <TimeCreated SystemTime="2017-10-16T01:20:43.070861100Z" />
1883. <EventRecordID>34796</EventRecordID>
1884. <Correlation />
1885. <Execution ProcessID="644" ThreadID="5512" />
1886. <Channel>System</Channel>
1887. <Computer>Anonymous</Computer>
1888. <Security UserID="S-1-5-18" />
1889. </System>
1890. <EventData>
1891. <Data Name="param1">Background Intelligent Transfer Service</Data>
1892. <Data Name="param2">demand start</Data>
1893. <Data Name="param3">auto start</Data>
1894. <Data Name="param4">BITS</Data>
1895. </EventData>
1896. </Event>
1897.  
1898. Log Name: System
1899. Source: Microsoft-Windows-DNS-Client
1900. Date: 10/15/2017 2:08:30 PM
1901. Event ID: 1014
1902. Task Category: (1014)
1903. Level: Warning
1904. Keywords: (268435456)
1905. User: NETWORK SERVICE
1906. Computer: Anonymous
1907. Description:
1908. Name resolution for the name isatap.kc.rr.com timed out after none of the configured DNS servers responded.
1909. Event Xml:
1910. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1911. <System>
1912. <Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
1913. <EventID>1014</EventID>
1914. <Version>0</Version>
1915. <Level>3</Level>
1916. <Task>1014</Task>
1917. <Opcode>0</Opcode>
1918. <Keywords>0x4000000010000000</Keywords>
1919. <TimeCreated SystemTime="2017-10-15T19:08:30.464874000Z" />
1920. <EventRecordID>34795</EventRecordID>
1921. <Correlation />
1922. <Execution ProcessID="1076" ThreadID="4820" />
1923. <Channel>System</Channel>
1924. <Computer>Anonymous</Computer>
1925. <Security UserID="S-1-5-20" />
1926. </System>
1927. <EventData>
1928. <Data Name="QueryName">isatap.kc.rr.com</Data>
1929. <Data Name="AddressLength">128</Data>
1930. <Data Name="Address">1700000000000000260560001A0C0004F299BFFFFE02B7740000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Data>
1931. </EventData>
1932. </Event>
1933.  
1934. Log Name: System
1935. Source: BROWSER
1936. Date: 10/15/2017 2:08:18 PM
1937. Event ID: 8033
1938. Task Category: None
1939. Level: Information
1940. Keywords: Classic
1941. User: N/A
1942. Computer: Anonymous
1943. Description:
1944. The browser has forced an election on network \Device\NetBT_Tcpip_{FDC350A4-00C1-4D17-B653-F2A12F37A11D} because a master browser was stopped.
1945. Event Xml:
1946. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1947. <System>
1948. <Provider Name="BROWSER" />
1949. <EventID Qualifiers="16384">8033</EventID>
1950. <Level>4</Level>
1951. <Task>0</Task>
1952. <Keywords>0x80000000000000</Keywords>
1953. <TimeCreated SystemTime="2017-10-15T19:08:18.000000000Z" />
1954. <EventRecordID>34794</EventRecordID>
1955. <Channel>System</Channel>
1956. <Computer>Anonymous</Computer>
1957. <Security />
1958. </System>
1959. <EventData>
1960. <Data>\Device\NetBT_Tcpip_{FDC350A4-00C1-4D17-B653-F2A12F37A11D}</Data>
1961. </EventData>
1962. </Event>
1963.  
1964. Log Name: System
1965. Source: Microsoft-Windows-DNS-Client
1966. Date: 10/15/2017 2:02:54 PM
1967. Event ID: 1014
1968. Task Category: (1014)
1969. Level: Warning
1970. Keywords: (268435456)
1971. User: NETWORK SERVICE
1972. Computer: Anonymous
1973. Description:
1974. Name resolution for the name win8.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.
1975. Event Xml:
1976. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
1977. <System>
1978. <Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
1979. <EventID>1014</EventID>
1980. <Version>0</Version>
1981. <Level>3</Level>
1982. <Task>1014</Task>
1983. <Opcode>0</Opcode>
1984. <Keywords>0x4000000010000000</Keywords>
1985. <TimeCreated SystemTime="2017-10-15T19:02:54.553079300Z" />
1986. <EventRecordID>34793</EventRecordID>
1987. <Correlation />
1988. <Execution ProcessID="1076" ThreadID="32" />
1989. <Channel>System</Channel>
1990. <Computer>Anonymous</Computer>
1991. <Security UserID="S-1-5-20" />
1992. </System>
1993. <EventData>
1994. <Data Name="QueryName">win8.ipv6.microsoft.com.</Data>
1995. <Data Name="AddressLength">128</Data>
1996. <Data Name="Address">020000000A080801000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Data>
1997. </EventData>
1998. </Event>
1999.  
2000. Log Name: System
2001. Source: BROWSER
2002. Date: 10/15/2017 2:02:41 PM
2003. Event ID: 8033
2004. Task Category: None
2005. Level: Information
2006. Keywords: Classic
2007. User: N/A
2008. Computer: Anonymous
2009. Description:
2010. The browser has forced an election on network \Device\NetBT_Tcpip_{FDC350A4-00C1-4D17-B653-F2A12F37A11D} because a master browser was stopped.
2011. Event Xml:
2012. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
2013. <System>
2014. <Provider Name="BROWSER" />
2015. <EventID Qualifiers="16384">8033</EventID>
2016. <Level>4</Level>
2017. <Task>0</Task>
2018. <Keywords>0x80000000000000</Keywords>
2019. <TimeCreated SystemTime="2017-10-15T19:02:41.000000000Z" />
2020. <EventRecordID>34792</EventRecordID>
2021. <Channel>System</Channel>
2022. <Computer>Anonymous</Computer>
2023. <Security />
2024. </System>
2025. <EventData>
2026. <Data>\Device\NetBT_Tcpip_{FDC350A4-00C1-4D17-B653-F2A12F37A11D}</Data>
2027. </EventData>
2028. </Event>
2029.  
2030. Log Name: System
2031. Source: Microsoft-Windows-DNS-Client
2032. Date: 10/15/2017 1:54:44 PM
2033. Event ID: 1014
2034. Task Category: (1014)
2035. Level: Warning
2036. Keywords: (268435456)
2037. User: NETWORK SERVICE
2038. Computer: Anonymous
2039. Description:
2040. Name resolution for the name www.textnow.com timed out after none of the configured DNS servers responded.
2041. Event Xml:
2042. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
2043. <System>
2044. <Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
2045. <EventID>1014</EventID>
2046. <Version>0</Version>
2047. <Level>3</Level>
2048. <Task>1014</Task>
2049. <Opcode>0</Opcode>
2050. <Keywords>0x4000000010000000</Keywords>
2051. <TimeCreated SystemTime="2017-10-15T18:54:44.423503000Z" />
2052. <EventRecordID>34791</EventRecordID>
2053. <Correlation />
2054. <Execution ProcessID="1076" ThreadID="4572" />
2055. <Channel>System</Channel>
2056. <Computer>Anonymous</Computer>
2057. <Security UserID="S-1-5-20" />
2058. </System>
2059. <EventData>
2060. <Data Name="QueryName">www.textnow.com</Data>
2061. <Data Name="AddressLength">128</Data>
2062. <Data Name="Address">020000000A080801000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Data>
2063. </EventData>
2064. </Event>
2065.  
2066. Log Name: System
2067. Source: Microsoft-Windows-DistributedCOM
2068. Date: 10/15/2017 1:20:03 PM
2069. Event ID: 10010
2070. Task Category: None
2071. Level: Error
2072. Keywords: Classic
2073. User: ANONYMOUS\Anon&anonanon
2074. Computer: Anonymous
2075. Description:
2076. The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
2077. Event Xml:
2078. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
2079. <System>
2080. <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
2081. <EventID Qualifiers="0">10010</EventID>
2082. <Version>0</Version>
2083. <Level>2</Level>
2084. <Task>0</Task>
2085. <Opcode>0</Opcode>
2086. <Keywords>0x8080000000000000</Keywords>
2087. <TimeCreated SystemTime="2017-10-15T18:20:03.207030300Z" />
2088. <EventRecordID>34790</EventRecordID>
2089. <Correlation />
2090. <Execution ProcessID="828" ThreadID="5080" />
2091. <Channel>System</Channel>
2092. <Computer>Anonymous</Computer>
2093. <Security UserID="S-1-5-21-1957288335-908928117-3208654089-1001" />
2094. </System>
2095. <EventData>
2096. <Data Name="param1">{1B1F472E-3221-4826-97DB-2C2324D389AE}</Data>
2097. </EventData>
2098. </Event>