Pc randomly restarts

Nomu_u · August 11, 2022

Spoiler

Log Name: System
Source: Microsoft-Windows-Winlogon
Date: 11/08/2022 7:34:26 PM
Event ID: 7001
Task Category: (1101)
Level: Information
Keywords: (35184372088832)
User: SYSTEM
Computer: Nomu
Description:
User Logon Notification for Customer Experience Improvement Program
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Winlogon" Guid="{dbe9b383-7cf3-4331-91cc-a3cb16a3b538}" />
<EventID>7001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>1101</Task>
<Opcode>0</Opcode>
<Keywords>0x2000200000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:34:26.6336631Z" />
<EventRecordID>86789</EventRecordID>
<Correlation />
<Execution ProcessID="688" ThreadID="1284" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="TSId">1</Data>
<Data Name="UserSid">S-1-5-21-2985076639-895311677-358525590-1001</Data>
</EventData>
</Event>

Log Name: System
Source: Display
Date: 11/08/2022 7:34:20 PM
Event ID: 4107
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
A caller specified the SDC_FORCE_MODE_ENUMERATION flag in a call to the SetDisplayConfig() API
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Display" />
<EventID Qualifiers="0">4107</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:34:20.4995312Z" />
<EventRecordID>86788</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Display
Date: 11/08/2022 7:34:20 PM
Event ID: 4107
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
A caller specified the SDC_FORCE_MODE_ENUMERATION flag in a call to the SetDisplayConfig() API
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Display" />
<EventID Qualifiers="0">4107</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:34:20.4995312Z" />
<EventRecordID>86787</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Display
Date: 11/08/2022 7:34:19 PM
Event ID: 4107
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
A caller specified the SDC_FORCE_MODE_ENUMERATION flag in a call to the SetDisplayConfig() API
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Display" />
<EventID Qualifiers="0">4107</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:34:19.0325424Z" />
<EventRecordID>86786</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Display
Date: 11/08/2022 7:34:19 PM
Event ID: 4107
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
A caller specified the SDC_FORCE_MODE_ENUMERATION flag in a call to the SetDisplayConfig() API
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Display" />
<EventID Qualifiers="0">4107</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:34:19.0325424Z" />
<EventRecordID>86785</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Display
Date: 11/08/2022 7:34:17 PM
Event ID: 4107
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
A caller specified the SDC_FORCE_MODE_ENUMERATION flag in a call to the SetDisplayConfig() API
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Display" />
<EventID Qualifiers="0">4107</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:34:17.5673573Z" />
<EventRecordID>86784</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Display
Date: 11/08/2022 7:34:17 PM
Event ID: 4107
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
A caller specified the SDC_FORCE_MODE_ENUMERATION flag in a call to the SetDisplayConfig() API
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Display" />
<EventID Qualifiers="0">4107</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:34:17.5673573Z" />
<EventRecordID>86783</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Display
Date: 11/08/2022 7:34:16 PM
Event ID: 4107
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
A caller specified the SDC_FORCE_MODE_ENUMERATION flag in a call to the SetDisplayConfig() API
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Display" />
<EventID Qualifiers="0">4107</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:34:16.2970327Z" />
<EventRecordID>86782</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Display
Date: 11/08/2022 7:34:16 PM
Event ID: 4107
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
A caller specified the SDC_FORCE_MODE_ENUMERATION flag in a call to the SetDisplayConfig() API
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Display" />
<EventID Qualifiers="0">4107</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:34:16.2970327Z" />
<EventRecordID>86781</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: BTHUSB
Date: 11/08/2022 7:34:04 PM
Event ID: 16
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Nomu
Description:
The mutual authentication between the local Bluetooth adapter and a device with Bluetooth adapter address (f0:99:b6:1c:40:a1) failed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="BTHUSB" />
<EventID Qualifiers="49157">16</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:34:04.3913488Z" />
<EventRecordID>86780</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="564" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>(f0:99:b6:1c:40:a1)</Data>
<Binary>000000000200280000000000100005C0000000000000000000000000000000000000000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Display
Date: 11/08/2022 7:33:55 PM
Event ID: 4107
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
A caller specified the SDC_FORCE_MODE_ENUMERATION flag in a call to the SetDisplayConfig() API
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Display" />
<EventID Qualifiers="0">4107</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:55.2147429Z" />
<EventRecordID>86779</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Display
Date: 11/08/2022 7:33:55 PM
Event ID: 4107
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
A caller specified the SDC_FORCE_MODE_ENUMERATION flag in a call to the SetDisplayConfig() API
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Display" />
<EventID Qualifiers="0">4107</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:55.2147429Z" />
<EventRecordID>86778</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Display
Date: 11/08/2022 7:33:55 PM
Event ID: 4107
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
A caller specified the SDC_FORCE_MODE_ENUMERATION flag in a call to the SetDisplayConfig() API
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Display" />
<EventID Qualifiers="0">4107</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:55.2147429Z" />
<EventRecordID>86777</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Display
Date: 11/08/2022 7:33:55 PM
Event ID: 4107
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
A caller specified the SDC_FORCE_MODE_ENUMERATION flag in a call to the SetDisplayConfig() API
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Display" />
<EventID Qualifiers="0">4107</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:55.2137420Z" />
<EventRecordID>86776</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:33:37 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'gameflt' (10.0, ‎1975‎-‎12‎-‎19T06:59:55.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:37.0551037Z" />
<EventRecordID>86775</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="492" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">7</Data>
<Data Name="DeviceName">gameflt</Data>
<Data Name="DeviceTime">1975-12-19T06:59:55.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 11/08/2022 7:33:36 PM
Event ID: 7026
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
The following boot-start or system-start driver(s) did not load:
dam
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7026</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:36.5707356Z" />
<EventRecordID>86774</EventRecordID>
<Correlation />
<Execution ProcessID="952" ThreadID="956" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">
dam</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-WLAN-AutoConfig
Date: 11/08/2022 7:33:36 PM
Event ID: 10001
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
WLAN Extensibility Module has successfully started.

Module Path: C:\Windows\system32\IntelIHVRouter08.dll

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WLAN-AutoConfig" Guid="{9580d7dd-0379-4658-9870-d5be7d52d6de}" />
<EventID>10001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:36.0100312Z" />
<EventRecordID>86773</EventRecordID>
<Correlation />
<Execution ProcessID="4692" ThreadID="4712" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ExtensibleModulePath">C:\Windows\system32\IntelIHVRouter08.dll</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-WLAN-AutoConfig
Date: 11/08/2022 7:33:35 PM
Event ID: 4000
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
WLAN AutoConfig service has successfully started.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WLAN-AutoConfig" Guid="{9580d7dd-0379-4658-9870-d5be7d52d6de}" />
<EventID>4000</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:35.9673538Z" />
<EventRecordID>86772</EventRecordID>
<Correlation />
<Execution ProcessID="4692" ThreadID="4712" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:33:33 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'bindflt' (10.0, ‎2001‎-‎11‎-‎10T08:51:01.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:33.2033526Z" />
<EventRecordID>86771</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="168" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">7</Data>
<Data Name="DeviceName">bindflt</Data>
<Data Name="DeviceTime">2001-11-10T08:51:01.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:33:33 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'storqosflt' (10.0, ‎2007‎-‎04‎-‎09T22:08:30.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:33.2008365Z" />
<EventRecordID>86770</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="168" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">10</Data>
<Data Name="DeviceName">storqosflt</Data>
<Data Name="DeviceTime">2007-04-09T22:08:30.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:33:33 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'CldFlt' (10.0, ‎2100‎-‎08‎-‎07T12:50:56.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:33.1982401Z" />
<EventRecordID>86769</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="168" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">6</Data>
<Data Name="DeviceName">CldFlt</Data>
<Data Name="DeviceTime">2100-08-07T12:50:56.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:33:33 PM
Event ID: 1
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'CldFlt' (Version 10.0, ‎2100‎-‎08‎-‎07T12:50:56.000000000Z) unloaded successfully.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>1</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:33.1981843Z" />
<EventRecordID>86768</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="168" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">6</Data>
<Data Name="DeviceName">CldFlt</Data>
<Data Name="DeviceTime">2100-08-07T12:50:56.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:33:33 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'CldFlt' (10.0, ‎2100‎-‎08‎-‎07T12:50:56.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:33.1981767Z" />
<EventRecordID>86767</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="168" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">6</Data>
<Data Name="DeviceName">CldFlt</Data>
<Data Name="DeviceTime">2100-08-07T12:50:56.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:33:33 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'luafv' (10.0, ‎2041‎-‎09‎-‎19T09:13:33.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:33.1927022Z" />
<EventRecordID>86766</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="168" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">5</Data>
<Data Name="DeviceName">luafv</Data>
<Data Name="DeviceTime">2041-09-19T09:13:33.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DHCPv6-Client
Date: 11/08/2022 7:33:33 PM
Event ID: 51046
Task Category: Service State Event
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: Nomu
Description:
DHCPv6 client service is started
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DHCPv6-Client" Guid="{6a1f2b00-6a90-4c38-95a5-5cab3b056778}" />
<EventID>51046</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>4</Task>
<Opcode>62</Opcode>
<Keywords>0x2000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:33.1826167Z" />
<EventRecordID>86765</EventRecordID>
<Correlation />
<Execution ProcessID="1196" ThreadID="2180" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:33:33 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'wcifs' (10.0, ‎1989‎-‎06‎-‎10T02:43:09.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:33.1779291Z" />
<EventRecordID>86764</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="436" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">5</Data>
<Data Name="DeviceName">wcifs</Data>
<Data Name="DeviceTime">1989-06-10T02:43:09.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Dhcp-Client
Date: 11/08/2022 7:33:33 PM
Event ID: 50103
Task Category: Service State Event
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: Nomu
Description:
DHCPv4 client registered for shutdown notification
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Dhcp-Client" Guid="{15a7a4f8-0072-4eab-abad-f98a4d666aed}" />
<EventID>50103</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>4</Task>
<Opcode>129</Opcode>
<Keywords>0x2000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:33.1750577Z" />
<EventRecordID>86763</EventRecordID>
<Correlation />
<Execution ProcessID="1196" ThreadID="2100" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Dhcp-Client
Date: 11/08/2022 7:33:33 PM
Event ID: 50036
Task Category: Service State Event
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: Nomu
Description:
DHCPv4 client service is started
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Dhcp-Client" Guid="{15a7a4f8-0072-4eab-abad-f98a4d666aed}" />
<EventID>50036</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>4</Task>
<Opcode>68</Opcode>
<Keywords>0x2000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:33.1750177Z" />
<EventRecordID>86762</EventRecordID>
<Correlation />
<Execution ProcessID="1196" ThreadID="2100" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Directory-Services-SAM
Date: 11/08/2022 7:33:32 PM
Event ID: 16983
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The security account manager is now logging periodic summary events for remote clients that call legacy password change or set RPC methods.

For more information please see https://go.microsoft.com/fwlink/?linkid=2150956.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Directory-Services-SAM" Guid="{0d4fdc09-8c27-494a-bda0-505e4fd8adae}" />
<EventID>16983</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:32.9497224Z" />
<EventRecordID>86761</EventRecordID>
<Correlation ActivityID="{b390f742-ad97-0004-6ef7-90b397add801}" />
<Execution ProcessID="960" ThreadID="964" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="SAMMSG_AUDIT_LEGACY_PWD_RPC_METHODS_OFF">
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Directory-Services-SAM
Date: 11/08/2022 7:33:32 PM
Event ID: 16977
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The domain is configured with the following minimum password length-related settings.

MinimumPasswordLength: 0

RelaxMinimumPasswordLengthLimits: 0

MinimumPasswordLengthAudit: -1

For more information see https://go.microsoft.com/fwlink/?LinkId=2097191.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Directory-Services-SAM" Guid="{0d4fdc09-8c27-494a-bda0-505e4fd8adae}" />
<EventID>16977</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:32.9497194Z" />
<EventRecordID>86760</EventRecordID>
<Correlation ActivityID="{b390f742-ad97-0004-6ef7-90b397add801}" />
<Execution ProcessID="960" ThreadID="964" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="SAMMSG_MINPWDLEN_SETTINGS_IN_EFFECT">
<Data Name="MinimumPasswordLength">0</Data>
<Data Name="RelaxMinimumPasswordLengthLimits">0</Data>
<Data Name="MinimumPasswordLengthAudit">-1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Directory-Services-SAM
Date: 11/08/2022 7:33:32 PM
Event ID: 16962
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA).
For more information please see http://go.microsoft.com/fwlink/?LinkId=787651.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Directory-Services-SAM" Guid="{0d4fdc09-8c27-494a-bda0-505e4fd8adae}" />
<EventID>16962</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:32.9454700Z" />
<EventRecordID>86759</EventRecordID>
<Correlation ActivityID="{b390f742-ad97-0004-6ef7-90b397add801}" />
<Execution ProcessID="960" ThreadID="964" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="SAMMSG_RESTRICT_REMOTE_SAM_DEFAULT_SD">
<Data Name="Default SD String:">O:SYG:SYD:(A;;RC;;;BA)</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Wininit
Date: 11/08/2022 7:33:32 PM
Event ID: 14
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Credential Guard configuration: 0x0, 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" />
<EventID>14</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:32.8577540Z" />
<EventRecordID>86758</EventRecordID>
<Correlation />
<Execution ProcessID="880" ThreadID="884" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Config">0</Data>
<Data Name="IsTestConfig">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Subsys-SMSS
Date: 11/08/2022 7:33:31 PM
Event ID: 17
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
A platform binary was successfully executed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Subsys-SMSS" Guid="{43e63da5-41d1-4fbf-aded-1bbed98fdd1d}" />
<EventID>17</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:31.0356579Z" />
<EventRecordID>86757</EventRecordID>
<Correlation />
<Execution ProcessID="528" ThreadID="532" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 7:33:31 PM
Event ID: 24
Task Category: (11)
Level: Information
Keywords: Time
User: SYSTEM
Computer: Nomu
Description:
The time zone information was refreshed with exit reason 0. Current time zone bias is -240.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>24</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>11</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:31.0351319Z" />
<EventRecordID>86756</EventRecordID>
<Correlation />
<Execution ProcessID="148" ThreadID="764" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ExitReason">0</Data>
<Data Name="CurrentBias">-240</Data>
<Data Name="CurrentTimeZoneID">0</Data>
<Data Name="TimeZoneInfoCacheUpdated">0</Data>
<Data Name="FirstRefresh">0</Data>
</EventData>
</Event>

Log Name: System
Source: BTHUSB
Date: 11/08/2022 7:33:30 PM
Event ID: 18
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
Windows cannot store Bluetooth authentication codes (link keys) on the local adapter. Bluetooth keyboards might not work in the system BIOS during startup.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="BTHUSB" />
<EventID Qualifiers="16389">18</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:30.8026431Z" />
<EventRecordID>86755</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="492" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Binary>00000800010000000000000012000540000000000000000000000000000000000000000000000000E000000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Ntfs
Date: 11/08/2022 7:33:30 PM
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: Nomu
Description:
Volume \\?\Volume{da9d17af-4901-41c5-98af-8479ba1c11ed} (\Device\HarddiskVolume4) is healthy. No action is needed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Ntfs" Guid="{3ff37a1c-a68d-4d6e-8c9b-f79e8b16c482}" />
<EventID>98</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:30.7283093Z" />
<EventRecordID>86754</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="564" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriveName">\\?\Volume{da9d17af-4901-41c5-98af-8479ba1c11ed}</Data>
<Data Name="DeviceName">\Device\HarddiskVolume4</Data>
<Data Name="CorruptionActionState">0</Data>
</EventData>
</Event>

Log Name: System
Source: Netwtw08
Date: 11/08/2022 7:33:29 PM
Event ID: 7017
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
7017 - secure boot (SB) configuration
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Netwtw08" />
<EventID Qualifiers="16384">7017</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:29.9776567Z" />
<EventRecordID>86753</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="564" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>\Device\NDMP1</Data>
<Data>Intel(R) Wireless-AC 9260 160MHz</Data>
<Binary>000014000200440000000000691B00400000000000000000000000000000000000000000000000005744525680002511010000002000000042000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Netwtw08
Date: 11/08/2022 7:33:29 PM
Event ID: 7010
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
7010 - driver enabled (miniport init)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Netwtw08" />
<EventID Qualifiers="16384">7010</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:29.8100091Z" />
<EventRecordID>86752</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="564" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>\Device\NDMP1</Data>
<Data>Intel(R) Wireless-AC 9260 160MHz</Data>
<Binary>00000C0002003C0000000000621B00400000000000000000000000000000000000000000000000000116501500000000958CE102</Binary>
</EventData>
</Event>

Log Name: System
Source: Netwtw08
Date: 11/08/2022 7:33:29 PM
Event ID: 7005
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
7005 - SAR value max TX power (WRDS)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Netwtw08" />
<EventID Qualifiers="16384">7005</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:29.7399456Z" />
<EventRecordID>86751</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="564" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>\Device\NDMP1</Data>
<Data>Intel(R) Wireless-AC 9260 160MHz</Data>
<Binary>0000040002003400000000005D1B0040000000000000000000000000000000000000000000000000FF000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Netwtw08
Date: 11/08/2022 7:33:29 PM
Event ID: 7036
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
The \Device\NDMP1 service entered the Intel(R) Wireless-AC 9260 160MHz state.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Netwtw08" />
<EventID Qualifiers="16384">7036</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:29.6969061Z" />
<EventRecordID>86750</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="564" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>\Device\NDMP1</Data>
<Data>Intel(R) Wireless-AC 9260 160MHz</Data>
<Binary>0000080002003800000000007C1B004000000000000000000000000000000000000000000000000057445256B0000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:33:29 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 11 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 137
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:29.5435130Z" />
<EventRecordID>86749</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="488" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">11</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">137</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:33:29 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 10 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 137
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:29.4808973Z" />
<EventRecordID>86748</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="488" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">10</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">137</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:33:29 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 9 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 140
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:29.4496282Z" />
<EventRecordID>86747</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="488" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">9</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">140</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:33:29 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 8 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 140
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:29.4027662Z" />
<EventRecordID>86746</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="488" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">8</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">140</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:33:29 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 7 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 133
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:29.3714955Z" />
<EventRecordID>86745</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="488" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">7</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">133</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:33:29 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 6 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 133
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:29.3246291Z" />
<EventRecordID>86744</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="488" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">6</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">133</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:33:29 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 5 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 140
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:29.2933743Z" />
<EventRecordID>86743</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="488" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">5</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">140</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:33:29 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 4 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 140
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:29.2465001Z" />
<EventRecordID>86742</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="488" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">4</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">140</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:33:29 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 3 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 125
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:29.2152338Z" />
<EventRecordID>86741</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="488" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">3</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">125</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:33:29 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 2 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 125
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:29.1683677Z" />
<EventRecordID>86740</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="488" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">2</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">125</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:33:29 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 1 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 129
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:29.1371000Z" />
<EventRecordID>86739</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="488" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">1</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">129</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:33:29 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 0 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 129
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:29.0902364Z" />
<EventRecordID>86738</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="488" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">0</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">129</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Ntfs
Date: 11/08/2022 7:33:28 PM
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: Nomu
Description:
Volume D: (\Device\HarddiskVolume6) is healthy. No action is needed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Ntfs" Guid="{3ff37a1c-a68d-4d6e-8c9b-f79e8b16c482}" />
<EventID>98</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:28.8727413Z" />
<EventRecordID>86737</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="428" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriveName">D:</Data>
<Data Name="DeviceName">\Device\HarddiskVolume6</Data>
<Data Name="CorruptionActionState">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 11/08/2022 7:33:28 PM
Event ID: 172
Task Category: (203)
Level: Information
Keywords: (1024),(4)
User: SYSTEM
Computer: Nomu
Description:
Connectivity state in standby: Disconnected, Reason: NIC compliance
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331c3b3a-2005-44c2-ac5e-77220c37d6b4}" />
<EventID>172</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>203</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000404</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:28.7313400Z" />
<EventRecordID>86736</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="516" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="State">2</Data>
<Data Name="Reason">6</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 11/08/2022 7:33:28 PM
Event ID: 41
Task Category: (63)
Level: Critical
Keywords: (70368744177664),(2)
User: SYSTEM
Computer: Nomu
Description:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331c3b3a-2005-44c2-ac5e-77220c37d6b4}" />
<EventID>41</EventID>
<Version>8</Version>
<Level>1</Level>
<Task>63</Task>
<Opcode>0</Opcode>
<Keywords>0x8000400000000002</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:28.7291574Z" />
<EventRecordID>86735</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BugcheckCode">0</Data>
<Data Name="BugcheckParameter1">0x0</Data>
<Data Name="BugcheckParameter2">0x0</Data>
<Data Name="BugcheckParameter3">0x0</Data>
<Data Name="BugcheckParameter4">0x0</Data>
<Data Name="SleepInProgress">0</Data>
<Data Name="PowerButtonTimestamp">0</Data>
<Data Name="BootAppStatus">0</Data>
<Data Name="Checkpoint">0</Data>
<Data Name="ConnectedStandbyInProgress">false</Data>
<Data Name="SystemSleepTransitionsToOn">0</Data>
<Data Name="CsEntryScenarioInstanceId">0</Data>
<Data Name="BugcheckInfoFromEFI">false</Data>
<Data Name="CheckpointStatus">0</Data>
<Data Name="CsEntryScenarioInstanceIdV2">0</Data>
<Data Name="LongPowerButtonPressDetected">false</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:33:28 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'npsvctrig' (10.0, ‎2025‎-‎01‎-‎06T06:41:12.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:28.6990154Z" />
<EventRecordID>86734</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">9</Data>
<Data Name="DeviceName">npsvctrig</Data>
<Data Name="DeviceTime">2025-01-06T06:41:12.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:33:28 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'FileCrypt' (10.0, ‎2002‎-‎03‎-‎01T15:12:42.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:28.6503553Z" />
<EventRecordID>86733</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">9</Data>
<Data Name="DeviceName">FileCrypt</Data>
<Data Name="DeviceTime">2002-03-01T15:12:42.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Ntfs
Date: 11/08/2022 7:33:28 PM
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: Nomu
Description:
Volume C: (\Device\HarddiskVolume3) is healthy. No action is needed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Ntfs" Guid="{3ff37a1c-a68d-4d6e-8c9b-f79e8b16c482}" />
<EventID>98</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:28.6090774Z" />
<EventRecordID>86732</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="432" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriveName">C:</Data>
<Data Name="DeviceName">\Device\HarddiskVolume3</Data>
<Data Name="CorruptionActionState">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv
Date: 11/08/2022 7:33:28 PM
Event ID: 100
Task Category: Driver
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The following informational event has occurred (0x0, 0x0, 0x0, 0x0).
DeviceStart
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-EnhancedStorage-EhStorTcgDrv" Guid="{aa3aa23b-bb6d-425a-b58c-1d7e37f5d02a}" />
<EventID>100</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>50</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:28.3638449Z" />
<EventRecordID>86731</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="284" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Context">DeviceStart</Data>
<Data Name="Param1">0x0</Data>
<Data Name="Param2">0x0</Data>
<Data Name="Param3">0x0</Data>
<Data Name="Param4">0x0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv
Date: 11/08/2022 7:33:28 PM
Event ID: 12
Task Category: Driver
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
A TCG Silo has returned the capabilities value of 0x7.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-EnhancedStorage-EhStorTcgDrv" Guid="{aa3aa23b-bb6d-425a-b58c-1d7e37f5d02a}" />
<EventID>12</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>50</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:28.3537392Z" />
<EventRecordID>86730</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="284" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Capabilities">0x7</Data>
<Data Name="KeyProtectionMechanism">0x2</Data>
<Data Name="MaxBandCount">9</Data>
<Data Name="BandMetadataSize">1048576</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv
Date: 11/08/2022 7:33:28 PM
Event ID: 100
Task Category: Driver
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The following informational event has occurred (0x0, 0x5, 0x0, 0x0).
D0Entry
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-EnhancedStorage-EhStorTcgDrv" Guid="{aa3aa23b-bb6d-425a-b58c-1d7e37f5d02a}" />
<EventID>100</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>50</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:28.3182567Z" />
<EventRecordID>86729</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="284" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Context">D0Entry</Data>
<Data Name="Param1">0x0</Data>
<Data Name="Param2">0x5</Data>
<Data Name="Param3">0x0</Data>
<Data Name="Param4">0x0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:33:28 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'WdFilter' (10.0, ‎2022‎-‎06‎-‎06T17:51:51.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:28.2511054Z" />
<EventRecordID>86728</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">8</Data>
<Data Name="DeviceName">WdFilter</Data>
<Data Name="DeviceTime">2022-06-06T17:51:51.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:33:28 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'Wof' (10.0, ‎2024‎-‎08‎-‎23T18:35:41.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:28.2504914Z" />
<EventRecordID>86727</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">3</Data>
<Data Name="DeviceName">Wof</Data>
<Data Name="DeviceTime">2024-08-23T18:35:41.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:33:28 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'FileInfo' (10.0, ‎2062‎-‎12‎-‎23T09:21:06.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:28.2499617Z" />
<EventRecordID>86726</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">8</Data>
<Data Name="DeviceName">FileInfo</Data>
<Data Name="DeviceTime">2062-12-23T09:21:06.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: EventLog
Date: 11/08/2022 7:33:33 PM
Event ID: 6013
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
The system uptime is 6 seconds.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6013</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:33.1493434Z" />
<EventRecordID>86725</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>6</Data>
<Data>60</Data>
<Data>-240 Arabian Standard Time</Data>
<Binary>31002E003100000030000000570069006E0064006F0077007300200031003000200048006F006D0065000000310030002E0030002E003100390030003400340020004200750069006C0064002000310039003000340034002000200000004D0075006C0074006900700072006F0063006500730073006F007200200046007200650065000000310039003000340031002E00760062005F00720065006C0065006100730065002E003100390031003200300036002D00310034003000360000003600300037006500310066006500630000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C00650000003900000031003200000033003200360038003400000034003000390000004E006F006D00750000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: EventLog
Date: 11/08/2022 7:33:33 PM
Event ID: 6005
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
The Event log service was started.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6005</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:33.1473414Z" />
<EventRecordID>86724</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Binary>E607080004000B000F002100210093000000000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: EventLog
Date: 11/08/2022 7:33:33 PM
Event ID: 6009
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
Microsoft (R) Windows (R) 10.00. 19044 Multiprocessor Free.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6009</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:33.1473414Z" />
<EventRecordID>86723</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>10.00.</Data>
<Data>19044</Data>
<Data>
</Data>
<Data>Multiprocessor Free</Data>
<Data>0</Data>
</EventData>
</Event>

Log Name: System
Source: EventLog
Date: 11/08/2022 7:33:33 PM
Event ID: 6008
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Nomu
Description:
The previous system shutdown at 7:27:34 PM on ‎11/‎08/‎2022 was unexpected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6008</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:33.1473414Z" />
<EventRecordID>86722</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>7:27:34 PM</Data>
<Data>‎11/‎08/‎2022</Data>
<Data>
</Data>
<Data>
</Data>
<Data>6</Data>
<Data>
</Data>
<Data>
</Data>
<Binary>E607080004000B0013001B0022002F01E607080004000B000F001B0022002F013C0000003C000000000000000000000000000000000000000100000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-HAL
Date: 11/08/2022 7:33:27 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The iommu fault reporting has been initialized.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-HAL" Guid="{63d1e632-95cc-4443-9312-af927761d52a}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:27.2650073Z" />
<EventRecordID>86721</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 7:33:27 PM
Event ID: 20
Task Category: (6)
Level: Information
Keywords: Time
User: SYSTEM
Computer: Nomu
Description:
The leap second configuration has been updated.
Reason: Leap second data initialized from registry during boot
Leap seconds enabled: true
New leap second count: 0
Old leap second count: 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>20</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>6</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:27.2299228Z" />
<EventRecordID>86720</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="UpdateReason">0</Data>
<Data Name="EnabledNew">true</Data>
<Data Name="CountNew">0</Data>
<Data Name="CountOld">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:33:27 PM
Event ID: 30
Task Category: (21)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The firmware reported boot metrics.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>30</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>21</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:27.2242503Z" />
<EventRecordID>86719</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ResetEndStart">0</Data>
<Data Name="LoadOSImageStart">0</Data>
<Data Name="StartOSImageStart">9439</Data>
<Data Name="ExitBootServicesEntry">9697</Data>
<Data Name="ExitBootServicesExit">9700</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:33:27 PM
Event ID: 32
Task Category: (58)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The bootmgr spent 0 ms waiting for user input.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>32</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>58</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:27.2242072Z" />
<EventRecordID>86718</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BitlockerUserInputTime">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:33:27 PM
Event ID: 18
Task Category: (57)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
There are 0x1 boot options on this system.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>18</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>57</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:27.2241502Z" />
<EventRecordID>86717</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="EntryCount">1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:33:27 PM
Event ID: 27
Task Category: (33)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The boot type was 0x0.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>27</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>33</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:27.2241408Z" />
<EventRecordID>86716</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BootType">0</Data>
<Data Name="LoadOptions"> NOEXECUTE=OPTIN NOVGA</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:33:27 PM
Event ID: 25
Task Category: (32)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The boot menu policy was 0x1.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>25</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>32</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:27.2241402Z" />
<EventRecordID>86715</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BootMenuPolicy">1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:33:27 PM
Event ID: 238
Task Category: (101)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
EFI time zone bias: 2047. Daylight flags: 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>238</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>101</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:27.2241397Z" />
<EventRecordID>86714</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="EfiTimeZoneBias">2047</Data>
<Data Name="EfiDaylightFlags">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:33:27 PM
Event ID: 20
Task Category: (31)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The last shutdown's success status was true. The last boot's success status was true.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>20</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>31</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:27.2241055Z" />
<EventRecordID>86713</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="LastShutdownGood">true</Data>
<Data Name="LastBootGood">true</Data>
<Data Name="LastBootId">228</Data>
<Data Name="BootStatusPolicy">2</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:33:27 PM
Event ID: 153
Task Category: (62)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Virtualization-based security (policies: 0) is disabled.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>153</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>62</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:27.2240695Z" />
<EventRecordID>86712</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Status">0</Data>
<Data Name="EnableDisableReason">0</Data>
<Data Name="VsmPolicy">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 7:33:27 PM
Event ID: 12
Task Category: (1)
Level: Information
Keywords: (128)
User: SYSTEM
Computer: Nomu
Description:
The operating system started at system time ‎2022‎-‎08‎-‎11T15:33:26.500000000Z.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>12</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000080</Keywords>
<TimeCreated SystemTime="2022-08-11T15:33:27.2240039Z" />
<EventRecordID>86711</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="MajorVersion">10</Data>
<Data Name="MinorVersion">0</Data>
<Data Name="BuildVersion">19041</Data>
<Data Name="QfeVersion">1865</Data>
<Data Name="ServiceVersion">0</Data>
<Data Name="BootMode">0</Data>
<Data Name="StartTime">2022-08-11T15:33:26.5000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: BTHUSB
Date: 11/08/2022 7:24:46 PM
Event ID: 16
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Nomu
Description:
The mutual authentication between the local Bluetooth adapter and a device with Bluetooth adapter address (f0:99:b6:1c:40:a1) failed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="BTHUSB" />
<EventID Qualifiers="49157">16</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:46.7482811Z" />
<EventRecordID>86710</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="168" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>(f0:99:b6:1c:40:a1)</Data>
<Binary>000000000200280000000000100005C0000000000000000000000000000000000000000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:24:18 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'gameflt' (10.0, ‎1975‎-‎12‎-‎19T06:59:55.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:18.7192653Z" />
<EventRecordID>86709</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">7</Data>
<Data Name="DeviceName">gameflt</Data>
<Data Name="DeviceTime">1975-12-19T06:59:55.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 11/08/2022 7:24:18 PM
Event ID: 7026
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
The following boot-start or system-start driver(s) did not load:
dam
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7026</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:18.2245272Z" />
<EventRecordID>86708</EventRecordID>
<Correlation />
<Execution ProcessID="952" ThreadID="956" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">
dam</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-WLAN-AutoConfig
Date: 11/08/2022 7:24:17 PM
Event ID: 10001
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
WLAN Extensibility Module has successfully started.

Module Path: C:\Windows\system32\IntelIHVRouter08.dll

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WLAN-AutoConfig" Guid="{9580d7dd-0379-4658-9870-d5be7d52d6de}" />
<EventID>10001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:17.6571234Z" />
<EventRecordID>86707</EventRecordID>
<Correlation />
<Execution ProcessID="4660" ThreadID="4680" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ExtensibleModulePath">C:\Windows\system32\IntelIHVRouter08.dll</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-WLAN-AutoConfig
Date: 11/08/2022 7:24:17 PM
Event ID: 4000
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
WLAN AutoConfig service has successfully started.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WLAN-AutoConfig" Guid="{9580d7dd-0379-4658-9870-d5be7d52d6de}" />
<EventID>4000</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:17.6144073Z" />
<EventRecordID>86706</EventRecordID>
<Correlation />
<Execution ProcessID="4660" ThreadID="4680" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:24:14 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'bindflt' (10.0, ‎2001‎-‎11‎-‎10T08:51:01.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:14.8284860Z" />
<EventRecordID>86705</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="428" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">7</Data>
<Data Name="DeviceName">bindflt</Data>
<Data Name="DeviceTime">2001-11-10T08:51:01.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:24:14 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'storqosflt' (10.0, ‎2007‎-‎04‎-‎09T22:08:30.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:14.8262541Z" />
<EventRecordID>86704</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="428" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">10</Data>
<Data Name="DeviceName">storqosflt</Data>
<Data Name="DeviceTime">2007-04-09T22:08:30.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:24:14 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'CldFlt' (10.0, ‎2100‎-‎08‎-‎07T12:50:56.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:14.8237849Z" />
<EventRecordID>86703</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="492" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">6</Data>
<Data Name="DeviceName">CldFlt</Data>
<Data Name="DeviceTime">2100-08-07T12:50:56.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:24:14 PM
Event ID: 1
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'CldFlt' (Version 10.0, ‎2100‎-‎08‎-‎07T12:50:56.000000000Z) unloaded successfully.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>1</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:14.8237520Z" />
<EventRecordID>86702</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="492" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">6</Data>
<Data Name="DeviceName">CldFlt</Data>
<Data Name="DeviceTime">2100-08-07T12:50:56.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:24:14 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'CldFlt' (10.0, ‎2100‎-‎08‎-‎07T12:50:56.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:14.8237457Z" />
<EventRecordID>86701</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="492" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">6</Data>
<Data Name="DeviceName">CldFlt</Data>
<Data Name="DeviceTime">2100-08-07T12:50:56.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:24:14 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'luafv' (10.0, ‎2041‎-‎09‎-‎19T09:13:33.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:14.8181686Z" />
<EventRecordID>86700</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="492" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">5</Data>
<Data Name="DeviceName">luafv</Data>
<Data Name="DeviceTime">2041-09-19T09:13:33.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DHCPv6-Client
Date: 11/08/2022 7:24:14 PM
Event ID: 51046
Task Category: Service State Event
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: Nomu
Description:
DHCPv6 client service is started
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DHCPv6-Client" Guid="{6a1f2b00-6a90-4c38-95a5-5cab3b056778}" />
<EventID>51046</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>4</Task>
<Opcode>62</Opcode>
<Keywords>0x2000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:14.8087745Z" />
<EventRecordID>86699</EventRecordID>
<Correlation />
<Execution ProcessID="948" ThreadID="2168" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:24:14 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'wcifs' (10.0, ‎1989‎-‎06‎-‎10T02:43:09.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:14.8040555Z" />
<EventRecordID>86698</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="480" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">5</Data>
<Data Name="DeviceName">wcifs</Data>
<Data Name="DeviceTime">1989-06-10T02:43:09.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Dhcp-Client
Date: 11/08/2022 7:24:14 PM
Event ID: 50103
Task Category: Service State Event
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: Nomu
Description:
DHCPv4 client registered for shutdown notification
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Dhcp-Client" Guid="{15a7a4f8-0072-4eab-abad-f98a4d666aed}" />
<EventID>50103</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>4</Task>
<Opcode>129</Opcode>
<Keywords>0x2000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:14.8017669Z" />
<EventRecordID>86697</EventRecordID>
<Correlation />
<Execution ProcessID="948" ThreadID="2092" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Dhcp-Client
Date: 11/08/2022 7:24:14 PM
Event ID: 50036
Task Category: Service State Event
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: Nomu
Description:
DHCPv4 client service is started
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Dhcp-Client" Guid="{15a7a4f8-0072-4eab-abad-f98a4d666aed}" />
<EventID>50036</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>4</Task>
<Opcode>68</Opcode>
<Keywords>0x2000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:14.8017223Z" />
<EventRecordID>86696</EventRecordID>
<Correlation />
<Execution ProcessID="948" ThreadID="2092" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Directory-Services-SAM
Date: 11/08/2022 7:24:14 PM
Event ID: 16983
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The security account manager is now logging periodic summary events for remote clients that call legacy password change or set RPC methods.

For more information please see https://go.microsoft.com/fwlink/?linkid=2150956.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Directory-Services-SAM" Guid="{0d4fdc09-8c27-494a-bda0-505e4fd8adae}" />
<EventID>16983</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:14.5756750Z" />
<EventRecordID>86695</EventRecordID>
<Correlation ActivityID="{665df143-ad96-0006-85f1-5d6696add801}" />
<Execution ProcessID="960" ThreadID="964" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="SAMMSG_AUDIT_LEGACY_PWD_RPC_METHODS_OFF">
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Directory-Services-SAM
Date: 11/08/2022 7:24:14 PM
Event ID: 16977
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The domain is configured with the following minimum password length-related settings.

MinimumPasswordLength: 0

RelaxMinimumPasswordLengthLimits: 0

MinimumPasswordLengthAudit: -1

For more information see https://go.microsoft.com/fwlink/?LinkId=2097191.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Directory-Services-SAM" Guid="{0d4fdc09-8c27-494a-bda0-505e4fd8adae}" />
<EventID>16977</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:14.5756719Z" />
<EventRecordID>86694</EventRecordID>
<Correlation ActivityID="{665df143-ad96-0006-85f1-5d6696add801}" />
<Execution ProcessID="960" ThreadID="964" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="SAMMSG_MINPWDLEN_SETTINGS_IN_EFFECT">
<Data Name="MinimumPasswordLength">0</Data>
<Data Name="RelaxMinimumPasswordLengthLimits">0</Data>
<Data Name="MinimumPasswordLengthAudit">-1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Directory-Services-SAM
Date: 11/08/2022 7:24:14 PM
Event ID: 16962
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA).
For more information please see http://go.microsoft.com/fwlink/?LinkId=787651.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Directory-Services-SAM" Guid="{0d4fdc09-8c27-494a-bda0-505e4fd8adae}" />
<EventID>16962</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:14.5714732Z" />
<EventRecordID>86693</EventRecordID>
<Correlation ActivityID="{665df143-ad96-0006-85f1-5d6696add801}" />
<Execution ProcessID="960" ThreadID="964" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="SAMMSG_RESTRICT_REMOTE_SAM_DEFAULT_SD">
<Data Name="Default SD String:">O:SYG:SYD:(A;;RC;;;BA)</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Wininit
Date: 11/08/2022 7:24:14 PM
Event ID: 14
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Credential Guard configuration: 0x0, 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" />
<EventID>14</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:14.4839263Z" />
<EventRecordID>86692</EventRecordID>
<Correlation />
<Execution ProcessID="880" ThreadID="884" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Config">0</Data>
<Data Name="IsTestConfig">0</Data>
</EventData>
</Event>

Log Name: System
Source: BTHUSB
Date: 11/08/2022 7:24:12 PM
Event ID: 18
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
Windows cannot store Bluetooth authentication codes (link keys) on the local adapter. Bluetooth keyboards might not work in the system BIOS during startup.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="BTHUSB" />
<EventID Qualifiers="16389">18</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:12.8965110Z" />
<EventRecordID>86691</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="512" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Binary>00000800010000000000000012000540000000000000000000000000000000000000000000000000E000000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Subsys-SMSS
Date: 11/08/2022 7:24:12 PM
Event ID: 17
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
A platform binary was successfully executed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Subsys-SMSS" Guid="{43e63da5-41d1-4fbf-aded-1bbed98fdd1d}" />
<EventID>17</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:12.6888492Z" />
<EventRecordID>86690</EventRecordID>
<Correlation />
<Execution ProcessID="528" ThreadID="532" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 7:24:12 PM
Event ID: 24
Task Category: (11)
Level: Information
Keywords: Time
User: SYSTEM
Computer: Nomu
Description:
The time zone information was refreshed with exit reason 0. Current time zone bias is -240.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>24</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>11</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:12.6115569Z" />
<EventRecordID>86689</EventRecordID>
<Correlation />
<Execution ProcessID="148" ThreadID="764" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ExitReason">0</Data>
<Data Name="CurrentBias">-240</Data>
<Data Name="CurrentTimeZoneID">0</Data>
<Data Name="TimeZoneInfoCacheUpdated">0</Data>
<Data Name="FirstRefresh">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Ntfs
Date: 11/08/2022 7:24:12 PM
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: Nomu
Description:
Volume \\?\Volume{da9d17af-4901-41c5-98af-8479ba1c11ed} (\Device\HarddiskVolume4) is healthy. No action is needed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Ntfs" Guid="{3ff37a1c-a68d-4d6e-8c9b-f79e8b16c482}" />
<EventID>98</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:12.2614822Z" />
<EventRecordID>86688</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="516" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriveName">\\?\Volume{da9d17af-4901-41c5-98af-8479ba1c11ed}</Data>
<Data Name="DeviceName">\Device\HarddiskVolume4</Data>
<Data Name="CorruptionActionState">0</Data>
</EventData>
</Event>

Log Name: System
Source: Netwtw08
Date: 11/08/2022 7:24:11 PM
Event ID: 7017
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
7017 - secure boot (SB) configuration
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Netwtw08" />
<EventID Qualifiers="16384">7017</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:11.5000826Z" />
<EventRecordID>86687</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="512" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>\Device\NDMP1</Data>
<Data>Intel(R) Wireless-AC 9260 160MHz</Data>
<Binary>000014000200440000000000691B00400000000000000000000000000000000000000000000000005744525680002511010000002000000042000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Netwtw08
Date: 11/08/2022 7:24:11 PM
Event ID: 7010
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
7010 - driver enabled (miniport init)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Netwtw08" />
<EventID Qualifiers="16384">7010</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:11.3314324Z" />
<EventRecordID>86686</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="516" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>\Device\NDMP1</Data>
<Data>Intel(R) Wireless-AC 9260 160MHz</Data>
<Binary>00000C0002003C0000000000621B00400000000000000000000000000000000000000000000000000116501500000000958CE102</Binary>
</EventData>
</Event>

Log Name: System
Source: Netwtw08
Date: 11/08/2022 7:24:11 PM
Event ID: 7005
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
7005 - SAR value max TX power (WRDS)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Netwtw08" />
<EventID Qualifiers="16384">7005</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:11.2603679Z" />
<EventRecordID>86685</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="516" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>\Device\NDMP1</Data>
<Data>Intel(R) Wireless-AC 9260 160MHz</Data>
<Binary>0000040002003400000000005D1B0040000000000000000000000000000000000000000000000000FF000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Netwtw08
Date: 11/08/2022 7:24:11 PM
Event ID: 7036
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
The \Device\NDMP1 service entered the Intel(R) Wireless-AC 9260 160MHz state.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Netwtw08" />
<EventID Qualifiers="16384">7036</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:11.2153269Z" />
<EventRecordID>86684</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="516" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>\Device\NDMP1</Data>
<Data>Intel(R) Wireless-AC 9260 160MHz</Data>
<Binary>0000080002003800000000007C1B004000000000000000000000000000000000000000000000000057445256B0000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:24:11 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 11 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 137
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:11.0747029Z" />
<EventRecordID>86683</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="432" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">11</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">137</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:24:11 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 10 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 137
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:11.0120874Z" />
<EventRecordID>86682</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="432" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">10</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">137</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:24:10 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 9 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 140
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:10.9808252Z" />
<EventRecordID>86681</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="432" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">9</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">140</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:24:10 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 8 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 140
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:10.9339666Z" />
<EventRecordID>86680</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="432" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">8</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">140</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:24:10 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 7 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 133
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:10.9027000Z" />
<EventRecordID>86679</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="432" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">7</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">133</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:24:10 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 6 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 133
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:10.8558442Z" />
<EventRecordID>86678</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="432" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">6</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">133</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:24:10 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 5 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 140
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:10.8245847Z" />
<EventRecordID>86677</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="432" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">5</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">140</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:24:10 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 4 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 140
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:10.7777063Z" />
<EventRecordID>86676</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="432" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">4</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">140</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:24:10 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 3 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 125
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:10.7464482Z" />
<EventRecordID>86675</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="432" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">3</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">125</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:24:10 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 2 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 125
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:10.6995817Z" />
<EventRecordID>86674</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="432" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">2</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">125</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:24:10 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 1 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 129
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:10.6683234Z" />
<EventRecordID>86673</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="432" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">1</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">129</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:24:10 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 0 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 129
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:10.6214616Z" />
<EventRecordID>86672</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="432" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">0</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">129</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Ntfs
Date: 11/08/2022 7:24:10 PM
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: Nomu
Description:
Volume D: (\Device\HarddiskVolume6) is healthy. No action is needed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Ntfs" Guid="{3ff37a1c-a68d-4d6e-8c9b-f79e8b16c482}" />
<EventID>98</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:10.3947171Z" />
<EventRecordID>86671</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="488" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriveName">D:</Data>
<Data Name="DeviceName">\Device\HarddiskVolume6</Data>
<Data Name="CorruptionActionState">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 11/08/2022 7:24:10 PM
Event ID: 172
Task Category: (203)
Level: Information
Keywords: (1024),(4)
User: SYSTEM
Computer: Nomu
Description:
Connectivity state in standby: Disconnected, Reason: NIC compliance
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331c3b3a-2005-44c2-ac5e-77220c37d6b4}" />
<EventID>172</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>203</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000404</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:10.2507741Z" />
<EventRecordID>86670</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="516" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="State">2</Data>
<Data Name="Reason">6</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 11/08/2022 7:24:10 PM
Event ID: 41
Task Category: (63)
Level: Critical
Keywords: (70368744177664),(2)
User: SYSTEM
Computer: Nomu
Description:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331c3b3a-2005-44c2-ac5e-77220c37d6b4}" />
<EventID>41</EventID>
<Version>8</Version>
<Level>1</Level>
<Task>63</Task>
<Opcode>0</Opcode>
<Keywords>0x8000400000000002</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:10.2505338Z" />
<EventRecordID>86669</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BugcheckCode">0</Data>
<Data Name="BugcheckParameter1">0x0</Data>
<Data Name="BugcheckParameter2">0x0</Data>
<Data Name="BugcheckParameter3">0x0</Data>
<Data Name="BugcheckParameter4">0x0</Data>
<Data Name="SleepInProgress">0</Data>
<Data Name="PowerButtonTimestamp">0</Data>
<Data Name="BootAppStatus">0</Data>
<Data Name="Checkpoint">0</Data>
<Data Name="ConnectedStandbyInProgress">false</Data>
<Data Name="SystemSleepTransitionsToOn">0</Data>
<Data Name="CsEntryScenarioInstanceId">0</Data>
<Data Name="BugcheckInfoFromEFI">false</Data>
<Data Name="CheckpointStatus">0</Data>
<Data Name="CsEntryScenarioInstanceIdV2">0</Data>
<Data Name="LongPowerButtonPressDetected">false</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:24:10 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'npsvctrig' (10.0, ‎2025‎-‎01‎-‎06T06:41:12.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:10.2197762Z" />
<EventRecordID>86668</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">9</Data>
<Data Name="DeviceName">npsvctrig</Data>
<Data Name="DeviceTime">2025-01-06T06:41:12.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:24:10 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'FileCrypt' (10.0, ‎2002‎-‎03‎-‎01T15:12:42.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:10.1715630Z" />
<EventRecordID>86667</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">9</Data>
<Data Name="DeviceName">FileCrypt</Data>
<Data Name="DeviceTime">2002-03-01T15:12:42.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Ntfs
Date: 11/08/2022 7:24:09 PM
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: Nomu
Description:
Volume C: (\Device\HarddiskVolume3) is healthy. No action is needed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Ntfs" Guid="{3ff37a1c-a68d-4d6e-8c9b-f79e8b16c482}" />
<EventID>98</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:09.7965920Z" />
<EventRecordID>86666</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriveName">C:</Data>
<Data Name="DeviceName">\Device\HarddiskVolume3</Data>
<Data Name="CorruptionActionState">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv
Date: 11/08/2022 7:24:09 PM
Event ID: 100
Task Category: Driver
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The following informational event has occurred (0x0, 0x0, 0x0, 0x0).
DeviceStart
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-EnhancedStorage-EhStorTcgDrv" Guid="{aa3aa23b-bb6d-425a-b58c-1d7e37f5d02a}" />
<EventID>100</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>50</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:09.3651929Z" />
<EventRecordID>86665</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="284" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Context">DeviceStart</Data>
<Data Name="Param1">0x0</Data>
<Data Name="Param2">0x0</Data>
<Data Name="Param3">0x0</Data>
<Data Name="Param4">0x0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv
Date: 11/08/2022 7:24:09 PM
Event ID: 12
Task Category: Driver
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
A TCG Silo has returned the capabilities value of 0x7.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-EnhancedStorage-EhStorTcgDrv" Guid="{aa3aa23b-bb6d-425a-b58c-1d7e37f5d02a}" />
<EventID>12</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>50</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:09.3547643Z" />
<EventRecordID>86664</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="284" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Capabilities">0x7</Data>
<Data Name="KeyProtectionMechanism">0x2</Data>
<Data Name="MaxBandCount">9</Data>
<Data Name="BandMetadataSize">1048576</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv
Date: 11/08/2022 7:24:09 PM
Event ID: 100
Task Category: Driver
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The following informational event has occurred (0x0, 0x5, 0x0, 0x0).
D0Entry
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-EnhancedStorage-EhStorTcgDrv" Guid="{aa3aa23b-bb6d-425a-b58c-1d7e37f5d02a}" />
<EventID>100</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>50</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:09.3186397Z" />
<EventRecordID>86663</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="284" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Context">D0Entry</Data>
<Data Name="Param1">0x0</Data>
<Data Name="Param2">0x5</Data>
<Data Name="Param3">0x0</Data>
<Data Name="Param4">0x0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:24:09 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'WdFilter' (10.0, ‎2022‎-‎06‎-‎06T17:51:51.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:09.2511713Z" />
<EventRecordID>86662</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">8</Data>
<Data Name="DeviceName">WdFilter</Data>
<Data Name="DeviceTime">2022-06-06T17:51:51.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:24:09 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'Wof' (10.0, ‎2024‎-‎08‎-‎23T18:35:41.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:09.2505604Z" />
<EventRecordID>86661</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">3</Data>
<Data Name="DeviceName">Wof</Data>
<Data Name="DeviceTime">2024-08-23T18:35:41.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:24:09 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'FileInfo' (10.0, ‎2062‎-‎12‎-‎23T09:21:06.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:09.2500254Z" />
<EventRecordID>86660</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">8</Data>
<Data Name="DeviceName">FileInfo</Data>
<Data Name="DeviceTime">2062-12-23T09:21:06.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: EventLog
Date: 11/08/2022 7:24:14 PM
Event ID: 6013
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
The system uptime is 7 seconds.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6013</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:14.7749384Z" />
<EventRecordID>86659</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>7</Data>
<Data>60</Data>
<Data>-240 Arabian Standard Time</Data>
<Binary>31002E003100000030000000570069006E0064006F0077007300200031003000200048006F006D0065000000310030002E0030002E003100390030003400340020004200750069006C0064002000310039003000340034002000200000004D0075006C0074006900700072006F0063006500730073006F007200200046007200650065000000310039003000340031002E00760062005F00720065006C0065006100730065002E003100390031003200300036002D00310034003000360000003600300037006500310066006500630000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C00650000003900000031003200000033003200360038003400000034003000390000004E006F006D00750000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: EventLog
Date: 11/08/2022 7:24:14 PM
Event ID: 6005
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
The Event log service was started.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6005</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:14.7739196Z" />
<EventRecordID>86658</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Binary>E607080004000B000F0018000E0005030000000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: EventLog
Date: 11/08/2022 7:24:14 PM
Event ID: 6009
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
Microsoft (R) Windows (R) 10.00. 19044 Multiprocessor Free.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6009</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:14.7739196Z" />
<EventRecordID>86657</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>10.00.</Data>
<Data>19044</Data>
<Data>
</Data>
<Data>Multiprocessor Free</Data>
<Data>0</Data>
</EventData>
</Event>

Log Name: System
Source: EventLog
Date: 11/08/2022 7:24:14 PM
Event ID: 6008
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Nomu
Description:
The previous system shutdown at 7:23:38 PM on ‎11/‎08/‎2022 was unexpected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6008</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:14.7729189Z" />
<EventRecordID>86656</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>7:23:38 PM</Data>
<Data>‎11/‎08/‎2022</Data>
<Data>
</Data>
<Data>
</Data>
<Data>7</Data>
<Data>
</Data>
<Data>
</Data>
<Binary>E607080004000B001300170026008103E607080004000B000F001700260081033C0000003C000000000000000000000000000000000000000100000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-HAL
Date: 11/08/2022 7:24:08 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The iommu fault reporting has been initialized.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-HAL" Guid="{63d1e632-95cc-4443-9312-af927761d52a}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:08.2645429Z" />
<EventRecordID>86655</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 7:24:08 PM
Event ID: 20
Task Category: (6)
Level: Information
Keywords: Time
User: SYSTEM
Computer: Nomu
Description:
The leap second configuration has been updated.
Reason: Leap second data initialized from registry during boot
Leap seconds enabled: true
New leap second count: 0
Old leap second count: 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>20</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>6</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:08.2219337Z" />
<EventRecordID>86654</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="UpdateReason">0</Data>
<Data Name="EnabledNew">true</Data>
<Data Name="CountNew">0</Data>
<Data Name="CountOld">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:24:08 PM
Event ID: 30
Task Category: (21)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The firmware reported boot metrics.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>30</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>21</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:08.2162162Z" />
<EventRecordID>86653</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ResetEndStart">0</Data>
<Data Name="LoadOSImageStart">0</Data>
<Data Name="StartOSImageStart">9482</Data>
<Data Name="ExitBootServicesEntry">9838</Data>
<Data Name="ExitBootServicesExit">9842</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:24:08 PM
Event ID: 27
Task Category: (33)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The boot type was 0x0.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>27</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>33</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:08.2161876Z" />
<EventRecordID>86652</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BootType">0</Data>
<Data Name="LoadOptions"> NOEXECUTE=OPTIN NOVGA</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:24:08 PM
Event ID: 25
Task Category: (32)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The boot menu policy was 0x1.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>25</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>32</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:08.2161869Z" />
<EventRecordID>86651</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BootMenuPolicy">1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:24:08 PM
Event ID: 238
Task Category: (101)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
EFI time zone bias: 2047. Daylight flags: 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>238</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>101</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:08.2161860Z" />
<EventRecordID>86650</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="EfiTimeZoneBias">2047</Data>
<Data Name="EfiDaylightFlags">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:24:08 PM
Event ID: 20
Task Category: (31)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The last shutdown's success status was false. The last boot's success status was true.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>20</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>31</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:08.2160913Z" />
<EventRecordID>86649</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="LastShutdownGood">false</Data>
<Data Name="LastBootGood">true</Data>
<Data Name="LastBootId">225</Data>
<Data Name="BootStatusPolicy">2</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:24:08 PM
Event ID: 32
Task Category: (58)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The bootmgr spent 0 ms waiting for user input.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>32</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>58</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:08.2160425Z" />
<EventRecordID>86648</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BitlockerUserInputTime">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:24:08 PM
Event ID: 18
Task Category: (57)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
There are 0x1 boot options on this system.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>18</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>57</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:08.2159828Z" />
<EventRecordID>86647</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="EntryCount">1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:24:08 PM
Event ID: 153
Task Category: (62)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Virtualization-based security (policies: 0) is disabled.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>153</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>62</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:08.2159697Z" />
<EventRecordID>86646</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Status">0</Data>
<Data Name="EnableDisableReason">0</Data>
<Data Name="VsmPolicy">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 7:24:08 PM
Event ID: 12
Task Category: (1)
Level: Information
Keywords: (128)
User: SYSTEM
Computer: Nomu
Description:
The operating system started at system time ‎2022‎-‎08‎-‎11T15:24:07.500000000Z.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>12</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000080</Keywords>
<TimeCreated SystemTime="2022-08-11T15:24:08.2159179Z" />
<EventRecordID>86645</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="MajorVersion">10</Data>
<Data Name="MinorVersion">0</Data>
<Data Name="BuildVersion">19041</Data>
<Data Name="QfeVersion">1865</Data>
<Data Name="ServiceVersion">0</Data>
<Data Name="BootMode">0</Data>
<Data Name="StartTime">2022-08-11T15:24:07.5000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 7:23:36 PM
Event ID: 24
Task Category: (11)
Level: Information
Keywords: Time
User: SYSTEM
Computer: Nomu
Description:
The time zone information was refreshed with exit reason 0. Current time zone bias is -240.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>24</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>11</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:36.7113897Z" />
<EventRecordID>86644</EventRecordID>
<Correlation />
<Execution ProcessID="148" ThreadID="764" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ExitReason">0</Data>
<Data Name="CurrentBias">-240</Data>
<Data Name="CurrentTimeZoneID">0</Data>
<Data Name="TimeZoneInfoCacheUpdated">0</Data>
<Data Name="FirstRefresh">0</Data>
</EventData>
</Event>

Log Name: System
Source: BTHUSB
Date: 11/08/2022 7:23:36 PM
Event ID: 18
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
Windows cannot store Bluetooth authentication codes (link keys) on the local adapter. Bluetooth keyboards might not work in the system BIOS during startup.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="BTHUSB" />
<EventID Qualifiers="16389">18</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:36.6714355Z" />
<EventRecordID>86643</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="492" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Binary>00000800010000000000000012000540000000000000000000000000000000000000000000000000E000000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Ntfs
Date: 11/08/2022 7:23:36 PM
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: Nomu
Description:
Volume \\?\Volume{da9d17af-4901-41c5-98af-8479ba1c11ed} (\Device\HarddiskVolume4) is healthy. No action is needed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Ntfs" Guid="{3ff37a1c-a68d-4d6e-8c9b-f79e8b16c482}" />
<EventID>98</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:36.3746394Z" />
<EventRecordID>86642</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="512" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriveName">\\?\Volume{da9d17af-4901-41c5-98af-8479ba1c11ed}</Data>
<Data Name="DeviceName">\Device\HarddiskVolume4</Data>
<Data Name="CorruptionActionState">0</Data>
</EventData>
</Event>

Log Name: System
Source: Netwtw08
Date: 11/08/2022 7:23:35 PM
Event ID: 7017
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
7017 - secure boot (SB) configuration
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Netwtw08" />
<EventID Qualifiers="16384">7017</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:35.6233159Z" />
<EventRecordID>86641</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="492" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>\Device\NDMP1</Data>
<Data>Intel(R) Wireless-AC 9260 160MHz</Data>
<Binary>000014000200440000000000691B00400000000000000000000000000000000000000000000000005744525680002511010000002000000042000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Netwtw08
Date: 11/08/2022 7:23:35 PM
Event ID: 7010
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
7010 - driver enabled (miniport init)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Netwtw08" />
<EventID Qualifiers="16384">7010</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:35.4566609Z" />
<EventRecordID>86640</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="492" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>\Device\NDMP1</Data>
<Data>Intel(R) Wireless-AC 9260 160MHz</Data>
<Binary>00000C0002003C0000000000621B00400000000000000000000000000000000000000000000000000116501500000000958CE102</Binary>
</EventData>
</Event>

Log Name: System
Source: Netwtw08
Date: 11/08/2022 7:23:35 PM
Event ID: 7005
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
7005 - SAR value max TX power (WRDS)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Netwtw08" />
<EventID Qualifiers="16384">7005</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:35.3855966Z" />
<EventRecordID>86639</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="492" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>\Device\NDMP1</Data>
<Data>Intel(R) Wireless-AC 9260 160MHz</Data>
<Binary>0000040002003400000000005D1B0040000000000000000000000000000000000000000000000000FF000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Netwtw08
Date: 11/08/2022 7:23:35 PM
Event ID: 7036
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
The \Device\NDMP1 service entered the Intel(R) Wireless-AC 9260 160MHz state.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Netwtw08" />
<EventID Qualifiers="16384">7036</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:35.3375525Z" />
<EventRecordID>86638</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="32" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>\Device\NDMP1</Data>
<Data>Intel(R) Wireless-AC 9260 160MHz</Data>
<Binary>0000080002003800000000007C1B004000000000000000000000000000000000000000000000000057445256B0000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:23:35 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 11 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 137
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:35.1839315Z" />
<EventRecordID>86637</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">11</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">137</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:23:35 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 10 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 137
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:35.1213127Z" />
<EventRecordID>86636</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">10</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">137</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:23:35 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 9 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 140
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:35.0900534Z" />
<EventRecordID>86635</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">9</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">140</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:23:35 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 8 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 140
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:35.0431931Z" />
<EventRecordID>86634</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">8</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">140</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:23:35 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 7 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 133
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:35.0119268Z" />
<EventRecordID>86633</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">7</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">133</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:23:34 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 6 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 133
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:34.9650637Z" />
<EventRecordID>86632</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">6</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">133</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:23:34 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 5 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 140
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:34.9338113Z" />
<EventRecordID>86631</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">5</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">140</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:23:34 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 4 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 140
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:34.8869340Z" />
<EventRecordID>86630</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">4</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">140</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:23:34 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 3 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 125
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:34.8556755Z" />
<EventRecordID>86629</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">3</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">125</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:23:34 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 2 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 125
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:34.8088113Z" />
<EventRecordID>86628</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">2</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">125</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:23:34 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 1 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 129
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:34.7775496Z" />
<EventRecordID>86627</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">1</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">129</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 7:23:34 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 0 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 129
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:34.7306872Z" />
<EventRecordID>86626</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">0</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">129</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Ntfs
Date: 11/08/2022 7:23:34 PM
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: Nomu
Description:
Volume D: (\Device\HarddiskVolume6) is healthy. No action is needed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Ntfs" Guid="{3ff37a1c-a68d-4d6e-8c9b-f79e8b16c482}" />
<EventID>98</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:34.4997272Z" />
<EventRecordID>86625</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="492" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriveName">D:</Data>
<Data Name="DeviceName">\Device\HarddiskVolume6</Data>
<Data Name="CorruptionActionState">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 11/08/2022 7:23:34 PM
Event ID: 172
Task Category: (203)
Level: Information
Keywords: (1024),(4)
User: SYSTEM
Computer: Nomu
Description:
Connectivity state in standby: Disconnected, Reason: NIC compliance
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331c3b3a-2005-44c2-ac5e-77220c37d6b4}" />
<EventID>172</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>203</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000404</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:34.3585555Z" />
<EventRecordID>86624</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="516" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="State">2</Data>
<Data Name="Reason">6</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 11/08/2022 7:23:34 PM
Event ID: 41
Task Category: (63)
Level: Critical
Keywords: (70368744177664),(2)
User: SYSTEM
Computer: Nomu
Description:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331c3b3a-2005-44c2-ac5e-77220c37d6b4}" />
<EventID>41</EventID>
<Version>8</Version>
<Level>1</Level>
<Task>63</Task>
<Opcode>0</Opcode>
<Keywords>0x8000400000000002</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:34.3583071Z" />
<EventRecordID>86623</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BugcheckCode">0</Data>
<Data Name="BugcheckParameter1">0x0</Data>
<Data Name="BugcheckParameter2">0x0</Data>
<Data Name="BugcheckParameter3">0x0</Data>
<Data Name="BugcheckParameter4">0x0</Data>
<Data Name="SleepInProgress">0</Data>
<Data Name="PowerButtonTimestamp">0</Data>
<Data Name="BootAppStatus">0</Data>
<Data Name="Checkpoint">0</Data>
<Data Name="ConnectedStandbyInProgress">false</Data>
<Data Name="SystemSleepTransitionsToOn">0</Data>
<Data Name="CsEntryScenarioInstanceId">0</Data>
<Data Name="BugcheckInfoFromEFI">false</Data>
<Data Name="CheckpointStatus">0</Data>
<Data Name="CsEntryScenarioInstanceIdV2">0</Data>
<Data Name="LongPowerButtonPressDetected">false</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:23:34 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'npsvctrig' (10.0, ‎2025‎-‎01‎-‎06T06:41:12.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:34.3242071Z" />
<EventRecordID>86622</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">9</Data>
<Data Name="DeviceName">npsvctrig</Data>
<Data Name="DeviceTime">2025-01-06T06:41:12.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:23:34 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'FileCrypt' (10.0, ‎2002‎-‎03‎-‎01T15:12:42.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:34.2759887Z" />
<EventRecordID>86621</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">9</Data>
<Data Name="DeviceName">FileCrypt</Data>
<Data Name="DeviceTime">2002-03-01T15:12:42.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Ntfs
Date: 11/08/2022 7:23:33 PM
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: Nomu
Description:
Volume C: (\Device\HarddiskVolume3) is healthy. No action is needed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Ntfs" Guid="{3ff37a1c-a68d-4d6e-8c9b-f79e8b16c482}" />
<EventID>98</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:33.6871327Z" />
<EventRecordID>86620</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriveName">C:</Data>
<Data Name="DeviceName">\Device\HarddiskVolume3</Data>
<Data Name="CorruptionActionState">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv
Date: 11/08/2022 7:23:33 PM
Event ID: 100
Task Category: Driver
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The following informational event has occurred (0x0, 0x0, 0x0, 0x0).
DeviceStart
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-EnhancedStorage-EhStorTcgDrv" Guid="{aa3aa23b-bb6d-425a-b58c-1d7e37f5d02a}" />
<EventID>100</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>50</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:33.3644806Z" />
<EventRecordID>86619</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="288" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Context">DeviceStart</Data>
<Data Name="Param1">0x0</Data>
<Data Name="Param2">0x0</Data>
<Data Name="Param3">0x0</Data>
<Data Name="Param4">0x0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv
Date: 11/08/2022 7:23:33 PM
Event ID: 12
Task Category: Driver
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
A TCG Silo has returned the capabilities value of 0x7.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-EnhancedStorage-EhStorTcgDrv" Guid="{aa3aa23b-bb6d-425a-b58c-1d7e37f5d02a}" />
<EventID>12</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>50</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:33.3540452Z" />
<EventRecordID>86618</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="288" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Capabilities">0x7</Data>
<Data Name="KeyProtectionMechanism">0x2</Data>
<Data Name="MaxBandCount">9</Data>
<Data Name="BandMetadataSize">1048576</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv
Date: 11/08/2022 7:23:33 PM
Event ID: 100
Task Category: Driver
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The following informational event has occurred (0x0, 0x5, 0x0, 0x0).
D0Entry
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-EnhancedStorage-EhStorTcgDrv" Guid="{aa3aa23b-bb6d-425a-b58c-1d7e37f5d02a}" />
<EventID>100</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>50</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:33.3182494Z" />
<EventRecordID>86617</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="288" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Context">D0Entry</Data>
<Data Name="Param1">0x0</Data>
<Data Name="Param2">0x5</Data>
<Data Name="Param3">0x0</Data>
<Data Name="Param4">0x0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:23:33 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'WdFilter' (10.0, ‎2022‎-‎06‎-‎06T17:51:51.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:33.2510207Z" />
<EventRecordID>86616</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">8</Data>
<Data Name="DeviceName">WdFilter</Data>
<Data Name="DeviceTime">2022-06-06T17:51:51.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:23:33 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'Wof' (10.0, ‎2024‎-‎08‎-‎23T18:35:41.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:33.2504143Z" />
<EventRecordID>86615</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">3</Data>
<Data Name="DeviceName">Wof</Data>
<Data Name="DeviceTime">2024-08-23T18:35:41.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 7:23:33 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'FileInfo' (10.0, ‎2062‎-‎12‎-‎23T09:21:06.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:33.2498817Z" />
<EventRecordID>86614</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">8</Data>
<Data Name="DeviceName">FileInfo</Data>
<Data Name="DeviceTime">2062-12-23T09:21:06.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: EventLog
Date: 11/08/2022 7:23:38 PM
Event ID: 6013
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
The system uptime is 7 seconds.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6013</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:38.8969135Z" />
<EventRecordID>86613</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>7</Data>
<Data>60</Data>
<Data>-240 Arabian Standard Time</Data>
<Binary>31002E003100000030000000570069006E0064006F0077007300200031003000200048006F006D0065000000310030002E0030002E003100390030003400340020004200750069006C0064002000310039003000340034002000200000004D0075006C0074006900700072006F0063006500730073006F007200200046007200650065000000310039003000340031002E00760062005F00720065006C0065006100730065002E003100390031003200300036002D00310034003000360000003600300037006500310066006500630000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C00650000003900000031003200000033003200360038003400000034003000390000004E006F006D00750000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: EventLog
Date: 11/08/2022 7:23:38 PM
Event ID: 6005
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
The Event log service was started.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6005</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:38.8958987Z" />
<EventRecordID>86612</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Binary>E607080004000B000F00170026007F030000000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: EventLog
Date: 11/08/2022 7:23:38 PM
Event ID: 6009
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
Microsoft (R) Windows (R) 10.00. 19044 Multiprocessor Free.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6009</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:38.8958987Z" />
<EventRecordID>86611</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>10.00.</Data>
<Data>19044</Data>
<Data>
</Data>
<Data>Multiprocessor Free</Data>
<Data>0</Data>
</EventData>
</Event>

Log Name: System
Source: EventLog
Date: 11/08/2022 7:23:38 PM
Event ID: 6008
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Nomu
Description:
The previous system shutdown at 7:16:01 PM on ‎11/‎08/‎2022 was unexpected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6008</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:38.8948975Z" />
<EventRecordID>86610</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>7:16:01 PM</Data>
<Data>‎11/‎08/‎2022</Data>
<Data>
</Data>
<Data>
</Data>
<Data>4809</Data>
<Data>
</Data>
<Data>
</Data>
<Binary>E607080004000B00130010000100B403E607080004000B000F0010000100B403600900003C000000010000006009000001000000B004000001000000FEFFFFFF</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-HAL
Date: 11/08/2022 7:23:32 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The iommu fault reporting has been initialized.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-HAL" Guid="{63d1e632-95cc-4443-9312-af927761d52a}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:32.2642306Z" />
<EventRecordID>86609</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 7:23:32 PM
Event ID: 20
Task Category: (6)
Level: Information
Keywords: Time
User: SYSTEM
Computer: Nomu
Description:
The leap second configuration has been updated.
Reason: Leap second data initialized from registry during boot
Leap seconds enabled: true
New leap second count: 0
Old leap second count: 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>20</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>6</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:32.2213931Z" />
<EventRecordID>86608</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="UpdateReason">0</Data>
<Data Name="EnabledNew">true</Data>
<Data Name="CountNew">0</Data>
<Data Name="CountOld">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:23:32 PM
Event ID: 30
Task Category: (21)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The firmware reported boot metrics.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>30</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>21</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:32.2157346Z" />
<EventRecordID>86607</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ResetEndStart">0</Data>
<Data Name="LoadOSImageStart">0</Data>
<Data Name="StartOSImageStart">9460</Data>
<Data Name="ExitBootServicesEntry">9710</Data>
<Data Name="ExitBootServicesExit">9713</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:23:32 PM
Event ID: 32
Task Category: (58)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The bootmgr spent 0 ms waiting for user input.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>32</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>58</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:32.2156922Z" />
<EventRecordID>86606</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BitlockerUserInputTime">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:23:32 PM
Event ID: 18
Task Category: (57)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
There are 0x1 boot options on this system.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>18</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>57</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:32.2156371Z" />
<EventRecordID>86605</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="EntryCount">1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:23:32 PM
Event ID: 27
Task Category: (33)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The boot type was 0x0.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>27</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>33</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:32.2156217Z" />
<EventRecordID>86604</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BootType">0</Data>
<Data Name="LoadOptions"> NOEXECUTE=OPTIN NOVGA</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:23:32 PM
Event ID: 25
Task Category: (32)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The boot menu policy was 0x1.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>25</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>32</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:32.2156209Z" />
<EventRecordID>86603</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BootMenuPolicy">1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:23:32 PM
Event ID: 238
Task Category: (101)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
EFI time zone bias: 2047. Daylight flags: 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>238</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>101</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:32.2156196Z" />
<EventRecordID>86602</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="EfiTimeZoneBias">2047</Data>
<Data Name="EfiDaylightFlags">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:23:32 PM
Event ID: 20
Task Category: (31)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The last shutdown's success status was false. The last boot's success status was true.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>20</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>31</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:32.2155295Z" />
<EventRecordID>86601</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="LastShutdownGood">false</Data>
<Data Name="LastBootGood">true</Data>
<Data Name="LastBootId">224</Data>
<Data Name="BootStatusPolicy">2</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 7:23:32 PM
Event ID: 153
Task Category: (62)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Virtualization-based security (policies: 0) is disabled.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>153</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>62</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:32.2154968Z" />
<EventRecordID>86600</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Status">0</Data>
<Data Name="EnableDisableReason">0</Data>
<Data Name="VsmPolicy">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 7:23:32 PM
Event ID: 12
Task Category: (1)
Level: Information
Keywords: (128)
User: SYSTEM
Computer: Nomu
Description:
The operating system started at system time ‎2022‎-‎08‎-‎11T15:23:31.500000000Z.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>12</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000080</Keywords>
<TimeCreated SystemTime="2022-08-11T15:23:32.2154394Z" />
<EventRecordID>86599</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="MajorVersion">10</Data>
<Data Name="MinorVersion">0</Data>
<Data Name="BuildVersion">19041</Data>
<Data Name="QfeVersion">1865</Data>
<Data Name="ServiceVersion">0</Data>
<Data Name="BootMode">0</Data>
<Data Name="StartTime">2022-08-11T15:23:31.5000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 7:12:15 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The access history in hive \??\C:\Users\SSKYB\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 2 keys and creating 1 modified pages.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:12:15.2703401Z" />
<EventRecordID>86598</EventRecordID>
<Correlation />
<Execution ProcessID="21028" ThreadID="1500" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="HiveNameLength">106</Data>
<Data Name="HiveName">\??\C:\Users\SSKYB\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\settings.dat</Data>
<Data Name="KeysUpdated">2</Data>
<Data Name="DirtyPages">1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 7:11:01 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The access history in hive \??\C:\Users\SSKYB\AppData\Local\Packages\B9ECED6F.ASUSPCAssistant_qmba6cd70vzyy\Settings\settings.dat was cleared updating 2 keys and creating 1 modified pages.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T15:11:01.5165824Z" />
<EventRecordID>86597</EventRecordID>
<Correlation />
<Execution ProcessID="21100" ThreadID="2520" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="HiveNameLength">102</Data>
<Data Name="HiveName">\??\C:\Users\SSKYB\AppData\Local\Packages\B9ECED6F.ASUSPCAssistant_qmba6cd70vzyy\Settings\settings.dat</Data>
<Data Name="KeysUpdated">2</Data>
<Data Name="DirtyPages">1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 6:26:12 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The access history in hive \??\C:\Users\SSKYB\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 20 keys and creating 6 modified pages.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T14:26:12.8618787Z" />
<EventRecordID>86596</EventRecordID>
<Correlation />
<Execution ProcessID="4012" ThreadID="512" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="HiveNameLength">102</Data>
<Data Name="HiveName">\??\C:\Users\SSKYB\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat</Data>
<Data Name="KeysUpdated">20</Data>
<Data Name="DirtyPages">6</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 6:26:12 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The access history in hive \??\C:\ProgramData\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\S-1-5-21-2985076639-895311677-358525590-1001\SystemAppData\Helium\Cache\4842f1b597aa1d7d_COM15.dat was cleared updating 1 keys and creating 1 modified pages.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T14:26:12.6464471Z" />
<EventRecordID>86595</EventRecordID>
<Correlation />
<Execution ProcessID="704" ThreadID="10084" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="HiveNameLength">168</Data>
<Data Name="HiveName">\??\C:\ProgramData\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\S-1-5-21-2985076639-895311677-358525590-1001\SystemAppData\Helium\Cache\4842f1b597aa1d7d_COM15.dat</Data>
<Data Name="KeysUpdated">1</Data>
<Data Name="DirtyPages">1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 6:26:12 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The access history in hive \??\C:\Users\SSKYB\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 7 keys and creating 2 modified pages.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T14:26:12.6282411Z" />
<EventRecordID>86594</EventRecordID>
<Correlation />
<Execution ProcessID="4752" ThreadID="16988" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="HiveNameLength">105</Data>
<Data Name="HiveName">\??\C:\Users\SSKYB\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\Settings\settings.dat</Data>
<Data Name="KeysUpdated">7</Data>
<Data Name="DirtyPages">2</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 6:26:12 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The access history in hive \??\C:\Users\SSKYB\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 12 keys and creating 2 modified pages.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T14:26:12.6053758Z" />
<EventRecordID>86593</EventRecordID>
<Correlation />
<Execution ProcessID="4792" ThreadID="8200" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="HiveNameLength">97</Data>
<Data Name="HiveName">\??\C:\Users\SSKYB\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat</Data>
<Data Name="KeysUpdated">12</Data>
<Data Name="DirtyPages">2</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 11/08/2022 6:12:50 PM
Event ID: 7040
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: Nomu
Description:
The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="16384">7040</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T14:12:50.0621115Z" />
<EventRecordID>86592</EventRecordID>
<Correlation />
<Execution ProcessID="944" ThreadID="9344" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">Background Intelligent Transfer Service</Data>
<Data Name="param2">auto start</Data>
<Data Name="param3">demand start</Data>
<Data Name="param4">BITS</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 6:10:40 PM
Event ID: 1
Task Category: (5)
Level: Information
Keywords: Time
User: LOCAL SERVICE
Computer: Nomu
Description:
The system time has changed to ‎2022‎-‎08‎-‎11T14:10:40.984206000Z from ‎2022‎-‎08‎-‎11T14:10:40.983901200Z.

Change Reason: An application or system component changed the time.
Process: '\Device\HarddiskVolume3\Windows\System32\svchost.exe' (PID 19548).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>1</EventID>
<Version>2</Version>
<Level>4</Level>
<Task>5</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2022-08-11T14:10:40.9843097Z" />
<EventRecordID>86591</EventRecordID>
<Correlation />
<Execution ProcessID="19548" ThreadID="2784" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="NewTime">2022-08-11T14:10:40.9842060Z</Data>
<Data Name="OldTime">2022-08-11T14:10:40.9839012Z</Data>
<Data Name="Reason">1</Data>
<Data Name="ProcessName">\Device\HarddiskVolume3\Windows\System32\svchost.exe</Data>
<Data Name="ProcessID">19548</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 6:10:40 PM
Event ID: 24
Task Category: (11)
Level: Information
Keywords: Time
User: LOCAL SERVICE
Computer: Nomu
Description:
The time zone information was refreshed with exit reason 0. Current time zone bias is -240.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>24</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>11</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2022-08-11T14:10:40.9842918Z" />
<EventRecordID>86590</EventRecordID>
<Correlation />
<Execution ProcessID="19548" ThreadID="2784" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="ExitReason">0</Data>
<Data Name="CurrentBias">-240</Data>
<Data Name="CurrentTimeZoneID">0</Data>
<Data Name="TimeZoneInfoCacheUpdated">0</Data>
<Data Name="FirstRefresh">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 6:10:40 PM
Event ID: 1
Task Category: (5)
Level: Information
Keywords: Time
User: LOCAL SERVICE
Computer: Nomu
Description:
The system time has changed to ‎2022‎-‎08‎-‎11T14:10:40.983901200Z from ‎2022‎-‎08‎-‎11T14:10:40.983563800Z.

Change Reason: An application or system component changed the time.
Process: '\Device\HarddiskVolume3\Windows\System32\svchost.exe' (PID 19548).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>1</EventID>
<Version>2</Version>
<Level>4</Level>
<Task>5</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2022-08-11T14:10:40.9840093Z" />
<EventRecordID>86589</EventRecordID>
<Correlation />
<Execution ProcessID="19548" ThreadID="2784" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="NewTime">2022-08-11T14:10:40.9839012Z</Data>
<Data Name="OldTime">2022-08-11T14:10:40.9835638Z</Data>
<Data Name="Reason">1</Data>
<Data Name="ProcessName">\Device\HarddiskVolume3\Windows\System32\svchost.exe</Data>
<Data Name="ProcessID">19548</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 6:10:40 PM
Event ID: 24
Task Category: (11)
Level: Information
Keywords: Time
User: LOCAL SERVICE
Computer: Nomu
Description:
The time zone information was refreshed with exit reason 0. Current time zone bias is -240.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>24</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>11</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2022-08-11T14:10:40.9839915Z" />
<EventRecordID>86588</EventRecordID>
<Correlation />
<Execution ProcessID="19548" ThreadID="2784" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="ExitReason">0</Data>
<Data Name="CurrentBias">-240</Data>
<Data Name="CurrentTimeZoneID">0</Data>
<Data Name="TimeZoneInfoCacheUpdated">0</Data>
<Data Name="FirstRefresh">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Time-Service
Date: 11/08/2022 6:10:40 PM
Event ID: 35
Task Category: None
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: Nomu
Description:
The time service is now synchronizing the system time with the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->40.81.94.65:123) with reference id 1096700200. Current local stratum number is 4.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Time-Service" Guid="{06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb}" />
<EventID>35</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T14:10:40.9838938Z" />
<EventRecordID>86587</EventRecordID>
<Correlation />
<Execution ProcessID="19548" ThreadID="21180" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData Name="TMP_EVENT_TIME_SOURCE_CHOSEN">
<Data Name="TimeSource">time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->40.81.94.65:123)</Data>
<Data Name="TimeSourceRefId">1096700200</Data>
<Data Name="CurrentStratumNumber">4</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 6:10:40 PM
Event ID: 1
Task Category: (5)
Level: Information
Keywords: Time
User: LOCAL SERVICE
Computer: Nomu
Description:
The system time has changed to ‎2022‎-‎08‎-‎11T14:10:40.983563800Z from ‎2022‎-‎08‎-‎11T14:10:43.375243900Z.

Change Reason: An application or system component changed the time.
Process: '\Device\HarddiskVolume3\Windows\System32\svchost.exe' (PID 19548).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>1</EventID>
<Version>2</Version>
<Level>4</Level>
<Task>5</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2022-08-11T14:10:40.9837396Z" />
<EventRecordID>86586</EventRecordID>
<Correlation />
<Execution ProcessID="19548" ThreadID="2784" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="NewTime">2022-08-11T14:10:40.9835638Z</Data>
<Data Name="OldTime">2022-08-11T14:10:43.3752439Z</Data>
<Data Name="Reason">1</Data>
<Data Name="ProcessName">\Device\HarddiskVolume3\Windows\System32\svchost.exe</Data>
<Data Name="ProcessID">19548</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 6:10:40 PM
Event ID: 24
Task Category: (11)
Level: Information
Keywords: Time
User: LOCAL SERVICE
Computer: Nomu
Description:
The time zone information was refreshed with exit reason 0. Current time zone bias is -240.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>24</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>11</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2022-08-11T14:10:40.9837216Z" />
<EventRecordID>86585</EventRecordID>
<Correlation />
<Execution ProcessID="19548" ThreadID="2784" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="ExitReason">0</Data>
<Data Name="CurrentBias">-240</Data>
<Data Name="CurrentTimeZoneID">0</Data>
<Data Name="TimeZoneInfoCacheUpdated">0</Data>
<Data Name="FirstRefresh">0</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 11/08/2022 6:10:35 PM
Event ID: 7045
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: Nomu
Description:
A service was installed in the system.

Service Name: MpKsl3c5b99e5
Service File Name: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B6C9DD3E-90FA-4BFB-957A-7336C10CA1F5}\MpKslDrv.sys
Service Type: kernel mode driver
Service Start Type: demand start
Service Account:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="16384">7045</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T14:10:35.4870558Z" />
<EventRecordID>86584</EventRecordID>
<Correlation />
<Execution ProcessID="944" ThreadID="13284" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ServiceName">MpKsl3c5b99e5</Data>
<Data Name="ImagePath">C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B6C9DD3E-90FA-4BFB-957A-7336C10CA1F5}\MpKslDrv.sys</Data>
<Data Name="ServiceType">kernel mode driver</Data>
<Data Name="StartType">demand start</Data>
<Data Name="AccountName">
</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 11/08/2022 6:10:30 PM
Event ID: 7040
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: Nomu
Description:
The start type of the Windows Modules Installer service was changed from auto start to demand start.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="16384">7040</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T14:10:30.2839424Z" />
<EventRecordID>86583</EventRecordID>
<Correlation />
<Execution ProcessID="944" ThreadID="13284" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">Windows Modules Installer</Data>
<Data Name="param2">auto start</Data>
<Data Name="param3">demand start</Data>
<Data Name="param4">TrustedInstaller</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 11/08/2022 6:10:30 PM
Event ID: 7040
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: Nomu
Description:
The start type of the Windows Modules Installer service was changed from demand start to auto start.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="16384">7040</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T14:10:30.2534028Z" />
<EventRecordID>86582</EventRecordID>
<Correlation />
<Execution ProcessID="944" ThreadID="13284" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">Windows Modules Installer</Data>
<Data Name="param2">demand start</Data>
<Data Name="param3">auto start</Data>
<Data Name="param4">TrustedInstaller</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 11/08/2022 6:10:30 PM
Event ID: 7040
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: Nomu
Description:
The start type of the Windows Modules Installer service was changed from auto start to demand start.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="16384">7040</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T14:10:30.0702365Z" />
<EventRecordID>86581</EventRecordID>
<Correlation />
<Execution ProcessID="944" ThreadID="13284" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">Windows Modules Installer</Data>
<Data Name="param2">auto start</Data>
<Data Name="param3">demand start</Data>
<Data Name="param4">TrustedInstaller</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Time-Service
Date: 11/08/2022 6:10:28 PM
Event ID: 37
Task Category: None
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: Nomu
Description:
The time provider NtpClient is currently receiving valid time data from time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->40.81.94.65:123).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Time-Service" Guid="{06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb}" />
<EventID>37</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T14:10:28.9197210Z" />
<EventRecordID>86580</EventRecordID>
<Correlation />
<Execution ProcessID="19548" ThreadID="21180" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData Name="TMP_EVENT_TIME_SOURCE_REACHABLE">
<Data Name="TimeSource">time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->40.81.94.65:123)</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Time-Service
Date: 11/08/2022 6:10:27 PM
Event ID: 158
Task Category: None
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: Nomu
Description:
The time provider 'VMICTimeProvider' has indicated that the current hardware and operating environment is not supported and has stopped. This behavior is expected for VMICTimeProvider on non-HyperV-guest environments. This may be the expected behavior for the current provider in the current operating environment as well.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Time-Service" Guid="{06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb}" />
<EventID>158</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T14:10:27.2426796Z" />
<EventRecordID>86579</EventRecordID>
<Correlation />
<Execution ProcessID="19548" ThreadID="5416" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData Name="TMP_EVENT_TIMEPROV_INDICATED_UNSUPPORTED">
<Data Name="TimeProvider">VMICTimeProvider</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 11/08/2022 6:10:27 PM
Event ID: 7040
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: Nomu
Description:
The start type of the Windows Modules Installer service was changed from demand start to auto start.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="16384">7040</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T14:10:27.1290467Z" />
<EventRecordID>86578</EventRecordID>
<Correlation />
<Execution ProcessID="944" ThreadID="7888" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">Windows Modules Installer</Data>
<Data Name="param2">demand start</Data>
<Data Name="param3">auto start</Data>
<Data Name="param4">TrustedInstaller</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 11/08/2022 6:10:23 PM
Event ID: 7040
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: Nomu
Description:
The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="16384">7040</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T14:10:23.6468850Z" />
<EventRecordID>86577</EventRecordID>
<Correlation />
<Execution ProcessID="944" ThreadID="7888" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">Background Intelligent Transfer Service</Data>
<Data Name="param2">demand start</Data>
<Data Name="param3">auto start</Data>
<Data Name="param4">BITS</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 6:10:23 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The access history in hive \??\C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat was cleared updating 0 keys and creating 0 modified pages.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T14:10:23.0334589Z" />
<EventRecordID>86576</EventRecordID>
<Correlation />
<Execution ProcessID="11612" ThreadID="1588" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="HiveNameLength">85</Data>
<Data Name="HiveName">\??\C:\ProgramData\Microsoft\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat</Data>
<Data Name="KeysUpdated">0</Data>
<Data Name="DirtyPages">0</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 11/08/2022 6:07:10 PM
Event ID: 7040
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: Nomu
Description:
The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="16384">7040</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T14:07:10.2963817Z" />
<EventRecordID>86575</EventRecordID>
<Correlation />
<Execution ProcessID="944" ThreadID="3540" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">Background Intelligent Transfer Service</Data>
<Data Name="param2">auto start</Data>
<Data Name="param3">demand start</Data>
<Data Name="param4">BITS</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 11/08/2022 6:05:04 PM
Event ID: 7040
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: Nomu
Description:
The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="16384">7040</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T14:05:04.7361185Z" />
<EventRecordID>86574</EventRecordID>
<Correlation />
<Execution ProcessID="944" ThreadID="10372" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">Background Intelligent Transfer Service</Data>
<Data Name="param2">demand start</Data>
<Data Name="param3">auto start</Data>
<Data Name="param4">BITS</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 11/08/2022 6:03:21 PM
Event ID: 7040
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: Nomu
Description:
The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="16384">7040</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T14:03:21.4707823Z" />
<EventRecordID>86573</EventRecordID>
<Correlation />
<Execution ProcessID="944" ThreadID="3992" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">Background Intelligent Transfer Service</Data>
<Data Name="param2">auto start</Data>
<Data Name="param3">demand start</Data>
<Data Name="param4">BITS</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 11/08/2022 6:01:17 PM
Event ID: 7040
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: Nomu
Description:
The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="16384">7040</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T14:01:17.0780985Z" />
<EventRecordID>86572</EventRecordID>
<Correlation />
<Execution ProcessID="944" ThreadID="9020" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">Background Intelligent Transfer Service</Data>
<Data Name="param2">demand start</Data>
<Data Name="param3">auto start</Data>
<Data Name="param4">BITS</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 11/08/2022 5:58:27 PM
Event ID: 7040
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: Nomu
Description:
The start type of the Windows Modules Installer service was changed from auto start to demand start.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="16384">7040</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:58:27.1252021Z" />
<EventRecordID>86571</EventRecordID>
<Correlation />
<Execution ProcessID="944" ThreadID="18376" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">Windows Modules Installer</Data>
<Data Name="param2">auto start</Data>
<Data Name="param3">demand start</Data>
<Data Name="param4">TrustedInstaller</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 11/08/2022 5:58:21 PM
Event ID: 7040
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: Nomu
Description:
The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="16384">7040</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:58:21.0890994Z" />
<EventRecordID>86570</EventRecordID>
<Correlation />
<Execution ProcessID="944" ThreadID="18376" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">Background Intelligent Transfer Service</Data>
<Data Name="param2">auto start</Data>
<Data Name="param3">demand start</Data>
<Data Name="param4">BITS</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 11/08/2022 5:58:09 PM
Event ID: 10016
Task Category: None
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: Nomu
Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:58:09.2769534Z" />
<EventRecordID>86569</EventRecordID>
<Correlation ActivityID="{65a096c9-5bbe-455c-8e52-24254e048221}" />
<Execution ProcessID="1036" ThreadID="17116" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Launch</Data>
<Data Name="param4">Windows.SecurityCenter.WscDataProtection</Data>
<Data Name="param5">Unavailable</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">SYSTEM</Data>
<Data Name="param8">S-1-5-18</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 11/08/2022 5:58:09 PM
Event ID: 10016
Task Category: None
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: Nomu
Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:58:09.2769534Z" />
<EventRecordID>86568</EventRecordID>
<Correlation ActivityID="{e656ea77-75e9-4325-b5fe-149e12e44b0b}" />
<Execution ProcessID="1036" ThreadID="6008" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Launch</Data>
<Data Name="param4">Windows.SecurityCenter.WscBrokerManager</Data>
<Data Name="param5">Unavailable</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">SYSTEM</Data>
<Data Name="param8">S-1-5-18</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 11/08/2022 5:58:09 PM
Event ID: 10016
Task Category: None
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: Nomu
Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:58:09.2769534Z" />
<EventRecordID>86567</EventRecordID>
<Correlation ActivityID="{5b5f7765-10a8-481f-95ff-0157eb83f7b8}" />
<Execution ProcessID="1036" ThreadID="2900" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Launch</Data>
<Data Name="param4">Windows.SecurityCenter.SecurityAppBroker</Data>
<Data Name="param5">Unavailable</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">SYSTEM</Data>
<Data Name="param8">S-1-5-18</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 11/08/2022 5:58:08 PM
Event ID: 7000
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Nomu
Description:
The Agent service failed to start due to the following error:
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:58:08.2370090Z" />
<EventRecordID>86566</EventRecordID>
<Correlation />
<Execution ProcessID="944" ThreadID="9020" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Agent</Data>
<Data Name="param2">%%2</Data>
<Binary>4100670065006E0074000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 5:58:04 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The access history in hive \??\C:\Users\SSKYB\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 12 keys and creating 3 modified pages.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:58:04.9040791Z" />
<EventRecordID>86565</EventRecordID>
<Correlation />
<Execution ProcessID="13024" ThreadID="6584" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="HiveNameLength">100</Data>
<Data Name="HiveName">\??\C:\Users\SSKYB\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat</Data>
<Data Name="KeysUpdated">12</Data>
<Data Name="DirtyPages">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 5:57:42 PM
Event ID: 15
Task Category: (10)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Hive \??\C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT was reorganized with a starting size of 12300288 bytes and an ending size of 11608064 bytes.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>15</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>10</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:57:42.0829793Z" />
<EventRecordID>86564</EventRecordID>
<Correlation />
<Execution ProcessID="10832" ThreadID="20696" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="HiveNameLength">52</Data>
<Data Name="HiveName">\??\C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT</Data>
<Data Name="OriginalSize">12300288</Data>
<Data Name="NewSize">11608064</Data>
</EventData>
</Event>

Log Name: System
Source: BTHUSB
Date: 11/08/2022 5:57:07 PM
Event ID: 37
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
An incoming authentication request from a remote device (f0:99:b6:1c:40:a1) was rejected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="BTHUSB" />
<EventID Qualifiers="16389">37</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:57:07.1062334Z" />
<EventRecordID>86563</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="10696" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>(f0:99:b6:1c:40:a1)</Data>
<Binary>00000000020028000000000025000540000000000000000000000000000000000000000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 11/08/2022 5:57:00 PM
Event ID: 7040
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: Nomu
Description:
The start type of the Windows Modules Installer service was changed from demand start to auto start.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="16384">7040</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:57:00.1440367Z" />
<EventRecordID>86562</EventRecordID>
<Correlation />
<Execution ProcessID="944" ThreadID="9020" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">Windows Modules Installer</Data>
<Data Name="param2">demand start</Data>
<Data Name="param3">auto start</Data>
<Data Name="param4">TrustedInstaller</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-WindowsUpdateClient
Date: 11/08/2022 5:56:59 PM
Event ID: 19
Task Category: Windows Update Agent
Level: Information
Keywords: Success,Installation
User: SYSTEM
Computer: Nomu
Description:
Installation Successful: Windows successfully installed the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.373.149.0)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WindowsUpdateClient" Guid="{945a8954-c147-4acd-923f-40c45405a658}" />
<EventID>19</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>13</Opcode>
<Keywords>0x8000000000000018</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:59.0285523Z" />
<EventRecordID>86561</EventRecordID>
<Correlation />
<Execution ProcessID="13560" ThreadID="13776" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="updateTitle">Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.373.149.0)</Data>
<Data Name="updateGuid">{2e15863e-d930-47fc-97a5-436d22837dfa}</Data>
<Data Name="updateRevisionNumber">200</Data>
<Data Name="serviceGuid">{9482f4b4-e343-43b6-b170-9a65bc822c77}</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-WindowsUpdateClient
Date: 11/08/2022 5:56:51 PM
Event ID: 44
Task Category: Windows Update Agent
Level: Information
Keywords: Started,Download
User: SYSTEM
Computer: Nomu
Description:
Windows Update started downloading an update.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WindowsUpdateClient" Guid="{945a8954-c147-4acd-923f-40c45405a658}" />
<EventID>44</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000002004</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:51.3713863Z" />
<EventRecordID>86560</EventRecordID>
<Correlation />
<Execution ProcessID="13560" ThreadID="13732" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="updateTitle">2022-08 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5016616)</Data>
<Data Name="updateGuid">{8f56c3fa-2d4f-44e9-a392-76b839cdb970}</Data>
<Data Name="updateRevisionNumber">1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-WindowsUpdateClient
Date: 11/08/2022 5:56:45 PM
Event ID: 43
Task Category: Windows Update Agent
Level: Information
Keywords: Started,Installation
User: SYSTEM
Computer: Nomu
Description:
Installation Started: Windows has started installing the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.373.149.0)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WindowsUpdateClient" Guid="{945a8954-c147-4acd-923f-40c45405a658}" />
<EventID>43</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>13</Opcode>
<Keywords>0x8000000000002008</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:45.8541706Z" />
<EventRecordID>86559</EventRecordID>
<Correlation />
<Execution ProcessID="13560" ThreadID="13776" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="updateTitle">Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.373.149.0)</Data>
<Data Name="updateGuid">{2e15863e-d930-47fc-97a5-436d22837dfa}</Data>
<Data Name="updateRevisionNumber">200</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-WindowsUpdateClient
Date: 11/08/2022 5:56:45 PM
Event ID: 44
Task Category: Windows Update Agent
Level: Information
Keywords: Started,Download
User: SYSTEM
Computer: Nomu
Description:
Windows Update started downloading an update.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WindowsUpdateClient" Guid="{945a8954-c147-4acd-923f-40c45405a658}" />
<EventID>44</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000002004</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:45.8541090Z" />
<EventRecordID>86558</EventRecordID>
<Correlation />
<Execution ProcessID="13560" ThreadID="13776" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="updateTitle">2022-08 Security Update for Windows 10 Version 21H2 for x64-based Systems (KB5012170)</Data>
<Data Name="updateGuid">{01f7dc80-5870-4a79-bb59-fe9071e01405}</Data>
<Data Name="updateRevisionNumber">200</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-WindowsUpdateClient
Date: 11/08/2022 5:56:45 PM
Event ID: 44
Task Category: Windows Update Agent
Level: Information
Keywords: Started,Download
User: SYSTEM
Computer: Nomu
Description:
Windows Update started downloading an update.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WindowsUpdateClient" Guid="{945a8954-c147-4acd-923f-40c45405a658}" />
<EventID>44</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000002004</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:45.8541071Z" />
<EventRecordID>86557</EventRecordID>
<Correlation />
<Execution ProcessID="13560" ThreadID="13776" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="updateTitle">Windows Malicious Software Removal Tool x64 - v5.104 (KB890830)</Data>
<Data Name="updateGuid">{b5292e9e-d174-4ae1-be7f-10092f940b10}</Data>
<Data Name="updateRevisionNumber">200</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-WindowsUpdateClient
Date: 11/08/2022 5:56:45 PM
Event ID: 44
Task Category: Windows Update Agent
Level: Information
Keywords: Started,Download
User: SYSTEM
Computer: Nomu
Description:
Windows Update started downloading an update.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WindowsUpdateClient" Guid="{945a8954-c147-4acd-923f-40c45405a658}" />
<EventID>44</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000002004</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:45.8540068Z" />
<EventRecordID>86556</EventRecordID>
<Correlation />
<Execution ProcessID="13560" ThreadID="13776" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="updateTitle">Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.373.149.0)</Data>
<Data Name="updateGuid">{2e15863e-d930-47fc-97a5-436d22837dfa}</Data>
<Data Name="updateRevisionNumber">200</Data>
</EventData>
</Event>

Log Name: System
Source: BTHUSB
Date: 11/08/2022 5:56:36 PM
Event ID: 16
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Nomu
Description:
The mutual authentication between the local Bluetooth adapter and a device with Bluetooth adapter address (f0:99:b6:1c:40:a1) failed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="BTHUSB" />
<EventID Qualifiers="49157">16</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:36.8499694Z" />
<EventRecordID>86555</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="10772" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>(f0:99:b6:1c:40:a1)</Data>
<Binary>000000000200280000000000100005C0000000000000000000000000000000000000000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 11/08/2022 5:56:36 PM
Event ID: 10016
Task Category: None
Level: Warning
Keywords: Classic
User: NOMU\SSKYB
Computer: Nomu
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user NOMU\SSKYB SID (S-1-5-21-2985076639-895311677-358525590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:36.7068389Z" />
<EventRecordID>86554</EventRecordID>
<Correlation ActivityID="{59318e30-6589-4d52-9270-8208deede455}" />
<Execution ProcessID="1036" ThreadID="1080" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-21-2985076639-895311677-358525590-1001" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}</Data>
<Data Name="param5">{15C20B67-12E7-4BB6-92BB-7AFF07997402}</Data>
<Data Name="param6">NOMU</Data>
<Data Name="param7">SSKYB</Data>
<Data Name="param8">S-1-5-21-2985076639-895311677-358525590-1001</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 5:56:35 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The access history in hive \??\C:\ProgramData\Packages\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\S-1-5-21-2985076639-895311677-358525590-1001\SystemAppData\Helium\Cache\f19c5f899c1ae8e8_COM15.dat was cleared updating 1 keys and creating 1 modified pages.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:35.1111173Z" />
<EventRecordID>86553</EventRecordID>
<Correlation />
<Execution ProcessID="17232" ThreadID="17256" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="HiveNameLength">163</Data>
<Data Name="HiveName">\??\C:\ProgramData\Packages\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\S-1-5-21-2985076639-895311677-358525590-1001\SystemAppData\Helium\Cache\f19c5f899c1ae8e8_COM15.dat</Data>
<Data Name="KeysUpdated">1</Data>
<Data Name="DirtyPages">1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 5:56:34 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The access history in hive \??\C:\Users\SSKYB\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 3 keys and creating 1 modified pages.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:34.9323599Z" />
<EventRecordID>86552</EventRecordID>
<Correlation />
<Execution ProcessID="19312" ThreadID="19348" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="HiveNameLength">101</Data>
<Data Name="HiveName">\??\C:\Users\SSKYB\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\Settings\settings.dat</Data>
<Data Name="KeysUpdated">3</Data>
<Data Name="DirtyPages">1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 5:56:34 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The access history in hive \??\C:\ProgramData\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\S-1-5-21-2985076639-895311677-358525590-1001\SystemAppData\Helium\Cache\934143f0009e9af8_COM15.dat was cleared updating 1 keys and creating 1 modified pages.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:34.6894473Z" />
<EventRecordID>86551</EventRecordID>
<Correlation />
<Execution ProcessID="17232" ThreadID="17256" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="HiveNameLength">164</Data>
<Data Name="HiveName">\??\C:\ProgramData\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\S-1-5-21-2985076639-895311677-358525590-1001\SystemAppData\Helium\Cache\934143f0009e9af8_COM15.dat</Data>
<Data Name="KeysUpdated">1</Data>
<Data Name="DirtyPages">1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 11/08/2022 5:56:31 PM
Event ID: 10016
Task Category: None
Level: Warning
Keywords: Classic
User: NOMU\SSKYB
Computer: Nomu
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user NOMU\SSKYB SID (S-1-5-21-2985076639-895311677-358525590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:31.7045397Z" />
<EventRecordID>86550</EventRecordID>
<Correlation ActivityID="{6c035256-c7c3-47be-887f-4d2c2fff93ef}" />
<Execution ProcessID="1036" ThreadID="8300" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-21-2985076639-895311677-358525590-1001" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}</Data>
<Data Name="param5">{15C20B67-12E7-4BB6-92BB-7AFF07997402}</Data>
<Data Name="param6">NOMU</Data>
<Data Name="param7">SSKYB</Data>
<Data Name="param8">S-1-5-21-2985076639-895311677-358525590-1001</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 5:56:18 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The access history in hive \??\C:\Users\SSKYB\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 107 keys and creating 15 modified pages.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:18.0563415Z" />
<EventRecordID>86549</EventRecordID>
<Correlation />
<Execution ProcessID="12060" ThreadID="12292" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="HiveNameLength">113</Data>
<Data Name="HiveName">\??\C:\Users\SSKYB\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat</Data>
<Data Name="KeysUpdated">107</Data>
<Data Name="DirtyPages">15</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 11/08/2022 5:56:16 PM
Event ID: 7040
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: Nomu
Description:
The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="16384">7040</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:16.5132644Z" />
<EventRecordID>86548</EventRecordID>
<Correlation />
<Execution ProcessID="944" ThreadID="9024" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">Background Intelligent Transfer Service</Data>
<Data Name="param2">demand start</Data>
<Data Name="param3">auto start</Data>
<Data Name="param4">BITS</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 11/08/2022 5:56:14 PM
Event ID: 10016
Task Category: None
Level: Warning
Keywords: Classic
User: LOCAL SERVICE
Computer: Nomu
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:14.8420518Z" />
<EventRecordID>86547</EventRecordID>
<Correlation ActivityID="{4cf2be51-83b6-4247-987b-a29169d4e036}" />
<Execution ProcessID="1036" ThreadID="1924" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</Data>
<Data Name="param5">{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">LOCAL SERVICE</Data>
<Data Name="param8">S-1-5-19</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 11/08/2022 5:56:14 PM
Event ID: 10016
Task Category: None
Level: Warning
Keywords: Classic
User: LOCAL SERVICE
Computer: Nomu
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:14.8400501Z" />
<EventRecordID>86546</EventRecordID>
<Correlation ActivityID="{591ad002-68e0-4250-bf16-8cd055bdc21a}" />
<Execution ProcessID="1036" ThreadID="1800" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</Data>
<Data Name="param5">{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">LOCAL SERVICE</Data>
<Data Name="param8">S-1-5-19</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Winlogon
Date: 11/08/2022 5:56:14 PM
Event ID: 7001
Task Category: (1101)
Level: Information
Keywords: (35184372088832)
User: SYSTEM
Computer: Nomu
Description:
User Logon Notification for Customer Experience Improvement Program
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Winlogon" Guid="{dbe9b383-7cf3-4331-91cc-a3cb16a3b538}" />
<EventID>7001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>1101</Task>
<Opcode>0</Opcode>
<Keywords>0x2000200000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:14.2737162Z" />
<EventRecordID>86545</EventRecordID>
<Correlation />
<Execution ProcessID="1152" ThreadID="1276" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="TSId">1</Data>
<Data Name="UserSid">S-1-5-21-2985076639-895311677-358525590-1001</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 5:56:09 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'gameflt' (10.0, ‎1975‎-‎12‎-‎19T06:59:55.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:09.8471998Z" />
<EventRecordID>86544</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="156" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">7</Data>
<Data Name="DeviceName">gameflt</Data>
<Data Name="DeviceTime">1975-12-19T06:59:55.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 5:56:08 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The access history in hive \??\C:\Windows\AppCompat\Programs\Amcache.hve was cleared updating 2809 keys and creating 1098 modified pages.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:08.6880270Z" />
<EventRecordID>86543</EventRecordID>
<Correlation />
<Execution ProcessID="5224" ThreadID="7812" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="HiveNameLength">45</Data>
<Data Name="HiveName">\??\C:\Windows\AppCompat\Programs\Amcache.hve</Data>
<Data Name="KeysUpdated">2809</Data>
<Data Name="DirtyPages">1098</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 11/08/2022 5:56:08 PM
Event ID: 7026
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
The following boot-start or system-start driver(s) did not load:
dam
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7026</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:08.2371373Z" />
<EventRecordID>86542</EventRecordID>
<Correlation />
<Execution ProcessID="944" ThreadID="948" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">
dam</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-WLAN-AutoConfig
Date: 11/08/2022 5:56:07 PM
Event ID: 10001
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
WLAN Extensibility Module has successfully started.

Module Path: C:\Windows\system32\IntelIHVRouter08.dll

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WLAN-AutoConfig" Guid="{9580d7dd-0379-4658-9870-d5be7d52d6de}" />
<EventID>10001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:07.2327163Z" />
<EventRecordID>86541</EventRecordID>
<Correlation />
<Execution ProcessID="4836" ThreadID="4856" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ExtensibleModulePath">C:\Windows\system32\IntelIHVRouter08.dll</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-WLAN-AutoConfig
Date: 11/08/2022 5:56:07 PM
Event ID: 4000
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
WLAN AutoConfig service has successfully started.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WLAN-AutoConfig" Guid="{9580d7dd-0379-4658-9870-d5be7d52d6de}" />
<EventID>4000</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:07.1943720Z" />
<EventRecordID>86540</EventRecordID>
<Correlation />
<Execution ProcessID="4836" ThreadID="4856" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 5:56:04 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'bindflt' (10.0, ‎2001‎-‎11‎-‎10T08:51:01.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:04.3928401Z" />
<EventRecordID>86539</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="516" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">7</Data>
<Data Name="DeviceName">bindflt</Data>
<Data Name="DeviceTime">2001-11-10T08:51:01.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 5:56:04 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'storqosflt' (10.0, ‎2007‎-‎04‎-‎09T22:08:30.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:04.3904976Z" />
<EventRecordID>86538</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="516" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">10</Data>
<Data Name="DeviceName">storqosflt</Data>
<Data Name="DeviceTime">2007-04-09T22:08:30.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 5:56:04 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'CldFlt' (10.0, ‎2100‎-‎08‎-‎07T12:50:56.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:04.3879529Z" />
<EventRecordID>86537</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="492" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">6</Data>
<Data Name="DeviceName">CldFlt</Data>
<Data Name="DeviceTime">2100-08-07T12:50:56.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 5:56:04 PM
Event ID: 1
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'CldFlt' (Version 10.0, ‎2100‎-‎08‎-‎07T12:50:56.000000000Z) unloaded successfully.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>1</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:04.3878829Z" />
<EventRecordID>86536</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="492" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">6</Data>
<Data Name="DeviceName">CldFlt</Data>
<Data Name="DeviceTime">2100-08-07T12:50:56.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 5:56:04 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'CldFlt' (10.0, ‎2100‎-‎08‎-‎07T12:50:56.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:04.3878745Z" />
<EventRecordID>86535</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="492" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">6</Data>
<Data Name="DeviceName">CldFlt</Data>
<Data Name="DeviceTime">2100-08-07T12:50:56.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 5:56:04 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'luafv' (10.0, ‎2041‎-‎09‎-‎19T09:13:33.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:04.3829456Z" />
<EventRecordID>86534</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="492" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">5</Data>
<Data Name="DeviceName">luafv</Data>
<Data Name="DeviceTime">2041-09-19T09:13:33.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DHCPv6-Client
Date: 11/08/2022 5:56:04 PM
Event ID: 51046
Task Category: Service State Event
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: Nomu
Description:
DHCPv6 client service is started
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DHCPv6-Client" Guid="{6a1f2b00-6a90-4c38-95a5-5cab3b056778}" />
<EventID>51046</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>4</Task>
<Opcode>62</Opcode>
<Keywords>0x2000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:04.3706824Z" />
<EventRecordID>86533</EventRecordID>
<Correlation />
<Execution ProcessID="1948" ThreadID="2096" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 5:56:04 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'wcifs' (10.0, ‎1989‎-‎06‎-‎10T02:43:09.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:04.3680045Z" />
<EventRecordID>86532</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="512" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">5</Data>
<Data Name="DeviceName">wcifs</Data>
<Data Name="DeviceTime">1989-06-10T02:43:09.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Dhcp-Client
Date: 11/08/2022 5:56:04 PM
Event ID: 50103
Task Category: Service State Event
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: Nomu
Description:
DHCPv4 client registered for shutdown notification
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Dhcp-Client" Guid="{15a7a4f8-0072-4eab-abad-f98a4d666aed}" />
<EventID>50103</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>4</Task>
<Opcode>129</Opcode>
<Keywords>0x2000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:04.3631319Z" />
<EventRecordID>86531</EventRecordID>
<Correlation />
<Execution ProcessID="1948" ThreadID="2020" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Dhcp-Client
Date: 11/08/2022 5:56:04 PM
Event ID: 50036
Task Category: Service State Event
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: Nomu
Description:
DHCPv4 client service is started
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Dhcp-Client" Guid="{15a7a4f8-0072-4eab-abad-f98a4d666aed}" />
<EventID>50036</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>4</Task>
<Opcode>68</Opcode>
<Keywords>0x2000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:04.3631010Z" />
<EventRecordID>86530</EventRecordID>
<Correlation />
<Execution ProcessID="1948" ThreadID="2020" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 5:56:04 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The access history in hive \SystemRoot\System32\Config\BBI was cleared updating 414 keys and creating 84 modified pages.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:04.3077101Z" />
<EventRecordID>86529</EventRecordID>
<Correlation />
<Execution ProcessID="704" ThreadID="1208" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="HiveNameLength">31</Data>
<Data Name="HiveName">\SystemRoot\System32\Config\BBI</Data>
<Data Name="KeysUpdated">414</Data>
<Data Name="DirtyPages">84</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 5:56:04 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The access history in hive \??\C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT was cleared updating 124 keys and creating 19 modified pages.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:04.3076399Z" />
<EventRecordID>86528</EventRecordID>
<Correlation />
<Execution ProcessID="944" ThreadID="736" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="HiveNameLength">54</Data>
<Data Name="HiveName">\??\C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT</Data>
<Data Name="KeysUpdated">124</Data>
<Data Name="DirtyPages">19</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 5:56:03 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The access history in hive \??\C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT was cleared updating 119 keys and creating 16 modified pages.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:03.7962223Z" />
<EventRecordID>86527</EventRecordID>
<Correlation />
<Execution ProcessID="944" ThreadID="948" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="HiveNameLength">56</Data>
<Data Name="HiveName">\??\C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT</Data>
<Data Name="KeysUpdated">119</Data>
<Data Name="DirtyPages">16</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Directory-Services-SAM
Date: 11/08/2022 5:56:03 PM
Event ID: 16983
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The security account manager is now logging periodic summary events for remote clients that call legacy password change or set RPC methods.

For more information please see https://go.microsoft.com/fwlink/?linkid=2150956.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Directory-Services-SAM" Guid="{0d4fdc09-8c27-494a-bda0-505e4fd8adae}" />
<EventID>16983</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:03.7313888Z" />
<EventRecordID>86526</EventRecordID>
<Correlation ActivityID="{139f8b4e-ad8a-0002-b78b-9f138aadd801}" />
<Execution ProcessID="952" ThreadID="956" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="SAMMSG_AUDIT_LEGACY_PWD_RPC_METHODS_OFF">
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Directory-Services-SAM
Date: 11/08/2022 5:56:03 PM
Event ID: 16977
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The domain is configured with the following minimum password length-related settings.

MinimumPasswordLength: 0

RelaxMinimumPasswordLengthLimits: 0

MinimumPasswordLengthAudit: -1

For more information see https://go.microsoft.com/fwlink/?LinkId=2097191.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Directory-Services-SAM" Guid="{0d4fdc09-8c27-494a-bda0-505e4fd8adae}" />
<EventID>16977</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:03.7313856Z" />
<EventRecordID>86525</EventRecordID>
<Correlation ActivityID="{139f8b4e-ad8a-0002-b78b-9f138aadd801}" />
<Execution ProcessID="952" ThreadID="956" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="SAMMSG_MINPWDLEN_SETTINGS_IN_EFFECT">
<Data Name="MinimumPasswordLength">0</Data>
<Data Name="RelaxMinimumPasswordLengthLimits">0</Data>
<Data Name="MinimumPasswordLengthAudit">-1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 5:56:03 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The access history in hive \SystemRoot\System32\Config\SAM was cleared updating 53 keys and creating 5 modified pages.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:03.7274238Z" />
<EventRecordID>86524</EventRecordID>
<Correlation />
<Execution ProcessID="148" ThreadID="740" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="HiveNameLength">31</Data>
<Data Name="HiveName">\SystemRoot\System32\Config\SAM</Data>
<Data Name="KeysUpdated">53</Data>
<Data Name="DirtyPages">5</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Directory-Services-SAM
Date: 11/08/2022 5:56:03 PM
Event ID: 16962
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA).
For more information please see http://go.microsoft.com/fwlink/?LinkId=787651.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Directory-Services-SAM" Guid="{0d4fdc09-8c27-494a-bda0-505e4fd8adae}" />
<EventID>16962</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:03.7255419Z" />
<EventRecordID>86523</EventRecordID>
<Correlation ActivityID="{139f8b4e-ad8a-0002-b78b-9f138aadd801}" />
<Execution ProcessID="952" ThreadID="956" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="SAMMSG_RESTRICT_REMOTE_SAM_DEFAULT_SD">
<Data Name="Default SD String:">O:SYG:SYD:(A;;RC;;;BA)</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 5:56:03 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The access history in hive \SystemRoot\System32\Config\SECURITY was cleared updating 72 keys and creating 4 modified pages.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:03.6589064Z" />
<EventRecordID>86522</EventRecordID>
<Correlation />
<Execution ProcessID="148" ThreadID="724" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="HiveNameLength">36</Data>
<Data Name="HiveName">\SystemRoot\System32\Config\SECURITY</Data>
<Data Name="KeysUpdated">72</Data>
<Data Name="DirtyPages">4</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Wininit
Date: 11/08/2022 5:56:03 PM
Event ID: 14
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Credential Guard configuration: 0x0, 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" />
<EventID>14</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:03.6350525Z" />
<EventRecordID>86521</EventRecordID>
<Correlation />
<Execution ProcessID="872" ThreadID="876" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Config">0</Data>
<Data Name="IsTestConfig">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 5:56:00 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The access history in hive \SystemRoot\System32\Config\DEFAULT was cleared updating 584 keys and creating 116 modified pages.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:00.6937121Z" />
<EventRecordID>86520</EventRecordID>
<Correlation />
<Execution ProcessID="148" ThreadID="736" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="HiveNameLength">35</Data>
<Data Name="HiveName">\SystemRoot\System32\Config\DEFAULT</Data>
<Data Name="KeysUpdated">584</Data>
<Data Name="DirtyPages">116</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Subsys-SMSS
Date: 11/08/2022 5:56:00 PM
Event ID: 17
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
A platform binary was successfully executed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Subsys-SMSS" Guid="{43e63da5-41d1-4fbf-aded-1bbed98fdd1d}" />
<EventID>17</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:00.5101652Z" />
<EventRecordID>86519</EventRecordID>
<Correlation />
<Execution ProcessID="528" ThreadID="532" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 5:56:00 PM
Event ID: 24
Task Category: (11)
Level: Information
Keywords: Time
User: SYSTEM
Computer: Nomu
Description:
The time zone information was refreshed with exit reason 0. Current time zone bias is -240.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>24</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>11</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:00.5095578Z" />
<EventRecordID>86518</EventRecordID>
<Correlation />
<Execution ProcessID="148" ThreadID="760" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ExitReason">0</Data>
<Data Name="CurrentBias">-240</Data>
<Data Name="CurrentTimeZoneID">0</Data>
<Data Name="TimeZoneInfoCacheUpdated">0</Data>
<Data Name="FirstRefresh">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 5:56:00 PM
Event ID: 15
Task Category: (10)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Hive \SystemRoot\System32\Config\SOFTWARE was reorganized with a starting size of 111222784 bytes and an ending size of 103641088 bytes.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>15</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>10</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:56:00.4962590Z" />
<EventRecordID>86517</EventRecordID>
<Correlation />
<Execution ProcessID="148" ThreadID="728" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="HiveNameLength">36</Data>
<Data Name="HiveName">\SystemRoot\System32\Config\SOFTWARE</Data>
<Data Name="OriginalSize">111222784</Data>
<Data Name="NewSize">103641088</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Ntfs
Date: 11/08/2022 5:55:58 PM
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: Nomu
Description:
Volume \\?\Volume{da9d17af-4901-41c5-98af-8479ba1c11ed} (\Device\HarddiskVolume4) is healthy. No action is needed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Ntfs" Guid="{3ff37a1c-a68d-4d6e-8c9b-f79e8b16c482}" />
<EventID>98</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:58.9394731Z" />
<EventRecordID>86516</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriveName">\\?\Volume{da9d17af-4901-41c5-98af-8479ba1c11ed}</Data>
<Data Name="DeviceName">\Device\HarddiskVolume4</Data>
<Data Name="CorruptionActionState">0</Data>
</EventData>
</Event>

Log Name: System
Source: BTHUSB
Date: 11/08/2022 5:55:58 PM
Event ID: 18
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
Windows cannot store Bluetooth authentication codes (link keys) on the local adapter. Bluetooth keyboards might not work in the system BIOS during startup.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="BTHUSB" />
<EventID Qualifiers="16389">18</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:58.5839734Z" />
<EventRecordID>86515</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="432" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Binary>00000800010000000000000012000540000000000000000000000000000000000000000000000000E000000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Netwtw08
Date: 11/08/2022 5:55:58 PM
Event ID: 7017
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
7017 - secure boot (SB) configuration
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Netwtw08" />
<EventID Qualifiers="16384">7017</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:58.2218688Z" />
<EventRecordID>86514</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="432" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>\Device\NDMP1</Data>
<Data>Intel(R) Wireless-AC 9260 160MHz</Data>
<Binary>000014000200440000000000691B00400000000000000000000000000000000000000000000000005744525680002511010000002000000042000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Netwtw08
Date: 11/08/2022 5:55:58 PM
Event ID: 7010
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
7010 - driver enabled (miniport init)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Netwtw08" />
<EventID Qualifiers="16384">7010</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:58.0531553Z" />
<EventRecordID>86513</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="432" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>\Device\NDMP1</Data>
<Data>Intel(R) Wireless-AC 9260 160MHz</Data>
<Binary>00000C0002003C0000000000621B00400000000000000000000000000000000000000000000000000116501500000000958CE102</Binary>
</EventData>
</Event>

Log Name: System
Source: Netwtw08
Date: 11/08/2022 5:55:57 PM
Event ID: 7005
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
7005 - SAR value max TX power (WRDS)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Netwtw08" />
<EventID Qualifiers="16384">7005</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:57.9830921Z" />
<EventRecordID>86512</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="432" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>\Device\NDMP1</Data>
<Data>Intel(R) Wireless-AC 9260 160MHz</Data>
<Binary>0000040002003400000000005D1B0040000000000000000000000000000000000000000000000000FF000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Netwtw08
Date: 11/08/2022 5:55:57 PM
Event ID: 7036
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nomu
Description:
The \Device\NDMP1 service entered the Intel(R) Wireless-AC 9260 160MHz state.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Netwtw08" />
<EventID Qualifiers="16384">7036</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:57.9400526Z" />
<EventRecordID>86511</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="432" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security />
</System>
<EventData>
<Data>\Device\NDMP1</Data>
<Data>Intel(R) Wireless-AC 9260 160MHz</Data>
<Binary>0000080002003800000000007C1B004000000000000000000000000000000000000000000000000057445256B0000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 5:55:57 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 11 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 137
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:57.7930900Z" />
<EventRecordID>86510</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="428" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">11</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">137</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 5:55:57 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 10 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 137
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:57.7304741Z" />
<EventRecordID>86509</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="428" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">10</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">137</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 5:55:57 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 9 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 140
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:57.6992061Z" />
<EventRecordID>86508</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="428" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">9</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">140</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 5:55:57 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 8 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 140
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:57.6523424Z" />
<EventRecordID>86507</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="428" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">8</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">140</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 5:55:57 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 7 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 133
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:57.6210718Z" />
<EventRecordID>86506</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="428" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">7</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">133</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 5:55:57 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 6 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 133
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:57.5742055Z" />
<EventRecordID>86505</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="428" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">6</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">133</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 5:55:57 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 5 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 140
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:57.5429494Z" />
<EventRecordID>86504</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="428" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">5</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">140</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 5:55:57 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 4 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 140
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:57.4960735Z" />
<EventRecordID>86503</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="428" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">4</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">140</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 5:55:57 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 3 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 125
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:57.4648089Z" />
<EventRecordID>86502</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="428" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">3</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">125</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 5:55:57 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 2 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 125
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:57.4179366Z" />
<EventRecordID>86501</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="428" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">2</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">125</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 5:55:57 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 1 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 129
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:57.3866751Z" />
<EventRecordID>86500</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="428" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">1</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">129</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 11/08/2022 5:55:57 PM
Event ID: 55
Task Category: (47)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Processor 0 in group 0 exposes the following power management capabilities:

Idle state type: ACPI Idle (C) States (1 state(s))

Performance state type: ACPI Collaborative Processor Performance Control
Nominal Frequency (MHz): 4200
Maximum performance percentage: 129
Minimum performance percentage: 46
Minimum throttle percentage: 15
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>55</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:57.3398145Z" />
<EventRecordID>86499</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="428" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">0</Data>
<Data Name="IdleStateCount">1</Data>
<Data Name="IdleImplementation">1</Data>
<Data Name="NominalFrequency">4200</Data>
<Data Name="MaximumPerformancePercent">129</Data>
<Data Name="MinimumPerformancePercent">46</Data>
<Data Name="MinimumThrottlePercent">15</Data>
<Data Name="PerformanceImplementation">3</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Ntfs
Date: 11/08/2022 5:55:57 PM
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: Nomu
Description:
Volume D: (\Device\HarddiskVolume6) is healthy. No action is needed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Ntfs" Guid="{3ff37a1c-a68d-4d6e-8c9b-f79e8b16c482}" />
<EventID>98</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:57.1140915Z" />
<EventRecordID>86498</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="432" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriveName">D:</Data>
<Data Name="DeviceName">\Device\HarddiskVolume6</Data>
<Data Name="CorruptionActionState">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 11/08/2022 5:55:56 PM
Event ID: 172
Task Category: (203)
Level: Information
Keywords: (1024),(4)
User: SYSTEM
Computer: Nomu
Description:
Connectivity state in standby: Disconnected, Reason: NIC compliance
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331c3b3a-2005-44c2-ac5e-77220c37d6b4}" />
<EventID>172</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>203</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000404</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:56.9680052Z" />
<EventRecordID>86497</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="516" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="State">2</Data>
<Data Name="Reason">6</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 5:55:56 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'npsvctrig' (10.0, ‎2025‎-‎01‎-‎06T06:41:12.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:56.9390046Z" />
<EventRecordID>86496</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">9</Data>
<Data Name="DeviceName">npsvctrig</Data>
<Data Name="DeviceTime">2025-01-06T06:41:12.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 5:55:56 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'FileCrypt' (10.0, ‎2002‎-‎03‎-‎01T15:12:42.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:56.8900988Z" />
<EventRecordID>86495</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">9</Data>
<Data Name="DeviceName">FileCrypt</Data>
<Data Name="DeviceTime">2002-03-01T15:12:42.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Ntfs
Date: 11/08/2022 5:55:56 PM
Event ID: 98
Task Category: None
Level: Information
Keywords: (2)
User: SYSTEM
Computer: Nomu
Description:
Volume C: (\Device\HarddiskVolume3) is healthy. No action is needed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Ntfs" Guid="{3ff37a1c-a68d-4d6e-8c9b-f79e8b16c482}" />
<EventID>98</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:56.8478986Z" />
<EventRecordID>86494</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="240" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriveName">C:</Data>
<Data Name="DeviceName">\Device\HarddiskVolume3</Data>
<Data Name="CorruptionActionState">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv
Date: 11/08/2022 5:55:56 PM
Event ID: 100
Task Category: Driver
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The following informational event has occurred (0x0, 0x0, 0x0, 0x0).
DeviceStart
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-EnhancedStorage-EhStorTcgDrv" Guid="{aa3aa23b-bb6d-425a-b58c-1d7e37f5d02a}" />
<EventID>100</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>50</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:56.5532584Z" />
<EventRecordID>86493</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="284" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Context">DeviceStart</Data>
<Data Name="Param1">0x0</Data>
<Data Name="Param2">0x0</Data>
<Data Name="Param3">0x0</Data>
<Data Name="Param4">0x0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv
Date: 11/08/2022 5:55:56 PM
Event ID: 12
Task Category: Driver
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
A TCG Silo has returned the capabilities value of 0x7.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-EnhancedStorage-EhStorTcgDrv" Guid="{aa3aa23b-bb6d-425a-b58c-1d7e37f5d02a}" />
<EventID>12</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>50</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:56.5425604Z" />
<EventRecordID>86492</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="284" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Capabilities">0x7</Data>
<Data Name="KeyProtectionMechanism">0x2</Data>
<Data Name="MaxBandCount">9</Data>
<Data Name="BandMetadataSize">1048576</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv
Date: 11/08/2022 5:55:56 PM
Event ID: 100
Task Category: Driver
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The following informational event has occurred (0x0, 0x5, 0x0, 0x0).
D0Entry
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-EnhancedStorage-EhStorTcgDrv" Guid="{aa3aa23b-bb6d-425a-b58c-1d7e37f5d02a}" />
<EventID>100</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>50</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:56.5060517Z" />
<EventRecordID>86491</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="284" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Context">D0Entry</Data>
<Data Name="Param1">0x0</Data>
<Data Name="Param2">0x5</Data>
<Data Name="Param3">0x0</Data>
<Data Name="Param4">0x0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 5:55:56 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'WdFilter' (10.0, ‎2022‎-‎06‎-‎06T17:51:51.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:56.4382741Z" />
<EventRecordID>86490</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">8</Data>
<Data Name="DeviceName">WdFilter</Data>
<Data Name="DeviceTime">2022-06-06T17:51:51.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 5:55:56 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'Wof' (10.0, ‎2024‎-‎08‎-‎23T18:35:41.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:56.4376592Z" />
<EventRecordID>86489</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">3</Data>
<Data Name="DeviceName">Wof</Data>
<Data Name="DeviceTime">2024-08-23T18:35:41.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-FilterManager
Date: 11/08/2022 5:55:56 PM
Event ID: 6
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
File System Filter 'FileInfo' (10.0, ‎2062‎-‎12‎-‎23T09:21:06.000000000Z) has successfully loaded and registered with Filter Manager.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-FilterManager" Guid="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:56.4371268Z" />
<EventRecordID>86488</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="FinalStatus">0x0</Data>
<Data Name="DeviceVersionMajor">10</Data>
<Data Name="DeviceVersionMinor">0</Data>
<Data Name="DeviceNameLength">8</Data>
<Data Name="DeviceName">FileInfo</Data>
<Data Name="DeviceTime">2062-12-23T09:21:06.0000000Z</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-HAL
Date: 11/08/2022 5:55:55 PM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The iommu fault reporting has been initialized.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-HAL" Guid="{63d1e632-95cc-4443-9312-af927761d52a}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:55.4734773Z" />
<EventRecordID>86487</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 5:55:55 PM
Event ID: 20
Task Category: (6)
Level: Information
Keywords: Time
User: SYSTEM
Computer: Nomu
Description:
The leap second configuration has been updated.
Reason: Leap second data initialized from registry during boot
Leap seconds enabled: true
New leap second count: 0
Old leap second count: 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>20</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>6</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:55.4418359Z" />
<EventRecordID>86486</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="UpdateReason">0</Data>
<Data Name="EnabledNew">true</Data>
<Data Name="CountNew">0</Data>
<Data Name="CountOld">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 5:55:55 PM
Event ID: 30
Task Category: (21)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The firmware reported boot metrics.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>30</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>21</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:55.4361459Z" />
<EventRecordID>86485</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ResetEndStart">0</Data>
<Data Name="LoadOSImageStart">0</Data>
<Data Name="StartOSImageStart">7484</Data>
<Data Name="ExitBootServicesEntry">7768</Data>
<Data Name="ExitBootServicesExit">7771</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 5:55:55 PM
Event ID: 27
Task Category: (33)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The boot type was 0x0.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>27</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>33</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:55.4361184Z" />
<EventRecordID>86484</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BootType">0</Data>
<Data Name="LoadOptions"> NOEXECUTE=OPTIN NOVGA</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 5:55:55 PM
Event ID: 25
Task Category: (32)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The boot menu policy was 0x1.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>25</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>32</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:55.4361178Z" />
<EventRecordID>86483</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BootMenuPolicy">1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 5:55:55 PM
Event ID: 238
Task Category: (101)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
EFI time zone bias: 2047. Daylight flags: 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>238</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>101</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:55.4361171Z" />
<EventRecordID>86482</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="EfiTimeZoneBias">2047</Data>
<Data Name="EfiDaylightFlags">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 5:55:55 PM
Event ID: 20
Task Category: (31)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The last shutdown's success status was true. The last boot's success status was true.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>20</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>31</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:55.4360769Z" />
<EventRecordID>86481</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="LastShutdownGood">true</Data>
<Data Name="LastBootGood">true</Data>
<Data Name="LastBootId">223</Data>
<Data Name="BootStatusPolicy">2</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 5:55:55 PM
Event ID: 32
Task Category: (58)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
The bootmgr spent 0 ms waiting for user input.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>32</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>58</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:55.4360273Z" />
<EventRecordID>86480</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BitlockerUserInputTime">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 5:55:55 PM
Event ID: 18
Task Category: (57)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
There are 0x1 boot options on this system.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>18</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>57</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:55.4359871Z" />
<EventRecordID>86479</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="EntryCount">1</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 11/08/2022 5:55:55 PM
Event ID: 153
Task Category: (62)
Level: Information
Keywords:
User: SYSTEM
Computer: Nomu
Description:
Virtualization-based security (policies: 0) is disabled.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" />
<EventID>153</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>62</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:55.4359754Z" />
<EventRecordID>86478</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Status">0</Data>
<Data Name="EnableDisableReason">0</Data>
<Data Name="VsmPolicy">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 11/08/2022 5:55:55 PM
Event ID: 12
Task Category: (1)
Level: Information
Keywords: (128)
User: SYSTEM
Computer: Nomu
Description:
The operating system started at system time ‎2022‎-‎08‎-‎11T13:55:54.500000000Z.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" />
<EventID>12</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000080</Keywords>
<TimeCreated SystemTime="2022-08-11T13:55:55.4359112Z" />
<EventRecordID>86477</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Nomu</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="MajorVersion">10</Data>
<Data Name="MinorVersion">0</Data>
<Data Name="BuildVersion">19041</Data>
<Data Name="QfeVersion">1865</Data>
<Data Name="ServiceVersion">0</Data>
<Data Name="BootMode">0</Data>
<Data Name="StartTime">2022-08-11T13:55:54.5000000Z</Data>
</EventData>

</Event>

my pc has been restarting alot the last few weeks, everytime i go afk it unexpectdly restarts and the screens stays black, i have to either replug the hdmi cables from the gpu or restart the pc from the power button. I tried using the event viewer but i couldn't understand it alot and i hope someone could help me. one thing to note is that i am using some hdmi to display port adaptors on my gpu.

here are the logs

Update: i just touched the PSU and saw the 4 lights above the pcie cable input flash a few times then it restarted. im using an evga rtx 3080 ftw3

TylerD321 · August 11, 2022

Edit your post and put the big block of log file inside of a spoiler so people don't have to scroll the whole way down to respond to you. It is the eye icon to the left of the bullet point icon.

Spoiler

See, it works.

Nomu_u · August 11, 2022

26 minutes ago, TylerD321 said:

Edit your post and put the big block of log file inside of a spoiler so people don't have to scroll the whole way down to respond to you. It is the eye icon to the left of the bullet point icon.

Reveal hidden contents

See, it works.

thanks

SpookyCitrus · August 11, 2022

I'm just going to throw this out there because it's a common issue with Windows 10. If you have Sleep or Hibernate enabled in the power and sleep settings and then fastboot enabled at the same time in bios it can bug Windows to where when the computer goes into Sleep or Hibernate it doesn't wake up and the computer needs to be reset via power or reset buttons to wake up. I would go into your Power and Sleep settings in Windows and set everything with a timer to Never. Since it only happens when you are AFK that lets us know it's likely a Sleep issue. If you have a desktop computer there is no need for Sleep or Hibernate anyway, just turn it off when you aren't going to be using it or only have the monitor turn off when you are AFK disable the sleep options entirely, with desktop computers you don't even need it as you're not trying to conserve battery power. Also make sure your power plan is on High Performance.

Nomu_u · August 11, 2022

3 minutes ago, SpookyCitrus said:

I'm just going to throw this out there because it's a common issue with Windows 10. If you have Sleep or Hibernate enabled in the power and sleep settings and then fastboot enabled at the same time in bios it can bug Windows to where when the computer goes into Sleep or Hibernate it doesn't wake up and the computer needs to be reset via power or reset buttons to wake up. I would go into your Power and Sleep settings in Windows and set everything with a timer to Never. Since it only happens when you are AFK that lets us know it's likely a Sleep issue. If you have a desktop computer there is no need for Sleep or Hibernate anyway, just turn it off when you aren't going to be using it or only have the monitor turn off when you are AFK disable the sleep options entirely, with desktop computers you don't even need it as you're not trying to conserve battery power. Also make sure your power plan is on High Performance.

i have it set hibernate and sleep to never already and i have fastboot off, it did restart on me while using it 30 minutes ago and it went on a restart loop, when i tried using the power button it flashed a red light for a few times which i think is a power supply issue so i checked the wire and plugged it in another socket for now.

SpookyCitrus · August 11, 2022

2 hours ago, Nomu_u said:

i have it set hibernate and sleep to never already and i have fastboot off, it did restart on me while using it 30 minutes ago and it went on a restart loop, when i tried using the power button it flashed a red light for a few times which i think is a power supply issue so i checked the wire and plugged it in another socket for now.

Definitely could be a PSU issue, what make and model is it?

Nomu_u · August 12, 2022

9 hours ago, SpookyCitrus said:

Definitely could be a PSU issue, what make and model is it?

it's Corsair RM Series RM850 80 PLUS Gold Fully Modular ATX

Sign In

Pc randomly restarts

Link to comment

Share on other sites

Link to post

Share on other sites

Link to comment

Share on other sites

Link to post

Share on other sites

Link to comment

Share on other sites

Link to post

Share on other sites

Link to comment

Share on other sites

Link to post

Share on other sites

Link to comment

Share on other sites

Link to post

Share on other sites

Link to comment

Share on other sites

Link to post

Share on other sites

Link to comment

Share on other sites

Link to post

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Topics

Latest From Linus Tech Tips:

The Humble PC

Latest From Tech Quickie:

What Are the Download Speeds in Space?

Latest From TechLinked:

Goodbye, TikTok

Latest From GameLinked:

Video Games Are Dying.

Latest From ShortCircuit:

The World's Fastest CPU (Technically...) - Intel i9-14900KS

Latest From Mac Address:

Why did you buy an Apple Vision Pro?

Latest From Channel Super Fun:

I Swapped the CEO's Assistant For a Day!