| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| The Software Protection service has stopped.
| 903 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 512 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 3:42:32 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully scheduled Software Protection service for re-start at 2021-05-29T15:41:32Z. Reason: TBL. | 16384 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 511 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 3:42:32 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has started.
10.0.14393.351 | 902 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 510 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 3:42:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Time-based license remaining validity time 259030 minutes. | 1037 | 0 | 32768 | 4 | 0 | 0 | 36028797018963968 | 509 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 3:42:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0x00000000 180 259030)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 508 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 3:42:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initialization status for service objects.
C:\windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
| 1066 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 507 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 3:42:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service is starting.
Parameters:caller=wlms.exe | 900 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 506 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 3:42:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has stopped.
| 903 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 505 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 3:12:32 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully scheduled Software Protection service for re-start at 2021-05-29T15:11:32Z. Reason: TBL. | 16384 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 504 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 3:12:32 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has started.
10.0.14393.351 | 902 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 503 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 3:12:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Time-based license remaining validity time 259060 minutes. | 1037 | 0 | 32768 | 4 | 0 | 0 | 36028797018963968 | 502 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 3:12:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0x00000000 180 259060)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 501 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 3:12:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initialization status for service objects.
C:\windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
| 1066 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 500 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 3:12:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service is starting.
Parameters:caller=wlms.exe | 900 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 499 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 3:12:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has stopped.
| 903 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 498 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 2:42:32 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully scheduled Software Protection service for re-start at 2021-05-29T14:41:32Z. Reason: TBL. | 16384 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 497 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 2:42:32 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has started.
10.0.14393.351 | 902 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 496 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 2:42:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Time-based license remaining validity time 259090 minutes. | 1037 | 0 | 32768 | 4 | 0 | 0 | 36028797018963968 | 495 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 2:42:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0x00000000 180 259090)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 494 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 2:42:02 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initialization status for service objects.
C:\windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
| 1066 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 493 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 2:42:01 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service is starting.
Parameters:caller=wlms.exe | 900 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 492 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 2:42:01 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has stopped.
| 903 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 491 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 2:12:31 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully scheduled Software Protection service for re-start at 2021-05-29T14:11:31Z. Reason: TBL. | 16384 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 490 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 2:12:31 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has started.
10.0.14393.351 | 902 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 489 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 2:12:01 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Time-based license remaining validity time 259120 minutes. | 1037 | 0 | 32768 | 4 | 0 | 0 | 36028797018963968 | 488 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 2:12:01 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0x00000000 180 259120)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 487 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 2:12:01 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initialization status for service objects.
C:\windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
| 1066 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 486 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 2:12:01 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service is starting.
Parameters:caller=wlms.exe | 900 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 485 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 2:12:01 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service. | 1000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 484 | Microsoft-Windows-LoadPerf | 122ee297-bb47-41ae-b265-1ca8d1886d40 | Application | 812 | 980 | n-h1-792458-3.cbci-792458-3.local | S-1-5-18 | 5/28/2021 1:50:00 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has stopped.
| 903 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 483 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:44:34 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully scheduled Software Protection service for re-start at 2021-05-29T13:43:34Z. Reason: TBL. | 16384 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 482 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:44:34 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has started.
10.0.14393.351 | 902 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 481 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:44:04 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Time-based license remaining validity time 259148 minutes. | 1037 | 0 | 32768 | 4 | 0 | 0 | 36028797018963968 | 480 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:44:04 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0x00000000 180 259148)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 479 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:44:04 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initialization status for service objects.
C:\windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
| 1066 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 478 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:44:04 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service is starting.
Parameters:<none> | 900 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 477 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:44:04 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSDTC started with the following settings:
Security Configuration (OFF = 0 and ON = 1):
Allow Remote Administrator = 0,
Network Clients = 0,
Transaction Manager Communication:
Allow Inbound Transactions = 0,
Allow Outbound Transactions = 0,
Transaction Internet Protocol (TIP) = 0,
Enable XA Transactions = 0,
Enable SNA LU 6.2 Transactions = 1,
MSDTC Communications Security = Mutual Authentication Required,
Account = NT AUTHORITY\NetworkService,
Firewall Exclusion Detected = 0
Transaction Bridge Installed = 0
Filtering Duplicate Events = 1
| 4202 | 0 | 16384 | 4 | 2 | 0 | 36028797018963968 | 476 | Microsoft-Windows-MSDTC 2 | 5d9e0020-3761-4f36-90c8-38ce6511bd12 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:44:04 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | TM | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 0 | | 0 | 4 | 0 | | 36028797018963968 | 475 | neutron-hyperv-agent | | Application | | | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:42:55 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | | | | | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 0 | | 0 | 4 | 0 | | 36028797018963968 | 474 | nova-compute | | Application | | | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:42:52 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | | | | | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Search Service has created default configuration for new user 'CBCI-792458-3\administrator' .
| 5 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 473 | Microsoft-Windows-Search-ProfileNotify | fc6f77dd-769a-470e-bcf9-1b6555a118be | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:42:50 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has stopped.
| 903 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 472 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:42:42 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully scheduled Software Protection service for re-start at 2021-05-29T13:41:41Z. Reason: TBL. | 16384 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 471 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:42:42 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Fault bucket 1497127695252583348, type 4
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: MsMpEng.exe
P2: 4.12.17007.18011
P3: 3e7f7c1a
P4: mprtp.dll
P5: 4.12.17007.18011
P6: ddfec2bf
P7: c0000005
P8: 0000000000020c85
P9:
P10:
Attached files:
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_MsMpEng.exe_1e275f8ea419f840d62fae9d203a12d968974733_b782b474_12a09a0d
Analysis symbol:
Rechecking for solution: 0
Report Id: 1d81f6cd-20cf-4a27-ab28-5fc9726bdecc
Report Status: 0
Hashed bucket: 46637d44318416aa74c6ddb4eaedf3b4 | 1001 | | 0 | 4 | 0 | | 36028797018963968 | 470 | Windows Error Reporting | | Application | | | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:42:27 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: MsMpEng.exe
P2: 4.12.17007.18011
P3: 3e7f7c1a
P4: mprtp.dll
P5: 4.12.17007.18011
P6: ddfec2bf
P7: c0000005
P8: 0000000000020c85
P9:
P10:
Attached files:
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MsMpEng.exe_1e275f8ea419f840d62fae9d203a12d968974733_b782b474_0fb0929b
Analysis symbol:
Rechecking for solution: 0
Report Id: 1d81f6cd-20cf-4a27-ab28-5fc9726bdecc
Report Status: 4
Hashed bucket: | 1001 | | 0 | 4 | 0 | | 36028797018963968 | 469 | Windows Error Reporting | | Application | | | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:42:25 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Faulting application name: MsMpEng.exe, version: 4.12.17007.18011, time stamp: 0x3e7f7c1a
Faulting module name: mprtp.dll, version: 4.12.17007.18011, time stamp: 0xddfec2bf
Exception code: 0xc0000005
Fault offset: 0x0000000000020c85
Faulting process id: 0x970
Faulting application start time: 0x01d753c73c286b13
Faulting application path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\mprtp.dll
Report Id: 1d81f6cd-20cf-4a27-ab28-5fc9726bdecc
Faulting package full name:
Faulting package-relative application ID: | 1000 | | 0 | 2 | 100 | | 36028797018963968 | 468 | Application Error | | Application | | | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:42:25 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | Application Crashing Events | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 0 | | 0 | 4 | 0 | | 36028797018963968 | 467 | cloudbase-init | | Application | | | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:42:20 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | | | | | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Security policy in the Group policy objects has been applied successfully. | 1704 | | 16384 | 4 | 0 | | 36028797018963968 | 466 | SceCli | | Application | | | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:42:04 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Management Instrumentation Service subsystems initialized successfully | 5617 | 2 | | 4 | 0 | 0 | -9223372036854775808 | 465 | Microsoft-Windows-WMI | 1edeee53-0afe-4609-b846-d8c0b2075b1f | Application | 1476 | 2816 | n-h1-792458-3.cbci-792458-3.local | S-1-5-18 | 5/28/2021 1:42:03 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 0 | | 0 | 4 | 0 | | 36028797018963968 | 464 | cloudbase-init | | Application | | | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:42:01 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | | | | | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has started.
10.0.14393.351 | 902 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 463 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:42:01 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Time-based license remaining validity time 259150 minutes. | 1037 | 0 | 32768 | 4 | 0 | 0 | 36028797018963968 | 462 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:42:01 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0x00000000 180 259150)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 461 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:42:01 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initialization status for service objects.
C:\windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
| 1066 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 460 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:42:01 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service is starting.
Parameters:caller=wlms.exe | 900 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 459 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3.cbci-792458-3.local | | 5/28/2021 1:42:01 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Management Instrumentation Service started sucessfully | 5615 | 2 | | 4 | 0 | 0 | -9223372036854775808 | 458 | Microsoft-Windows-WMI | 1edeee53-0afe-4609-b846-d8c0b2075b1f | Application | 1476 | 1552 | n-h1-792458-3.cbci-792458-3.local | S-1-5-18 | 5/28/2021 1:41:59 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The User Profile Service has started successfully.
| 1531 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 457 | Microsoft-Windows-User Profiles Service | 89b1e9f0-5aff-44a6-9b44-0a07a7ce5845 | Application | 1476 | 1504 | n-h1-792458-3.cbci-792458-3.local | S-1-5-18 | 5/28/2021 1:41:59 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The User Profile Service has stopped.
| 1532 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 456 | Microsoft-Windows-User Profiles Service | 89b1e9f0-5aff-44a6-9b44-0a07a7ce5845 | Application | 616 | 1728 | n-h1-792458-3.cbci-792458-3.local | S-1-5-18 | 5/28/2021 1:41:38 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The MS DTC service is stopping. | 4111 | 0 | 16384 | 4 | 1 | 0 | 36028797018963968 | 455 | Microsoft-Windows-MSDTC | 719be4ed-e9bc-4dd8-a7cf-c85ce8e4975d | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 1:41:38 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | SVC | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The VSS service is shutting down due to shutdown event from the Service Control Manager. | 8225 | | 0 | 4 | 0 | | 36028797018963968 | 454 | VSS | | Application | | | n-h1-792458-3 | | 5/28/2021 1:41:38 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has stopped.
| 903 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 453 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 1:18:12 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully scheduled Software Protection service for re-start at 2021-05-29T13:17:12Z. Reason: TBL. | 16384 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 452 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 1:18:12 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has started.
10.0.14393.351 | 902 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 451 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 1:17:42 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Time-based license remaining validity time 259174 minutes. | 1037 | 0 | 32768 | 4 | 0 | 0 | 36028797018963968 | 450 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 1:17:42 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0x00000000 180 259174)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 449 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 1:17:42 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initialization status for service objects.
C:\windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
| 1066 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 448 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 1:17:42 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service is starting.
Parameters:caller=wlms.exe | 900 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 447 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 1:17:42 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service. | 1000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 446 | Microsoft-Windows-LoadPerf | 122ee297-bb47-41ae-b265-1ca8d1886d40 | Application | 4944 | 3152 | n-h1-792458-3 | S-1-5-18 | 5/28/2021 1:07:00 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service. | 1000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 445 | Microsoft-Windows-LoadPerf | 122ee297-bb47-41ae-b265-1ca8d1886d40 | Application | 3168 | 3180 | n-h1-792458-3 | S-1-5-18 | 5/28/2021 12:57:01 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Ending session 0 started ?2021?-?05?-?28T12:53:16.110163700Z. | 10001 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 444 | Microsoft-Windows-RestartManager | 0888e5ef-9b98-4695-979d-e92ce4247224 | Application | 2816 | 3460 | n-h1-792458-3 | S-1-5-21-1811773281-4133515735-2038459566-1001 | 5/28/2021 12:53:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Ending a Windows Installer transaction: C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi. Client Process Id: 2888. | 1042 | | 0 | 4 | 0 | | 36028797018963968 | 443 | MsiInstaller | | Application | | | n-h1-792458-3 | S-1-5-18 | 5/28/2021 12:53:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting session 0 - ?2021?-?05?-?28T12:53:16.110163700Z. | 10000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 442 | Microsoft-Windows-RestartManager | 0888e5ef-9b98-4695-979d-e92ce4247224 | Application | 2816 | 4724 | n-h1-792458-3 | S-1-5-21-1811773281-4133515735-2038459566-1001 | 5/28/2021 12:53:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Ending session 0 started ?2021?-?05?-?28T12:53:15.594569500Z. | 10001 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 441 | Microsoft-Windows-RestartManager | 0888e5ef-9b98-4695-979d-e92ce4247224 | Application | 2816 | 3460 | n-h1-792458-3 | S-1-5-21-1811773281-4133515735-2038459566-1001 | 5/28/2021 12:53:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting session 0 - ?2021?-?05?-?28T12:53:15.594569500Z. | 10000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 440 | Microsoft-Windows-RestartManager | 0888e5ef-9b98-4695-979d-e92ce4247224 | Application | 2816 | 4088 | n-h1-792458-3 | S-1-5-21-1811773281-4133515735-2038459566-1001 | 5/28/2021 12:53:15 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Installer installed the product. Product Name: Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030. Product Version: 11.0.61030. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0. | 1033 | | 0 | 4 | 0 | | 36028797018963968 | 439 | MsiInstaller | | Application | | | n-h1-792458-3 | S-1-5-21-1811773281-4133515735-2038459566-1001 | 5/28/2021 12:53:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Product: Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 -- Installation completed successfully. | 11707 | | 0 | 4 | 0 | | 36028797018963968 | 438 | MsiInstaller | | Application | | | n-h1-792458-3 | S-1-5-21-1811773281-4133515735-2038459566-1001 | 5/28/2021 12:53:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Beginning a Windows Installer transaction: C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi. Client Process Id: 2888. | 1040 | | 0 | 4 | 0 | | 36028797018963968 | 437 | MsiInstaller | | Application | | | n-h1-792458-3 | S-1-5-21-1811773281-4133515735-2038459566-1001 | 5/28/2021 12:53:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Ending a Windows Installer transaction: C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi. Client Process Id: 2888. | 1042 | | 0 | 4 | 0 | | 36028797018963968 | 436 | MsiInstaller | | Application | | | n-h1-792458-3 | S-1-5-18 | 5/28/2021 12:53:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Installer installed the product. Product Name: Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030. Product Version: 11.0.61030. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0. | 1033 | | 0 | 4 | 0 | | 36028797018963968 | 435 | MsiInstaller | | Application | | | n-h1-792458-3 | S-1-5-21-1811773281-4133515735-2038459566-1001 | 5/28/2021 12:53:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Product: Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 -- Installation completed successfully. | 11707 | | 0 | 4 | 0 | | 36028797018963968 | 434 | MsiInstaller | | Application | | | n-h1-792458-3 | S-1-5-21-1811773281-4133515735-2038459566-1001 | 5/28/2021 12:53:16 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Beginning a Windows Installer transaction: C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi. Client Process Id: 2888. | 1040 | | 0 | 4 | 0 | | 36028797018963968 | 433 | MsiInstaller | | Application | | | n-h1-792458-3 | S-1-5-21-1811773281-4133515735-2038459566-1001 | 5/28/2021 12:53:15 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Installer reconfigured the product. Product Name: Cloudbase-Init 0.9.12.dev26. Product Version: 0.9.12.0. Product Language: 1033. Manufacturer: Cloudbase Solutions Srl. Reconfiguration success or error status: 0. | 1035 | | 0 | 4 | 0 | | 36028797018963968 | 432 | MsiInstaller | | Application | | | n-h1-792458-3 | S-1-5-18 | 5/28/2021 12:53:08 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting session 0 - ?2021?-?05?-?28T12:52:39.500994400Z. | 10000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 431 | Microsoft-Windows-RestartManager | 0888e5ef-9b98-4695-979d-e92ce4247224 | Application | 500 | 108 | n-h1-792458-3 | S-1-5-21-1811773281-4133515735-2038459566-1001 | 5/28/2021 12:52:39 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting session 0 - ?2021?-?05?-?28T12:52:39.460638600Z. | 10000 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 430 | Microsoft-Windows-RestartManager | 0888e5ef-9b98-4695-979d-e92ce4247224 | Application | 500 | 108 | n-h1-792458-3 | S-1-5-21-1811773281-4133515735-2038459566-1001 | 5/28/2021 12:52:39 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto update of third-party root certificate:: Subject: <CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3> Sha1 thumbprint: <D69B561148F01C77C54578C10926DF5B856976AD>. | 4097 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 429 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1328 | 1660 | n-h1-792458-3 | | 5/28/2021 12:52:10 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has stopped.
| 903 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 428 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:45 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully scheduled Software Protection service for re-start at 2021-05-29T12:50:45Z. Reason: TBL. | 16384 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 427 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:45 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto update of third-party root list with effective date: ?Wednesday, ?May ?19, ?2021 7:15:03 PM. | 4111 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 426 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1328 | 1132 | n-h1-792458-3 | | 5/28/2021 12:51:18 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto property update of third-party root certificate:: Subject: <CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE> Sha1 thumbprint: <02FAF3E291435468607857694DF5E45B68851868>. | 4109 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 425 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1328 | 1132 | n-h1-792458-3 | | 5/28/2021 12:51:18 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto property update of third-party root certificate:: Subject: <CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US> Sha1 thumbprint: <4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5>. | 4109 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 424 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1328 | 1132 | n-h1-792458-3 | | 5/28/2021 12:51:18 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto property update of third-party root certificate:: Subject: <OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US> Sha1 thumbprint: <742C3192E607E424EB4549542BE1BBC53E6174E2>. | 4109 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 423 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1328 | 1132 | n-h1-792458-3 | | 5/28/2021 12:51:18 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto property update of third-party root certificate:: Subject: <CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US> Sha1 thumbprint: <A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436>. | 4109 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 422 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1328 | 1132 | n-h1-792458-3 | | 5/28/2021 12:51:18 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto property update of third-party root certificate:: Subject: <CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE> Sha1 thumbprint: <D4DE20D05E66FC53FE1A50882C78DB2852CAE474>. | 4109 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 421 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1328 | 1132 | n-h1-792458-3 | | 5/28/2021 12:51:18 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto property update of third-party root certificate:: Subject: <CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US> Sha1 thumbprint: <DF3C24F9BFD666761B268073FE06D1CC8D4F82A4>. | 4109 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 420 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1328 | 1132 | n-h1-792458-3 | | 5/28/2021 12:51:18 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| SLUI.exe was launched with the following command-line parameters:
RuleId=379cccfb-d4e0-48fe-b0f2-0136097be147;Action=CleanupState;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4;Trigger=TimerEvent | 8197 | 0 | 49152 | 4 | 0 | 0 | 36028797018963968 | 419 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:15 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The rules engine successfully re-evaluated the schedule.
Kernel policies:
Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2021/11/24:12:51:14;LastConsumptionReason=0x4004fc04;LastNotificationId=Cleanup;LicenseState=SL_LICENSING_STATUS_LICENSED;PartialProductKey=TVKQ6;ProductKeyType=Retail:TB:Eval;SkuId=9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4;ruleId=379cccfb-d4e0-48fe-b0f2-0136097be147;uxDifferentiator=TIMEBASED_EVAL | 8230 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 418 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:15 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| SLUI.exe was launched with the following command-line parameters:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4;NotificationInterval=1440;Trigger=TimerEvent | 8197 | 0 | 49152 | 4 | 0 | 0 | 36028797018963968 | 417 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:14 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Time-based license remaining validity time 259200 minutes. | 1037 | 0 | 32768 | 4 | 0 | 0 | 36028797018963968 | 416 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:14 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0x00000000 180 259200)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 415 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:14 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)( 9 0x00000000 180 259200)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 )]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 414 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:14 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| These policies are being excluded since they are only defined with override-only attribute.
Policy Names=(Security-SPP-Reserved-EnableNotificationMode)
App Id=55c92734-d682-4d71-983e-d6ec3f16059f
Sku Id=9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4 | 1033 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 413 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:14 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Duplicate definition of policy found. Policy name=Security-SPP-Reserved-LicenseProperties Priority=100 | 1034 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 412 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:14 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Validity period has been started. Validity minutes=259200 Grace type=9. | 1036 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 411 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:14 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The MSA client has been successfully triggered to update the Device License | 12311 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 410 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:13 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully acquired genuine ticket for template Id {99d92734-d682-4d71-983e-d6ec3f16059f} | 12304 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 409 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:11 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Genuine state set to genuine for application Id 55c92734-d682-4d71-983e-d6ec3f16059f | 12305 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 408 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:11 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Genuine validation data collection ended.
| 20489 | 0 | 49152 | 4 | 0 | 0 | 36028797018963968 | 407 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:10 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Duplicate definition of policy found. Policy name=Security-SPP-WriteWauMarker Priority=500 | 1034 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 406 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:10 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Health check passed.
| 20482 | 0 | 49152 | 4 | 0 | 0 | 36028797018963968 | 405 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:09 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Health check initiated.
| 20481 | 0 | 49152 | 4 | 0 | 0 | 36028797018963968 | 404 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:09 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Genuine validation data collection started.
| 20488 | 0 | 49152 | 4 | 0 | 0 | 36028797018963968 | 403 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:08 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Genuine information set for application. 0x00000000, 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, SL_ACTIVATION_VALIDATION_IN_PROGRESS.
| 1067 | 0 | 32768 | 4 | 0 | 0 | 36028797018963968 | 402 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:07 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has successfully installed the license.
License Title=XrML 2.1 License - {msft:sl/EUL/ACTIVATED/PRIVATE}
License Id=c3468277-09a8-4839-8a7f-0dcbe0d37240 | 1004 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 401 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:07 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has successfully installed the license.
License Title=XrML 2.1 License - {msft:sl/EUL/ACTIVATED/PUBLIC}
License Id=88c587c6-0ac1-458d-a801-e91979cb4a81 | 1004 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 400 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:07 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Acquisition of End User License was successful.
Sku Id=9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4 | 1013 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 399 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:07 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto update of third-party root certificate:: Subject: <CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US> Sha1 thumbprint: <DF3C24F9BFD666761B268073FE06D1CC8D4F82A4>. | 4097 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 398 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1328 | 1656 | n-h1-792458-3 | | 5/28/2021 12:51:05 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The rules engine successfully re-evaluated the schedule.
Kernel policies:
Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;GraceEndDate=2021/06/07:12:47:03;LastConsumptionReason=0x4004f00c;LastNotificationId=NeverActivated;LicenseState=SL_LICENSING_STATUS_IN_GRACE_PERIOD;PartialProductKey=TVKQ6;ProductKeyType=Retail:TB:Eval;SkuId=9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4;ruleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;uxDifferentiator=TIMEBASED_EVAL | 8230 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 397 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:51:03 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSDTC started with the following settings:
Security Configuration (OFF = 0 and ON = 1):
Allow Remote Administrator = 0,
Network Clients = 0,
Transaction Manager Communication:
Allow Inbound Transactions = 0,
Allow Outbound Transactions = 0,
Transaction Internet Protocol (TIP) = 0,
Enable XA Transactions = 0,
Enable SNA LU 6.2 Transactions = 1,
MSDTC Communications Security = Mutual Authentication Required,
Account = NT AUTHORITY\NetworkService,
Firewall Exclusion Detected = 0
Transaction Bridge Installed = 0
Filtering Duplicate Events = 1
| 4202 | 0 | 16384 | 4 | 2 | 0 | 36028797018963968 | 396 | Microsoft-Windows-MSDTC 2 | 5d9e0020-3761-4f36-90c8-38ce6511bd12 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:49:43 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | TM | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. | 1008 | 0 | 49152 | 2 | 0 | 0 | 36028797018963968 | 395 | Microsoft-Windows-Perflib | 13b197bd-7cee-4b4e-8dd0-59314ce374ce | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:48:57 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Fault bucket 1497127695252583348, type 4
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: MsMpEng.exe
P2: 4.12.17007.18011
P3: 3e7f7c1a
P4: mprtp.dll
P5: 4.12.17007.18011
P6: ddfec2bf
P7: c0000005
P8: 0000000000020c85
P9:
P10:
Attached files:
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_MsMpEng.exe_1e275f8ea419f840d62fae9d203a12d968974733_b782b474_0ab96d99
Analysis symbol:
Rechecking for solution: 0
Report Id: 58b73c88-010c-4ad7-9201-68c5afd3ab5b
Report Status: 0
Hashed bucket: 46637d44318416aa74c6ddb4eaedf3b4 | 1001 | | 0 | 4 | 0 | | 36028797018963968 | 394 | Windows Error Reporting | | Application | | | n-h1-792458-3 | | 5/28/2021 12:48:53 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: MsMpEng.exe
P2: 4.12.17007.18011
P3: 3e7f7c1a
P4: mprtp.dll
P5: 4.12.17007.18011
P6: ddfec2bf
P7: c0000005
P8: 0000000000020c85
P9:
P10:
Attached files:
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MsMpEng.exe_1e275f8ea419f840d62fae9d203a12d968974733_b782b474_0cd566a4
Analysis symbol:
Rechecking for solution: 0
Report Id: 58b73c88-010c-4ad7-9201-68c5afd3ab5b
Report Status: 4
Hashed bucket: | 1001 | | 0 | 4 | 0 | | 36028797018963968 | 393 | Windows Error Reporting | | Application | | | n-h1-792458-3 | | 5/28/2021 12:48:51 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Faulting application name: MsMpEng.exe, version: 4.12.17007.18011, time stamp: 0x3e7f7c1a
Faulting module name: mprtp.dll, version: 4.12.17007.18011, time stamp: 0xddfec2bf
Exception code: 0xc0000005
Fault offset: 0x0000000000020c85
Faulting process id: 0x96c
Faulting application start time: 0x01d753bfa633557a
Faulting application path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\mprtp.dll
Report Id: 58b73c88-010c-4ad7-9201-68c5afd3ab5b
Faulting package full name:
Faulting package-relative application ID: | 1000 | | 0 | 2 | 100 | | 36028797018963968 | 392 | Application Error | | Application | | | n-h1-792458-3 | | 5/28/2021 12:48:51 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | Application Crashing Events | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 0 | | 0 | 4 | 0 | | 36028797018963968 | 391 | cloudbase-init | | Application | | | n-h1-792458-3 | | 5/28/2021 12:48:38 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | | | | | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 1 [(0 )(1 )(2 )(3 [0x00000000, 0, 1], [(?)( 1 0x00000000)( 6 0x00000000 10 14398)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 390 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:48:27 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Profile notification of event Create for component {DE3F3560-3032-41B4-B6CF-F703B1B95640} failed, error code is Access is denied.
.
| 1534 | 0 | | 3 | 0 | 0 | -9223372036854775808 | 389 | Microsoft-Windows-User Profiles Service | 89b1e9f0-5aff-44a6-9b44-0a07a7ce5845 | Application | 616 | 548 | n-h1-792458-3 | S-1-5-21-1811773281-4133515735-2038459566-1000 | 5/28/2021 12:48:26 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Search Service failed to create default configuration for new user 'N-H1-792458-3\Admin' in response to user profile creation. Error code 0x80070005.
Access is denied.
. | 6 | 0 | 49152 | 2 | 0 | 0 | 36028797018963968 | 388 | Microsoft-Windows-Search-ProfileNotify | fc6f77dd-769a-470e-bcf9-1b6555a118be | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:48:26 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 0 | | 0 | 4 | 0 | | 36028797018963968 | 387 | cloudbase-init | | Application | | | n-h1-792458-3 | | 5/28/2021 12:47:50 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | | | | | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Search Service has created default configuration for new user 'N-H1-792458-3\cloudbase-init' .
| 5 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 386 | Microsoft-Windows-Search-ProfileNotify | fc6f77dd-769a-470e-bcf9-1b6555a118be | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:47:48 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto update of third-party root certificate:: Subject: <CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US> Sha1 thumbprint: <A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436>. | 4097 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 385 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1328 | 1360 | n-h1-792458-3 | | 5/28/2021 12:47:45 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Management Instrumentation Service subsystems initialized successfully | 5617 | 2 | | 4 | 0 | 0 | -9223372036854775808 | 384 | Microsoft-Windows-WMI | 1edeee53-0afe-4609-b846-d8c0b2075b1f | Application | 616 | 532 | n-h1-792458-3 | S-1-5-18 | 5/28/2021 12:47:42 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Management Instrumentation Service started sucessfully | 5615 | 2 | | 4 | 0 | 0 | -9223372036854775808 | 383 | Microsoft-Windows-WMI | 1edeee53-0afe-4609-b846-d8c0b2075b1f | Application | 616 | 948 | n-h1-792458-3 | S-1-5-18 | 5/28/2021 12:47:41 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The User Profile Service has started successfully.
| 1531 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 382 | Microsoft-Windows-User Profiles Service | 89b1e9f0-5aff-44a6-9b44-0a07a7ce5845 | Application | 616 | 1728 | n-h1-792458-3 | S-1-5-18 | 5/28/2021 12:47:39 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 0 [(0 )(1 )(2 )(3 [0x00000000, 0, 1], [(?)( 1 0x00000000)( 6 0x00000000 10 14399)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 381 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:47:41 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Duplicate definition of policy found. Policy name=Security-SPP-WriteWauMarker Priority=500 | 1034 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 380 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:47:41 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Proof of Purchase installed successfully.
ACID=9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4
PKeyId=771fdd12-cf29-6d27-eb0d-9c7435943845 | 1016 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 379 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:47:41 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. | 4625 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 378 | Microsoft-Windows-EventSystem | 899daace-4868-4295-afcd-9eb8fb497561 | Application | 0 | 0 | n-h1-792458-3 | | 5/28/2021 12:47:41 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The User Profile Service has stopped.
| 1532 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 377 | Microsoft-Windows-User Profiles Service | 89b1e9f0-5aff-44a6-9b44-0a07a7ce5845 | Application | 520 | 1468 | WIN-5T344G8GM1H | S-1-5-18 | 5/28/2021 12:47:07 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The VSS service is shutting down due to shutdown event from the Service Control Manager. | 8225 | | 0 | 4 | 0 | | 36028797018963968 | 376 | VSS | | Application | | | WIN-5T344G8GM1H | | 5/28/2021 12:47:07 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has stopped.
| 903 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 375 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 5/28/2021 12:47:07 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Volume Shadow Copy Service: Writer with name Microsoft Hyper-V VSS Writer and ID {66841cd4-6ded-4f4b-8f17-fd23f8ddc3de} attempted to subscribe during setup.
Operation:
Initializing Writer
Context:
Writer Class Id: {66841cd4-6ded-4f4b-8f17-fd23f8ddc3de}
Writer Name: Microsoft Hyper-V VSS Writer | 8212 | | 0 | 4 | 0 | | 36028797018963968 | 374 | VSS | | Application | | | WIN-5T344G8GM1H | | 5/28/2021 12:46:22 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successful auto update of disallowed certificate list with effective date: ?Tuesday, ?March ?16, ?2021 7:29:24 AM. | 4112 | 0 | 0 | 4 | 0 | 0 | -9187343239835811840 | 373 | Microsoft-Windows-CAPI2 | 5bbca4a8-b209-48dc-a8c7-b23d3e5216fb | Application | 1676 | 1800 | WIN-5T344G8GM1H | | 5/28/2021 12:46:17 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Management Instrumentation Service subsystems initialized successfully | 5617 | 2 | | 4 | 0 | 0 | -9223372036854775808 | 372 | Microsoft-Windows-WMI | 1edeee53-0afe-4609-b846-d8c0b2075b1f | Application | 520 | 1832 | WIN-5T344G8GM1H | S-1-5-18 | 5/28/2021 12:46:11 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows Management Instrumentation Service started sucessfully | 5615 | 2 | | 4 | 0 | 0 | -9223372036854775808 | 371 | Microsoft-Windows-WMI | 1edeee53-0afe-4609-b846-d8c0b2075b1f | Application | 520 | 1548 | WIN-5T344G8GM1H | S-1-5-18 | 5/28/2021 12:46:10 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The User Profile Service has started successfully.
| 1531 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 370 | Microsoft-Windows-User Profiles Service | 89b1e9f0-5aff-44a6-9b44-0a07a7ce5845 | Application | 520 | 1468 | WIN-5T344G8GM1H | S-1-5-18 | 5/28/2021 12:46:10 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Volume Shadow Copy Service: Writer with name Shadow Copy Optimization Writer and ID {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} attempted to subscribe during setup.
Operation:
Initializing Writer
Context:
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer | 8212 | | 0 | 4 | 0 | | 36028797018963968 | 369 | VSS | | Application | | | WIN-5T344G8GM1H | | 5/28/2021 12:46:10 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Volume Shadow Copy Service: Writer with name ASR Writer and ID {be000cbe-11fe-4426-9c58-531aa6355fc4} attempted to subscribe during setup.
Operation:
Initializing Writer
Context:
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer | 8212 | | 0 | 4 | 0 | | 36028797018963968 | 368 | VSS | | Application | | | WIN-5T344G8GM1H | | 5/28/2021 12:46:10 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Volume Shadow Copy Service: Writer with name COM+ REGDB Writer and ID {542da469-d3e1-473c-9f4f-7847f01fc64f} attempted to subscribe during setup.
Operation:
Initializing Writer
Context:
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer | 8212 | | 0 | 4 | 0 | | 36028797018963968 | 367 | VSS | | Application | | | WIN-5T344G8GM1H | | 5/28/2021 12:46:10 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Volume Shadow Copy Service: Writer with name Registry Writer and ID {afbab4a2-367d-4d15-a586-71dbb18f8485} attempted to subscribe during setup.
Operation:
Initializing Writer
Context:
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer | 8212 | | 0 | 4 | 0 | | 36028797018963968 | 366 | VSS | | Application | | | WIN-5T344G8GM1H | | 5/28/2021 12:46:10 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. | 4625 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 365 | Microsoft-Windows-EventSystem | 899daace-4868-4295-afcd-9eb8fb497561 | Application | 0 | 0 | WIN-VVT2CKNTF5N | | 5/28/2021 12:46:10 PM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The User Profile Service has stopped.
| 1532 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 364 | Microsoft-Windows-User Profiles Service | 89b1e9f0-5aff-44a6-9b44-0a07a7ce5845 | Application | 976 | 1228 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:13 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
DETAIL -
9 user registry handles leaked from \Registry\User\S-1-5-21-416071247-492812682-1642729393-500:
Process 764 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-416071247-492812682-1642729393-500\System\GameConfigStore\Parents
Process 764 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-416071247-492812682-1642729393-500\System\GameConfigStore
Process 312 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-416071247-492812682-1642729393-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Process 976 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-416071247-492812682-1642729393-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 976 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-416071247-492812682-1642729393-500\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 976 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-416071247-492812682-1642729393-500\SOFTWARE\Microsoft\Internet Explorer\Main
Process 3092 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-416071247-492812682-1642729393-500\SOFTWARE\Microsoft\ActiveSync\Partners
Process 764 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-416071247-492812682-1642729393-500\System\GameConfigStore\Children
Process 976 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-416071247-492812682-1642729393-500\SOFTWARE\Microsoft\Internet Explorer\Security
| 1530 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 363 | Microsoft-Windows-User Profiles Service | 89b1e9f0-5aff-44a6-9b44-0a07a7ce5845 | Application | 976 | 3432 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:12 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The winlogon notification subscriber <SessionEnv> failed a notification event. | 6001 | 0 | 32768 | 3 | 0 | 0 | 36028797018963968 | 362 | Microsoft-Windows-Winlogon | dbe9b383-7cf3-4331-91cc-a3cb16a3b538 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:12 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| SLUI.exe was launched with the following command-line parameters:
RuleId=984306a1-75fc-4a6b-b3f9-8501ba26a448;Action=NotifyUser;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;NotificationInterval=1440;Trigger=TimerEvent | 8197 | 0 | 49152 | 4 | 0 | 0 | 36028797018963968 | 361 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:10 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The rules engine successfully re-evaluated the schedule.
Kernel policies:
Security-SPP-Action-StateData (REG_SZ) =AppId=55c92734-d682-4d71-983e-d6ec3f16059f;LastNotificationId=RebootRequired;ruleId=984306a1-75fc-4a6b-b3f9-8501ba26a448 | 8230 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 360 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:10 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 0 [(0 [0xC004D302, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 359 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:10 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Rearm successful for AppId = 55c92734-d682-4d71-983e-d6ec3f16059f, SkuId = (null) - 5 Rearms Remaining. | 12306 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 358 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:10 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has started.
10.0.14393.351 | 902 | 0 | 16384 | 0 | 0 | 0 | 36028797018963968 | 357 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:10 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4, 1, 0 [(0 [0xC004E003, 0, 0], [( 2 0xC004F00F 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)( 1 0x00000000)(?)( 2 0xC004F00F 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )(3 [0x00000000, 0, 1], [(?)( 1 0x00000000)( 6 0x00000000 10 14400)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])]
| 1003 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 356 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:10 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Grace period has been started. Grace days=10 Grace type=6. | 1025 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 355 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:10 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Duplicate definition of policy found. Policy name=Security-SPP-WriteWauMarker Priority=500 | 1034 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 354 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:10 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The hardware has changed. | 1024 | 0 | 32768 | 4 | 0 | 0 | 36028797018963968 | 353 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:10 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Hardware has changed from previous boot.
AppId=55c92734-d682-4d71-983e-d6ec3f16059f, SkuId=9dfa8ec0-7665-4b9d-b2cb-bfc2dc37c9f4. | 1040 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 352 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:09 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initialization status for service objects.
C:\windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/inherited/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
| 1066 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 351 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:09 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service is starting.
Parameters:caller=Sysprep.exe | 900 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 350 | Microsoft-Windows-Security-SPP | e23b33b0-c8c9-472c-a5f9-f2bdfea0f156 | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:48:09 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The MS DTC service is stopping. | 4111 | 0 | 16384 | 4 | 1 | 0 | 36028797018963968 | 349 | Microsoft-Windows-MSDTC | 719be4ed-e9bc-4dd8-a7cf-c85ce8e4975d | Application | 0 | 0 | WIN-5T344G8GM1H | | 1/19/2018 9:47:34 AM | | | application | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | SVC | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |