Log Name: System

Source: Microsoft-Windows-Kernel-Power
Date: 3/26/2018 12:45:24 PM
Event ID: 107
Task Category: (102)
Level: Information
Keywords: (1024),(64),(4)
User: N/A
Computer: DESKTOP-F6MCREC
Description:
The system has resumed from sleep.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-
77220C37D6B4}" />
<EventID>107</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>102</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000444</Keywords>
<TimeCreated SystemTime="2018-03-26T09:45:24.492677400Z" />
<EventRecordID>5718</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="11856" />
<Channel>System</Channel>
<Computer>DESKTOP-F6MCREC</Computer>
<Security />
</System>
<EventData>
<Data Name="TargetState">5</Data>
<Data Name="EffectiveState">5</Data>
<Data Name="WakeFromState">5</Data>
<Data Name="ProgrammedWakeTimeAc">2435-06-15T16:22:11.615290800Z</Data>
<Data Name="ProgrammedWakeTimeDc">1601-01-01T00:00:00.000000000Z</Data>
<Data Name="WakeRequesterTypeAc">1</Data>
<Data Name="WakeRequesterTypeDc">0</Data>
</EventData>
</Event>

Log Name: System

Source: Microsoft-Windows-Kernel-Power
Date: 3/26/2018 12:45:22 PM
Event ID: 42
Task Category: (64)
Level: Information
Keywords: (1024),(4)
User: N/A
Computer: DESKTOP-F6MCREC
Description:
The system is entering sleep.

Sleep Reason: System Idle

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-
77220C37D6B4}" />
 <EventID>42</EventID>
<Version>3</Version>
<Level>4</Level>
<Task>64</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000404</Keywords>
<TimeCreated SystemTime="2018-03-26T09:45:22.951188500Z" />
<EventRecordID>5717</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="11856" />
<Channel>System</Channel>
<Computer>DESKTOP-F6MCREC</Computer>
<Security />
</System>
<EventData>
<Data Name="TargetState">5</Data>
<Data Name="EffectiveState">5</Data>
<Data Name="Reason">7</Data>
<Data Name="Flags">0</Data>
<Data Name="TransitionsToOn">1</Data>
</EventData>
</Event>

Log Name: System

Source: EventLog
Date: 3/26/2018 12:00:00 PM
Event ID: 6013
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: DESKTOP-F6MCREC
Description:
The system uptime is 308268 seconds.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6013</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2018-03-26T09:00:00.518032200Z" />
<EventRecordID>5716</EventRecordID>
<Channel>System</Channel>
<Computer>DESKTOP-F6MCREC</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>308268</Data>
<Data>60</Data>
 <Data>-120 GTB Standard Time</Data>

<Binary>31002E003100000030000000570069006E0064006F007700730020003100300020005000720
06F000000310030002E0030002E003100360032003900390020004200750069006C0064002000310036
003200390039002000200000004D0075006C0074006900700072006F0063006500730073006F0072002
00046007200650065000000310036003200390039002E007200730033005F00720065006C0065006100
730065002E003100370030003900320038002D003100350033003400000035006100370062003100380
06600310000004E006F007400200041007600610069006C00610062006C00650000004E006F00740020
0041007600610069006C00610062006C006500000039000000340000003100320031003800300000003
4003000390000004400450053004B0054004F0050002D00460036004D00430052004500430000000000
</Binary>
</EventData>
</Event>

Log Name: System

Source: Microsoft-Windows-Kernel-General
Date: 3/26/2018 10:41:50 AM
Event ID: 15
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: DESKTOP-F6MCREC
Description:
Hive \??\Volume{1ff758f7-2390-4885-a3ec-be4bf685a015}\System Volume
Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{5D586AA2-
DDF8-4B40-B473-B6608B7A572A} was reorganized with a starting size of 11997184 bytes
and an ending size of 11587584 bytes.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-
A698-07E2DE0F1F5D}" />
<EventID>15</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2018-03-26T07:41:50.830366800Z" />
<EventRecordID>5715</EventRecordID>
<Correlation />
<Execution ProcessID="9508" ThreadID="14052" />
<Channel>System</Channel>
<Computer>DESKTOP-F6MCREC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="HiveNameLength">171</Data>
<Data Name="HiveName">\??\Volume{1ff758f7-2390-4885-a3ec-be4bf685a015}\System
Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}
{5D586AA2-DDF8-4B40-B473-B6608B7A572A}</Data>
<Data Name="OriginalSize">11997184</Data>
<Data Name="NewSize">11587584</Data>
</EventData>
</Event>

Log Name: System

Source: Microsoft-Windows-Kernel-General
Date: 3/26/2018 10:41:32 AM
Event ID: 11
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: DESKTOP-F6MCREC
Description:
TxR init phase for
hive \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Windows\System32\config\DRIVER
S (TM: {50CAFB56-2E06-11E8-B26E-D05349252A0A}, RM: {50CAFB55-2E06-11E8-B26E-
D05349252A0A}) finished with result=0xC00000A2 (Internal code=7).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-
A698-07E2DE0F1F5D}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2018-03-26T07:41:32.326841700Z" />
<EventRecordID>5714</EventRecordID>
<Correlation />
<Execution ProcessID="9508" ThreadID="14052" />
<Channel>System</Channel>
<Computer>DESKTOP-F6MCREC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ExtraStringLength">79</Data>
<Data
Name="ExtraString">\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Windows\System32
\config\DRIVERS</Data>
<Data Name="TmId">{50CAFB56-2E06-11E8-B26E-D05349252A0A}</Data>
<Data Name="RmId">{50CAFB55-2E06-11E8-B26E-D05349252A0A}</Data>
<Data Name="Status">0xc00000a2</Data>
<Data Name="InternalCode">7</Data>
</EventData>
</Event>

Log Name: System

Source: Microsoft-Windows-Kernel-General
Date: 3/26/2018 10:41:32 AM
Event ID: 11
Task Category: None
Level: Information
Keywords:
User: SYSTEM
Computer: DESKTOP-F6MCREC
Description:
TxR init phase for
hive \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Windows\System32\config\SYSTEM
(TM: {50CAFB54-2E06-11E8-B26E-D05349252A0A}, RM: {50CAFB53-2E06-11E8-B26E-
D05349252A0A}) finished with result=0xC00000A2 (Internal code=7).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
 <System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-
A698-07E2DE0F1F5D}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2018-03-26T07:41:32.014502600Z" />
<EventRecordID>5713</EventRecordID>
<Correlation />
<Execution ProcessID="9508" ThreadID="14052" />
<Channel>System</Channel>
<Computer>DESKTOP-F6MCREC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="ExtraStringLength">78</Data>
<Data
Name="ExtraString">\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Windows\System32
\config\SYSTEM</Data>
<Data Name="TmId">{50CAFB54-2E06-11E8-B26E-D05349252A0A}</Data>
<Data Name="RmId">{50CAFB53-2E06-11E8-B26E-D05349252A0A}</Data>
<Data Name="Status">0xc00000a2</Data>
<Data Name="InternalCode">7</Data>
</EventData>
</Event>

Log Name: System

Source: Microsoft-Windows-DistributedCOM
Date: 3/26/2018 10:38:09 AM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: LOCAL SERVICE
Computer: DESKTOP-F6MCREC
Description:
The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost
(Using LRPC) running in the application container Unavailable SID (Unavailable).
This security permission can be modified using the Component Services
administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-
BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
 <TimeCreated SystemTime="2018-03-26T07:38:09.756015400Z" />
<EventRecordID>5712</EventRecordID>
<Correlation />
<Execution ProcessID="344" ThreadID="7920" />
<Channel>System</Channel>
<Computer>DESKTOP-F6MCREC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{D63B10C5-BB46-4990-A94F-E40B9D520160}</Data>
<Data Name="param5">{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">LOCAL SERVICE</Data>
<Data Name="param8">S-1-5-19</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>

Log Name: System

Source: Microsoft-Windows-Kernel-General
Date: 3/26/2018 10:26:22 AM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: DESKTOP-F6MCREC\botez
Computer: DESKTOP-F6MCREC
Description:
The access history in
hive \??\C:\Users\botez\AppData\Local\Packages\microsoft.windowsmaps_8wekyb3d8bbwe\
Settings\settings.dat was cleared updating 4 keys and creating 1 modified pages.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-
A698-07E2DE0F1F5D}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2018-03-26T07:26:22.583271000Z" />
<EventRecordID>5711</EventRecordID>
<Correlation />
<Execution ProcessID="7136" ThreadID="12944" />
<Channel>System</Channel>
<Computer>DESKTOP-F6MCREC</Computer>
<Security UserID="S-1-5-21-4189595550-1932086354-4013880105-1001" />
</System>
<EventData>
<Data Name="HiveNameLength">99</Data>
<Data
Name="HiveName">\??\C:\Users\botez\AppData\Local\Packages\microsoft.windowsmaps_8we
kyb3d8bbwe\Settings\settings.dat</Data>
<Data Name="KeysUpdated">4</Data>
<Data Name="DirtyPages">1</Data>
</EventData>
</Event>

Log Name: System

Source: Microsoft-Windows-Kernel-General
Date: 3/26/2018 10:26:16 AM
Event ID: 16
Task Category: None
Level: Information
Keywords:
User: DESKTOP-F6MCREC\botez
Computer: DESKTOP-F6MCREC
Description:
The access history in
hive \??\C:\Users\botez\AppData\Local\Packages\microsoft.lockapp_cw5n1h2txyewy\Sett
ings\settings.dat was cleared updating 4 keys and creating 1 modified pages.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-
A698-07E2DE0F1F5D}" />
<EventID>16</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2018-03-26T07:26:16.553550200Z" />
<EventRecordID>5710</EventRecordID>
<Correlation />
<Execution ProcessID="7136" ThreadID="12944" />
<Channel>System</Channel>
<Computer>DESKTOP-F6MCREC</Computer>
<Security UserID="S-1-5-21-4189595550-1932086354-4013880105-1001" />
</System>
<EventData>
<Data Name="HiveNameLength">95</Data>
<Data
Name="HiveName">\??\C:\Users\botez\AppData\Local\Packages\microsoft.lockapp_cw5n1h2
txyewy\Settings\settings.dat</Data>
<Data Name="KeysUpdated">4</Data>
<Data Name="DirtyPages">1</Data>
</EventData>
</Event>

Log Name: System

Source: Microsoft-Windows-Kernel-General
Date: 3/26/2018 10:26:03 AM
Event ID: 1
Task Category: (5)
Level: Information
Keywords: Time
User: LOCAL SERVICE
Computer: DESKTOP-F6MCREC
Description:
The system time has changed to ?2018?-?03?-?26T07:26:03.516097500Z from ?2018?-?
03?-?26T07:26:03.516371900Z.

Change Reason: An application or system component changed the time.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-
A698-07E2DE0F1F5D}" />
<EventID>1</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>5</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2018-03-26T07:26:03.515833300Z" />
<EventRecordID>5709</EventRecordID>
<Correlation />
<Execution ProcessID="13480" ThreadID="13236" />
<Channel>System</Channel>
<Computer>DESKTOP-F6MCREC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="NewTime">2018-03-26T07:26:03.516097500Z</Data>
<Data Name="OldTime">2018-03-26T07:26:03.516371900Z</Data>
<Data Name="Reason">1</Data>
</EventData>
</Event>

Log Name: System

Source: Microsoft-Windows-Time-Service
Date: 3/26/2018 10:26:03 AM
Event ID: 35
Task Category: None
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: DESKTOP-F6MCREC
Description:
The time service is now synchronizing the system time with the time source
time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->52.178.161.41:123) with reference id
698462772. Current local stratum number is 5.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Time-Service" Guid="{06EDCFEB-0FD0-4E53-ACCA-
A6F8BBF81BCB}" />
<EventID>35</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2018-03-26T07:26:03.469561100Z" />
<EventRecordID>5708</EventRecordID>
<Correlation />
<Execution ProcessID="13480" ThreadID="6984" />
<Channel>System</Channel>
<Computer>DESKTOP-F6MCREC</Computer>
 <Security UserID="S-1-5-19" />
</System>
<EventData Name="TMP_EVENT_TIME_SOURCE_CHOSEN">
<Data Name="TimeSource">time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123-
&gt;52.178.161.41:123)</Data>
<Data Name="TimeSourceRefId">698462772</Data>
<Data Name="CurrentStratumNumber">5</Data>
</EventData>
</Event>

Log Name: System

Source: Microsoft-Windows-Time-Service
Date: 3/26/2018 10:25:49 AM
Event ID: 37
Task Category: None
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: DESKTOP-F6MCREC
Description:
The time provider NtpClient is currently receiving valid time data from
time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->52.178.161.41:123).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Time-Service" Guid="{06EDCFEB-0FD0-4E53-ACCA-
A6F8BBF81BCB}" />
<EventID>37</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2018-03-26T07:25:49.038097800Z" />
<EventRecordID>5707</EventRecordID>
<Correlation />
<Execution ProcessID="13480" ThreadID="6984" />
<Channel>System</Channel>
<Computer>DESKTOP-F6MCREC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData Name="TMP_EVENT_TIME_SOURCE_REACHABLE">
<Data Name="TimeSource">time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123-
&gt;52.178.161.41:123)</Data>
</EventData>
</Event>

Log Name: System

Source: Microsoft-Windows-Time-Service
Date: 3/26/2018 10:25:47 AM
Event ID: 158
Task Category: None
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: DESKTOP-F6MCREC
Description:
The time provider 'VMICTimeProvider' has indicated that the current hardware and
operating environment is not supported and has stopped. This behavior is expected
for VMICTimeProvider on non-HyperV-guest environments. This may be the expected
behavior for the current provider in the current operating environment as well.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Time-Service" Guid="{06EDCFEB-0FD0-4E53-ACCA-
A6F8BBF81BCB}" />
<EventID>158</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2018-03-26T07:25:47.432163900Z" />
<EventRecordID>5706</EventRecordID>
<Correlation />
<Execution ProcessID="13480" ThreadID="228" />
<Channel>System</Channel>
<Computer>DESKTOP-F6MCREC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData Name="TMP_EVENT_TIMEPROV_INDICATED_UNSUPPORTED">
<Data Name="TimeProvider">VMICTimeProvider</Data>
</EventData>
</Event>

Log Name: System

Source: Microsoft-Windows-DistributedCOM
Date: 3/26/2018 10:25:39 AM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: LOCAL SERVICE
Computer: DESKTOP-F6MCREC
Description:
The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost
(Using LRPC) running in the application container Unavailable SID (Unavailable).
This security permission can be modified using the Component Services
administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-
BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2018-03-26T07:25:39.994596900Z" />
<EventRecordID>5705</EventRecordID>
<Correlation />
 <Execution ProcessID="344" ThreadID="11884" />
<Channel>System</Channel>
<Computer>DESKTOP-F6MCREC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{D63B10C5-BB46-4990-A94F-E40B9D520160}</Data>
<Data Name="param5">{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">LOCAL SERVICE</Data>
<Data Name="param8">S-1-5-19</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>

Log Name: System

Source: Microsoft-Windows-DistributedCOM
Date: 3/26/2018 9:23:57 AM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: DESKTOP-F6MCREC\botez
Computer: DESKTOP-F6MCREC
Description:
The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-F6MCREC\botez SID (S-1-5-21-4189595550-1932086354-4013880105-
1001) from address LocalHost (Using LRPC) running in the application container
Unavailable SID (Unavailable). This security permission can be modified using the
Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-
BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2018-03-26T06:23:57.515531600Z" />
<EventRecordID>5704</EventRecordID>
<Correlation />
<Execution ProcessID="344" ThreadID="12536" />
<Channel>System</Channel>
<Computer>DESKTOP-F6MCREC</Computer>
<Security UserID="S-1-5-21-4189595550-1932086354-4013880105-1001" />
</System>
<EventData>
 <Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{D63B10C5-BB46-4990-A94F-E40B9D520160}</Data>
<Data Name="param5">{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}</Data>
<Data Name="param6">DESKTOP-F6MCREC</Data>
<Data Name="param7">botez</Data>
<Data Name="param8">S-1-5-21-4189595550-1932086354-4013880105-1001</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>

Log Name: System

Source: Microsoft-Windows-DistributedCOM
Date: 3/26/2018 9:03:05 AM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: DESKTOP-F6MCREC\botez
Computer: DESKTOP-F6MCREC
Description:
The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-F6MCREC\botez SID (S-1-5-21-4189595550-1932086354-4013880105-
1001) from address LocalHost (Using LRPC) running in the application container
Unavailable SID (Unavailable). This security permission can be modified using the
Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-
BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2018-03-26T06:03:05.112069900Z" />
<EventRecordID>5703</EventRecordID>
<Correlation />
<Execution ProcessID="344" ThreadID="13784" />
<Channel>System</Channel>
<Computer>DESKTOP-F6MCREC</Computer>
<Security UserID="S-1-5-21-4189595550-1932086354-4013880105-1001" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{D63B10C5-BB46-4990-A94F-E40B9D520160}</Data>
<Data Name="param5">{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}</Data>
<Data Name="param6">DESKTOP-F6MCREC</Data>
 <Data Name="param7">botez</Data>
<Data Name="param8">S-1-5-21-4189595550-1932086354-4013880105-1001</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>

Log Name: System

Source: Microsoft-Windows-DistributedCOM
Date: 3/26/2018 8:40:07 AM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: DESKTOP-F6MCREC\botez
Computer: DESKTOP-F6MCREC
Description:
The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-F6MCREC\botez SID (S-1-5-21-4189595550-1932086354-4013880105-
1001) from address LocalHost (Using LRPC) running in the application container
Unavailable SID (Unavailable). This security permission can be modified using the
Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-
BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2018-03-26T05:40:07.981285400Z" />
<EventRecordID>5702</EventRecordID>
<Correlation />
<Execution ProcessID="344" ThreadID="13296" />
<Channel>System</Channel>
<Computer>DESKTOP-F6MCREC</Computer>
<Security UserID="S-1-5-21-4189595550-1932086354-4013880105-1001" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{D63B10C5-BB46-4990-A94F-E40B9D520160}</Data>
<Data Name="param5">{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}</Data>
<Data Name="param6">DESKTOP-F6MCREC</Data>
<Data Name="param7">botez</Data>
<Data Name="param8">S-1-5-21-4189595550-1932086354-4013880105-1001</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>