M
MarkBrosche1
Guest
Hi everyone been having trouble with my pc lately its been restarting no warning new psu and found a event this morning on my event viewer im stumped here it is.
- System
- Provider
[ Name] VSS
- EventID 13
[ Qualifiers] 0
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x80000000000000
- TimeCreated
[ SystemTime] 2020-08-12T12:13:24.8111330Z
EventRecordID 12618
Correlation
- Execution
[ ProcessID] 0
[ ThreadID] 0
Channel Application
Computer DESKTOP-QMJP4Q4
Security
- EventData
{4e14fba2-2e22-11d1-9964-00c04fbbb345}
CEventSystem
0x8007045b, A system shutdown is in progress.
2D20436F64653A20575254575254494330303030343932332D2043616C6C3A20575254575254494330303030343931362D205049443A202030303030333335322D205449443A202030303030343034382D20434D443A2020433A5C57494E444F57535C73797374656D33325C737663686F73742E657865202D6B204E6574776F726B53657276696365202D70202D732043727970745376632D20557365723A204E616D653A204E5420415554484F524954595C4E4554574F524B20534552564943452C205349443A532D312D352D3230
Binary data:
In Words
0000: 6F43202D 203A6564 57545257 43495452
0010: 30303030 33323934 6143202D 203A6C6C
0020: 57545257 43495452 30303030 36313934
0030: 4950202D 20203A44 30303030 32353333
0040: 4954202D 20203A44 30303030 38343034
0050: 4D43202D 20203A44 575C3A43 4F444E49
0060: 735C5357 65747379 5C32336D 68637673
0070: 2E74736F 20657865 4E206B2D 6F777465
0080: 65536B72 63697672 702D2065 20732D20
0090: 70797243 63765374 7355202D 203A7265
00a0: 656D614E 544E203A 54554120 49524F48
00b0: 4E5C5954 4F575445 53204B52 49565245
00c0: 202C4543 3A444953 2D312D53 30322D35
In Bytes
0000: 2D 20 43 6F 64 65 3A 20 - Code:
0008: 57 52 54 57 52 54 49 43 WRTWRTIC
0010: 30 30 30 30 34 39 32 33 00004923
0018: 2D 20 43 61 6C 6C 3A 20 - Call:
0020: 57 52 54 57 52 54 49 43 WRTWRTIC
0028: 30 30 30 30 34 39 31 36 00004916
0030: 2D 20 50 49 44 3A 20 20 - PID:
0038: 30 30 30 30 33 33 35 32 00003352
0040: 2D 20 54 49 44 3A 20 20 - TID:
0048: 30 30 30 30 34 30 34 38 00004048
0050: 2D 20 43 4D 44 3A 20 20 - CMD:
0058: 43 3A 5C 57 49 4E 44 4F C:\WINDO
0060: 57 53 5C 73 79 73 74 65 WS\syste
0068: 6D 33 32 5C 73 76 63 68 m32\svch
0070: 6F 73 74 2E 65 78 65 20 ost.exe
0078: 2D 6B 20 4E 65 74 77 6F -k Netwo
0080: 72 6B 53 65 72 76 69 63 rkServic
0088: 65 20 2D 70 20 2D 73 20 e -p -s
0090: 43 72 79 70 74 53 76 63 CryptSvc
0098: 2D 20 55 73 65 72 3A 20 - User:
00a0: 4E 61 6D 65 3A 20 4E 54 Name: NT
00a8: 20 41 55 54 48 4F 52 49 AUTHORI
00b0: 54 59 5C 4E 45 54 57 4F TY\NETWO
00b8: 52 4B 20 53 45 52 56 49 RK SERVI
00c0: 43 45 2C 20 53 49 44 3A CE, SID:
00c8: 53 2D 31 2D 35 2D 32 30 S-1-5-20
Continue reading...
- System
- Provider
[ Name] VSS
- EventID 13
[ Qualifiers] 0
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x80000000000000
- TimeCreated
[ SystemTime] 2020-08-12T12:13:24.8111330Z
EventRecordID 12618
Correlation
- Execution
[ ProcessID] 0
[ ThreadID] 0
Channel Application
Computer DESKTOP-QMJP4Q4
Security
- EventData
{4e14fba2-2e22-11d1-9964-00c04fbbb345}
CEventSystem
0x8007045b, A system shutdown is in progress.
2D20436F64653A20575254575254494330303030343932332D2043616C6C3A20575254575254494330303030343931362D205049443A202030303030333335322D205449443A202030303030343034382D20434D443A2020433A5C57494E444F57535C73797374656D33325C737663686F73742E657865202D6B204E6574776F726B53657276696365202D70202D732043727970745376632D20557365723A204E616D653A204E5420415554484F524954595C4E4554574F524B20534552564943452C205349443A532D312D352D3230
Binary data:
In Words
0000: 6F43202D 203A6564 57545257 43495452
0010: 30303030 33323934 6143202D 203A6C6C
0020: 57545257 43495452 30303030 36313934
0030: 4950202D 20203A44 30303030 32353333
0040: 4954202D 20203A44 30303030 38343034
0050: 4D43202D 20203A44 575C3A43 4F444E49
0060: 735C5357 65747379 5C32336D 68637673
0070: 2E74736F 20657865 4E206B2D 6F777465
0080: 65536B72 63697672 702D2065 20732D20
0090: 70797243 63765374 7355202D 203A7265
00a0: 656D614E 544E203A 54554120 49524F48
00b0: 4E5C5954 4F575445 53204B52 49565245
00c0: 202C4543 3A444953 2D312D53 30322D35
In Bytes
0000: 2D 20 43 6F 64 65 3A 20 - Code:
0008: 57 52 54 57 52 54 49 43 WRTWRTIC
0010: 30 30 30 30 34 39 32 33 00004923
0018: 2D 20 43 61 6C 6C 3A 20 - Call:
0020: 57 52 54 57 52 54 49 43 WRTWRTIC
0028: 30 30 30 30 34 39 31 36 00004916
0030: 2D 20 50 49 44 3A 20 20 - PID:
0038: 30 30 30 30 33 33 35 32 00003352
0040: 2D 20 54 49 44 3A 20 20 - TID:
0048: 30 30 30 30 34 30 34 38 00004048
0050: 2D 20 43 4D 44 3A 20 20 - CMD:
0058: 43 3A 5C 57 49 4E 44 4F C:\WINDO
0060: 57 53 5C 73 79 73 74 65 WS\syste
0068: 6D 33 32 5C 73 76 63 68 m32\svch
0070: 6F 73 74 2E 65 78 65 20 ost.exe
0078: 2D 6B 20 4E 65 74 77 6F -k Netwo
0080: 72 6B 53 65 72 76 69 63 rkServic
0088: 65 20 2D 70 20 2D 73 20 e -p -s
0090: 43 72 79 70 74 53 76 63 CryptSvc
0098: 2D 20 55 73 65 72 3A 20 - User:
00a0: 4E 61 6D 65 3A 20 4E 54 Name: NT
00a8: 20 41 55 54 48 4F 52 49 AUTHORI
00b0: 54 59 5C 4E 45 54 57 4F TY\NETWO
00b8: 52 4B 20 53 45 52 56 49 RK SERVI
00c0: 43 45 2C 20 53 49 44 3A CE, SID:
00c8: 53 2D 31 2D 35 2D 32 30 S-1-5-20
Continue reading...