Event ID 63 — A provider, NlbsNicProv, has been registered in the Windows Management Instrumentation namespace Root\microsoftnlb to use the LocalSystem account.

{
  "system": {
    "provider": "Microsoft-Windows-WMI",
    "guid": "1EDEEE53-0AFE-4609-B846-D8C0B2075B1F",
    "event_source_name": "",
    "event_id": 63,
    "version": 2,
    "level": 3,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2022-04-04T11:12:30.841914+00:00",
    "event_record_id": 181,
    "correlation": {},
    "execution": {
      "process_id": 1136,
      "thread_id": 2060
    },
    "channel": "Application",
    "computer": "WIN-TKC15D7KHUR",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "user_data": {
    "data_0x8000003F": {
      "Provider": "NlbsNicProv",
      "Namespace": "Root\\microsoftnlb"
    }
  },
  "message": "A provider, NlbsNicProv, has been registered in the Windows Management Instrumentation namespace Root\\microsoftnlb to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests."
}