Report of <HUYTV-PC>

Navigation

AIDA64 Extreme


		Version	AIDA64 v5.50.3600
		Benchmark Module	4.1.643-x64
		Homepage	http://www.aida64.com/
		Report Type	Report Wizard
		Computer	HUYTV-PC
		Generator	huytv
		Operating System	Microsoft Windows 7 Professional 6.1.7601.17514 (Win7 RTM)
		Date	2015-10-10
		Time	13:51

Summary


Computer:
	Computer Type	ACPI x64-based PC (Mobile)
	Operating System	Microsoft Windows 7 Professional
	OS Service Pack	Service Pack 1
	Internet Explorer	8.0.7601.17514 (IE 8.0 - Windows 7 SP1)
	DirectX	DirectX 11.0
	Computer Name	HUYTV-PC
	User Name	huytv
	Logon Domain	huytv-PC
	Date / Time	2015-10-10 / 13:51

Motherboard:
	CPU Type	Mobile DualCore Intel Core i5-2450M, 2900 MHz (29 x 100)
	Motherboard Name	Asus K43SJ Series Notebook
	Motherboard Chipset	Intel Cougar Point HM65, Intel Sandy Bridge
	System Memory	8168 MB (DDR3 SDRAM)
	DIMM1: Kingston HP536726-H41-ELCUW	4 GB DDR3-1333 DDR3 SDRAM (9-9-9-24 @ 666 MHz) (8-8-8-22 @ 609 MHz) (7-7-7-20 @ 533 MHz) (6-6-6-17 @ 457 MHz) (5-5-5-14 @ 380 MHz)
	DIMM3: SK Hynix HMT351S6EFR8C-PB	4 GB DDR3-1600 DDR3 SDRAM (11-11-11-28 @ 800 MHz) (10-10-10-27 @ 761 MHz) (9-9-9-24 @ 685 MHz) (8-8-8-22 @ 609 MHz) (7-7-7-19 @ 533 MHz) (6-6-6-16 @ 457 MHz) (5-5-5-14 @ 380 MHz)
	BIOS Type	AMI (04/19/2012)

Display:
	Video Adapter	NVIDIA GeForce GT 520M (1 GB)
	Video Adapter	NVIDIA GeForce GT 520M (1 GB)
	3D Accelerator	nVIDIA GeForce GT 520M
	Monitor	CMI BT140GW01V9 [14" LCD]
	Monitor	Dell UltraSharp U2412M (Analog) [24" LCD] (9W5YH4AU140S)

Multimedia:
	Audio Adapter	nVIDIA HDMI/DP @ nVIDIA GF119 - High Definition Audio Controller
	Audio Adapter	Realtek ALC269 @ Intel Cougar Point PCH - High Definition Audio Controller [B-3]

Storage:
	IDE Controller	Intel(R) Mobile Express Chipset SATA AHCI Controller
	Disk Drive	INTEL SSDSC2BW120A4 (120 GB, SATA-III)
	Disk Drive	NORELSYS 106X USB Device (465 GB, USB)
	Optical Drive	HL-DT-ST DVDRAM GT51N
	SMART Hard Disks Status	OK

Partitions:
	C: (NTFS)	37249 MB (12675 MB free)
	E: (FAT32)	8176 MB (6408 MB free)
	F: (NTFS)	250.3 GB (186.8 GB free)
	Total Size	294.6 GB (205.4 GB free)

Input:
	Keyboard	HID Keyboard Device
	Keyboard	Standard PS/2 Keyboard
	Mouse	HID-compliant mouse
	Mouse	Standard PS/2 Port Mouse

Network:
	Primary IP Address	192.168.1.7
	Primary MAC Address	74-2F-68-9D-7C-23
	Network Adapter	Atheros AR9002WB-1NG Wireless Network Adapter (192.168.1.7)
	Network Adapter	Realtek PCIe GBE Family Controller

Peripherals:
	Printer	Fax
	Printer	Microsoft XPS Document Writer
	USB2 Controller	Intel Cougar Point PCH - USB EHCI #1 Controller [B-3]
	USB2 Controller	Intel Cougar Point PCH - USB EHCI #2 Controller [B-3]
	USB3 Controller	ASMedia ASM1042 USB 3.0 xHCI Controller
	USB Device	ASUS USB2.0 WebCam
	USB Device	Bluetooth Module
	USB Device	Generic USB Hub
	USB Device	Generic USB Hub
	USB Device	Generic USB Hub
	USB Device	Realtek USB 2.0 Card Reader
	USB Device	USB Composite Device
	USB Device	USB Composite Device
	USB Device	USB Input Device
	USB Device	USB Input Device
	USB Device	USB Input Device
	USB Device	USB Mass Storage Device
	USB Device	USB Root Hub
	Battery	Microsoft AC Adapter
	Battery	Microsoft ACPI-Compliant Control Method Battery
	Battery	Microsoft Composite Battery

DMI:
	DMI BIOS Vendor	American Megatrends Inc.
	DMI BIOS Version	K43SJ.317
	DMI System Manufacturer	ASUSTeK Computer Inc.
	DMI System Product	K43SJ
	DMI System Version	1.0
	DMI System Serial Number	B9N0BC163432376
	DMI System UUID	5154434B-4A31324E-463114DA-E9AE18F6
	DMI Motherboard Manufacturer	ASUSTeK Computer Inc.
	DMI Motherboard Product	K43SJ
	DMI Motherboard Version	1.0
	DMI Motherboard Serial Number	NB-1234567890
	DMI Chassis Manufacturer	ASUSTeK Computer Inc.
	DMI Chassis Version	1.0
	DMI Chassis Serial Number	0x00000000
	DMI Chassis Asset Tag	No Asset Tag
	DMI Chassis Type	LapTop

Computer Name


Type	Class	Computer Name
Computer Comment	Logical
NetBIOS Name	Logical	HUYTV-PC
DNS Host Name	Logical	huytv-PC
DNS Domain Name	Logical
Fully Qualified DNS Name	Logical	huytv-PC
NetBIOS Name	Physical	HUYTV-PC
DNS Host Name	Physical	huytv-PC
DNS Domain Name	Physical
Fully Qualified DNS Name	Physical	huytv-PC

DMI


[ BIOS ]

	BIOS Properties:
		Vendor	American Megatrends Inc.
		Version	K43SJ.317
		Release Date	04/19/2012
		Size	2 MB
		System BIOS Version	4.6
		Boot Devices	Floppy Disk, Hard Disk, CD-ROM
		Capabilities	Flash BIOS, Shadow BIOS, Selectable Boot, EDD, BBS
		Supported Standards	DMI, ACPI, UEFI
		Expansion Capabilities	PCI, USB
		Virtual Machine	No

	BIOS Manufacturer:
		Company Name	American Megatrends Inc.
		Product Information	http://www.ami.com/amibios
		BIOS Upgrades	http://www.aida64.com/bios-updates

[ System ]

	System Properties:
		Manufacturer	ASUSTeK Computer Inc.
		Product	K43SJ
		Version	1.0
		Serial Number	B9N0BC163432376
		SKU#	To be filled by O.E.M.
		Family	K
		Universal Unique ID	5154434B-4A31324E-463114DA-E9AE18F6
		Wake-Up Type	Power Switch

[ Motherboard ]

	Motherboard Properties:
		Manufacturer	ASUSTeK Computer Inc.
		Product	K43SJ
		Version	1.0
		Serial Number	NB-1234567890
		Asset Tag	To be filled by O.E.M.

	Motherboard Manufacturer:
		Company Name	ASUSTeK Computer Inc.
		Product Information	http://www.asus.com/Motherboards
		BIOS Download	http://support.asus.com/download/download.aspx?SLanguage=en-us
		Driver Update	http://www.aida64.com/driver-updates
		BIOS Upgrades	http://www.aida64.com/bios-updates

[ Chassis ]

	Chassis Properties:
		Manufacturer	ASUSTeK Computer Inc.
		Version	1.0
		Serial Number	0x00000000
		Asset Tag	No Asset Tag
		Chassis Type	LapTop
		Boot-Up State	Safe
		Power Supply State	Safe
		Thermal State	Safe
		Security Status	None

[ Processors / Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz ]

	Processor Properties:
		Manufacturer	Intel
		Version	Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
		Serial Number	To Be Filled By O.E.M.
		Asset Tag	To Be Filled By O.E.M.
		Part Number	To Be Filled By O.E.M.
		External Clock	100 MHz
		Maximum Clock	4000 MHz
		Current Clock	2500 MHz
		Type	Central Processor
		Status	Enabled
		Socket Designation	CPU 1
		HTT / CMP Units	1 / 2
		Capabilities	64-bit

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel%20Core%20i5-2450M
		Driver Update	http://www.aida64.com/driver-updates

[ Caches / L1-Cache ]

	Cache Properties:
		Type	Unified
		Status	Enabled
		Operational Mode	Write-Back
		Associativity	8-way Set-Associative
		Maximum Size	32 KB
		Installed Size	32 KB
		Error Correction	None
		Socket Designation	L1-Cache

[ Caches / L2-Cache ]

	Cache Properties:
		Type	Unified
		Status	Enabled
		Operational Mode	Varies with Memory Address
		Associativity	8-way Set-Associative
		Maximum Size	256 KB
		Installed Size	256 KB
		Error Correction	None
		Socket Designation	L2-Cache

[ Caches / L3-Cache ]

	Cache Properties:
		Type	Unified
		Status	Enabled
		Operational Mode	Varies with Memory Address
		Maximum Size	3072 KB
		Installed Size	3072 KB
		Error Correction	None
		Socket Designation	L3-Cache

[ Memory Arrays / System Memory ]

	Memory Array Properties:
		Location	Motherboard
		Memory Array Function	System Memory
		Error Correction	None
		Max. Memory Capacity	16 GB
		Memory Devices	4

[ Memory Devices / ChannelA-DIMM0 ]

	Memory Device Properties:
		Form Factor	SODIMM
		Type	DDR3
		Type Detail	Synchronous
		Size	4 GB
		Max. Clock Speed	1333 MHz
		Total Width	64-bit
		Data Width	64-bit
		Ranks	2
		Device Locator	ChannelA-DIMM0
		Bank Locator	BANK 0
		Manufacturer	Kingston
		Serial Number	4B244F79
		Asset Tag	9876543210
		Part Number	HP536726-H41-ELCUW

[ Memory Devices / ChannelA-DIMM1 ]

	Memory Device Properties:
		Form Factor	DIMM
		Device Locator	ChannelA-DIMM1
		Bank Locator	BANK 1
		Manufacturer	[Empty]
		Serial Number	[Empty]
		Asset Tag	9876543210
		Part Number	[Empty]

[ Memory Devices / ChannelB-DIMM0 ]

	Memory Device Properties:
		Form Factor	SODIMM
		Type	DDR3
		Type Detail	Synchronous
		Size	4 GB
		Max. Clock Speed	1333 MHz
		Total Width	64-bit
		Data Width	64-bit
		Ranks	2
		Device Locator	ChannelB-DIMM0
		Bank Locator	BANK 2
		Manufacturer	Hynix/Hyundai
		Serial Number	3158E54F
		Asset Tag	9876543210
		Part Number	HMT351S6EFR8C-PB

[ Memory Devices / ChannelB-DIMM1 ]

	Memory Device Properties:
		Form Factor	DIMM
		Device Locator	ChannelB-DIMM1
		Bank Locator	BANK 3
		Manufacturer	[Empty]
		Serial Number	[Empty]
		Asset Tag	9876543210
		Part Number	[Empty]

[ System Slots / J5C1 ]

	System Slot Properties:
		Slot Designation	J5C1
		Type	PCI-E x16
		Usage	In Use
		Data Bus Width	x16
		Length	Long

[ System Slots / J6C2 ]

	System Slot Properties:
		Slot Designation	J6C2
		Type	PCI-E
		Usage	Empty
		Data Bus Width	x1
		Length	Short

[ System Slots / J6D2 ]

	System Slot Properties:
		Slot Designation	J6D2
		Type	PCI-E
		Usage	In Use
		Data Bus Width	x1
		Length	Short

[ System Slots / J7C1 ]

	System Slot Properties:
		Slot Designation	J7C1
		Type	PCI-E
		Usage	Empty
		Data Bus Width	x1
		Length	Short

[ System Slots / J7D2 ]

	System Slot Properties:
		Slot Designation	J7D2
		Type	PCI-E
		Usage	In Use
		Data Bus Width	x1
		Length	Short

[ System Slots / J6C1 ]

	System Slot Properties:
		Slot Designation	J6C1
		Type	PCI-E
		Usage	Empty
		Data Bus Width	x1
		Length	Short

[ System Slots / J8C2 ]

	System Slot Properties:
		Slot Designation	J8C2
		Type	PCI-E x16
		Usage	In Use
		Data Bus Width	32-bit
		Length	Long

[ Port Connectors / PS2Mouse ]

	Port Connector Properties:
		Port Type	Mouse Port
		Internal Reference Designator	J1A1
		Internal Connector Type	None
		External Reference Designator	PS2Mouse
		External Connector Type	PS/2

[ Port Connectors / Keyboard ]

	Port Connector Properties:
		Port Type	Keyboard Port
		Internal Reference Designator	J1A1
		Internal Connector Type	None
		External Reference Designator	Keyboard
		External Connector Type	PS/2

[ Port Connectors / Serial Port ]

	Port Connector Properties:
		Port Type	Serial Port 16550A Compatible
		Internal Reference Designator	J1A2A
		Internal Connector Type	None
		External Reference Designator	Serial Port
		External Connector Type	DB-9 pin male

[ Port Connectors / Video ]

	Port Connector Properties:
		Port Type	Video Port
		Internal Reference Designator	J1A2B
		Internal Connector Type	None
		External Reference Designator	Video
		External Connector Type	DB-15 pin female

[ Port Connectors / HDMI ]

	Port Connector Properties:
		Port Type	Video Port
		Internal Reference Designator	J3A2
		Internal Connector Type	None
		External Reference Designator	HDMI

[ Port Connectors / USB1 ]

	Port Connector Properties:
		Port Type	USB
		Internal Reference Designator	J3A3
		Internal Connector Type	None
		External Reference Designator	USB1
		External Connector Type	USB

[ Port Connectors / USB2 ]

	Port Connector Properties:
		Port Type	USB
		Internal Reference Designator	J3A3
		Internal Connector Type	None
		External Reference Designator	USB2
		External Connector Type	USB

[ Port Connectors / USB3 ]

	Port Connector Properties:
		Port Type	USB
		Internal Reference Designator	J3A3
		Internal Connector Type	None
		External Reference Designator	USB3
		External Connector Type	USB

[ Port Connectors / USB4 ]

	Port Connector Properties:
		Port Type	USB
		Internal Reference Designator	J3A3
		Internal Connector Type	None
		External Reference Designator	USB4
		External Connector Type	USB

[ Port Connectors / USB5 ]

	Port Connector Properties:
		Port Type	USB
		Internal Reference Designator	J4A1
		Internal Connector Type	None
		External Reference Designator	USB5
		External Connector Type	USB

[ Port Connectors / USB6 ]

	Port Connector Properties:
		Port Type	USB
		Internal Reference Designator	J4A1
		Internal Connector Type	None
		External Reference Designator	USB6
		External Connector Type	USB

[ Port Connectors / LAN ]

	Port Connector Properties:
		Port Type	Network Port
		Internal Reference Designator	J4A1
		Internal Connector Type	None
		External Reference Designator	LAN
		External Connector Type	RJ-45

[ Port Connectors / Motherboard DP ]

	Port Connector Properties:
		Internal Reference Designator	J5A1
		Internal Connector Type	None
		External Reference Designator	Motherboard DP

[ Port Connectors / SATA Port 0 Direct Connect ]

	Port Connector Properties:
		Port Type	SATA
		Internal Reference Designator	J8J1
		Internal Connector Type	None
		External Reference Designator	SATA Port 0 Direct Connect
		External Connector Type	SATA/SAS Plug Receptacle

[ Port Connectors / eSATA Port 4 ]

	Port Connector Properties:
		Port Type	SATA
		Internal Reference Designator	J7J1
		Internal Connector Type	None
		External Reference Designator	eSATA Port 4
		External Connector Type	SATA/SAS Plug Receptacle

[ Port Connectors / eSATA Port 3 ]

	Port Connector Properties:
		Port Type	SATA
		Internal Reference Designator	J6J1
		Internal Connector Type	None
		External Reference Designator	eSATA Port 3
		External Connector Type	SATA/SAS Plug Receptacle

[ Port Connectors / AC IN ]

	Port Connector Properties:
		Internal Reference Designator	J1F2
		Internal Connector Type	None
		External Reference Designator	AC IN

[ Port Connectors / J5B1 - PCH JTAG ]

	Port Connector Properties:
		Internal Reference Designator	J5B1 - PCH JTAG
		External Connector Type	None

[ Port Connectors / J9A1 - TPM/PORT 80 ]

	Port Connector Properties:
		Internal Reference Designator	J9A1 - TPM/PORT 80
		External Connector Type	None

[ Port Connectors / J9E4 - HDA 2X8 Header ]

	Port Connector Properties:
		Internal Reference Designator	J9E4 - HDA 2X8 Header
		External Connector Type	None

[ Port Connectors / J9E7 - HDA 8Pin Header ]

	Port Connector Properties:
		Internal Reference Designator	J9E7 - HDA 8Pin Header
		External Connector Type	None

[ Port Connectors / J8F1 - HDA HDMI ]

	Port Connector Properties:
		Internal Reference Designator	J8F1 - HDA HDMI
		External Connector Type	None

[ Port Connectors / J9E3 - Scan Matrix Keyboard ]

	Port Connector Properties:
		Internal Reference Designator	J9E3 - Scan Matrix Keyboard
		External Connector Type	None

[ Port Connectors / J8E1 - SPI Program ]

	Port Connector Properties:
		Internal Reference Designator	J8E1 - SPI Program
		External Connector Type	None

[ Port Connectors / J9E5 - LPC Hot Docking ]

	Port Connector Properties:
		Internal Reference Designator	J9E5 - LPC Hot Docking
		External Connector Type	None

[ Port Connectors / J9G2 - LPC SIDE BAND ]

	Port Connector Properties:
		Internal Reference Designator	J9G2 - LPC SIDE BAND
		External Connector Type	None

[ Port Connectors / J8F2 - LPC Slot ]

	Port Connector Properties:
		Internal Reference Designator	J8F2 - LPC Slot
		External Connector Type	None

[ Port Connectors / J8H3 - PCH XDP ]

	Port Connector Properties:
		Internal Reference Designator	J8H3 - PCH XDP
		External Connector Type	None

[ Port Connectors / J7G1 - SATA Port 2 ]

	Port Connector Properties:
		Port Type	SATA
		Internal Reference Designator	J7G1 - SATA Port 2
		Internal Connector Type	SATA/SAS Plug Receptacle
		External Connector Type	None

[ Port Connectors / J7G2 - SATA Port 1 ]

	Port Connector Properties:
		Port Type	SATA
		Internal Reference Designator	J7G2 - SATA Port 1
		Internal Connector Type	SATA/SAS Plug Receptacle
		External Connector Type	None

[ Port Connectors / J6H1 - SATA Power ]

	Port Connector Properties:
		Internal Reference Designator	J6H1 - SATA Power
		External Connector Type	None

[ Port Connectors / J5J1 - FP Header ]

	Port Connector Properties:
		Internal Reference Designator	J5J1 - FP Header
		External Connector Type	None

[ Pointing Devices / Mouse ]

	Device Properties:
		Device Type	Mouse
		Interface	PS/2
		Buttons	3

[ On-Board Devices / To Be Filled By O.E.M. ]

	On-Board Device Properties:
		Description	To Be Filled By O.E.M.
		Type	Video
		Status	Enabled

[ On-Board Devices / To Be Filled By O.E.M. ]

	On-Board Device Properties:
		Description	To Be Filled By O.E.M.
		Type	Ethernet
		Status	Disabled

[ On-Board Devices / To Be Filled By O.E.M. ]

	On-Board Device Properties:
		Description	To Be Filled By O.E.M.
		Type	Sound
		Status	Enabled

[ On-Board Devices / Onboard IGD ]

	On-Board Device Properties:
		Description	Onboard IGD
		Type	Video
		Status	Enabled
		Bus / Device / Function	0 / 2 / 0

[ On-Board Devices / Onboard LAN ]

	On-Board Device Properties:
		Description	Onboard LAN
		Type	Ethernet
		Status	Disabled
		Bus / Device / Function	0 / 25 / 0

[ On-Board Devices / Onboard Audio ]

	On-Board Device Properties:
		Description	Onboard Audio
		Type	Sound
		Status	Enabled
		Bus / Device / Function	0 / 27 / 0

[ Power Supplies / To Be Filled By O.E.M. ]

	Power Supply Properties:
		Device Name	To Be Filled By O.E.M.
		Manufacturer	To Be Filled By O.E.M.
		Serial Number	To Be Filled By O.E.M.
		Asset Tag	To Be Filled By O.E.M.
		Part Number	To Be Filled By O.E.M.
		Location	To Be Filled By O.E.M.
		Hot Replaceable	No

[ Batteries / MOLICEL ]

	Battery Properties:
		Device Name	MOLICEL
		Manufacturer	E-One Moli Energy
		Manufacture Date	10/31/2006
		Serial Number	FSPK50074
		Location	Real 1
		Battery Type	Li-Ion
		SDDS Version	SBDS Version Number

[ Batteries / MOLICEL ]

	Battery Properties:
		Device Name	MOLICEL
		Manufacturer	E-One Moli Energy
		Manufacture Date	10/31/2006
		Serial Number	FSPK50074
		Location	Real 2
		Battery Type	Li-Ion
		SDDS Version	SBDS Version Number

[ Batteries / CRB Battery 0 ]

	Battery Properties:
		Device Name	CRB Battery 0
		Manufacturer	-Virtual Battery 0-
		Manufacture Date	10/31/2006
		Serial Number	Battery 0
		Location	Fake
		Battery Type	Li-Ion
		SDDS Version	SBDS Version Number

[ Batteries / Battery Name ]

	Battery Properties:
		Device Name	Battery Name
		Manufacturer	Battery Manufacturer
		Manufacture Date	01/01/2007
		Serial Number	Serial Number
		Location	Location of the battery
		Battery Type	NiCd
		SDDS Version	SBDS Version Number

[ Temperature Probes / LM78A ]

	Device Properties:
		Device Description	LM78A

[ Voltage Probes / LM78A ]

	Device Properties:
		Device Description	LM78A

[ Electrical Current Probes / ABC ]

	Device Properties:
		Device Description	ABC

[ Cooling Device / Cooling Dev 1 ]

	Device Properties:
		Device Description	Cooling Dev 1

[ Cooling Device / Cooling Device #2 ]

	Device Properties:

[ Management Devices / LM78-1 ]

	Management Device Properties:
		Description	LM78-1

[ Miscellaneous ]

	Miscellaneous:
		OEM String	90N3VLDD5A2C3100410U
		System Configuration Option	DSN:

Overclock


CPU Properties:
	CPU Type	Mobile DualCore Intel Core i5-2450M
	CPU Alias	Sandy Bridge-MB
	CPU Stepping	D2
	Engineering Sample	No
	CPUID CPU Name	Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
	CPUID Revision	000206A7h
	CPU VID	1.2260 V

CPU Speed:
	CPU Clock	2893.6 MHz (original: 2500 MHz, overclock: 16%)
	CPU Multiplier	29x
	CPU FSB	99.8 MHz (original: 100 MHz)
	North Bridge Clock	2893.6 MHz
	Memory Bus	665.2 MHz
	DRAM:FSB Ratio	20:3

CPU Cache:
	L1 Code Cache	32 KB per core
	L1 Data Cache	32 KB per core
	L2 Cache	256 KB per core (On-Die, ECC, Full-Speed)
	L3 Cache	3 MB (On-Die, ECC, Full-Speed)

Motherboard Properties:
	Motherboard ID	63-0100-000001-00101111-090710-Chipset$A1766317_BIOS DATE: 04/19/12 14:30:40 VER: 04.06.03
	Motherboard Name	Asus K43SJ Series Notebook

Chipset Properties:
	Motherboard Chipset	Intel Cougar Point HM65, Intel Sandy Bridge
	Memory Timings	9-9-9-24 (CL-RCD-RP-RAS)
	Command Rate (CR)	1T
	DIMM1: Kingston HP536726-H41-ELCUW	4 GB DDR3-1333 DDR3 SDRAM (9-9-9-24 @ 666 MHz) (8-8-8-22 @ 609 MHz) (7-7-7-20 @ 533 MHz) (6-6-6-17 @ 457 MHz) (5-5-5-14 @ 380 MHz)
	DIMM3: SK Hynix HMT351S6EFR8C-PB	4 GB DDR3-1600 DDR3 SDRAM (11-11-11-28 @ 800 MHz) (10-10-10-27 @ 761 MHz) (9-9-9-24 @ 685 MHz) (8-8-8-22 @ 609 MHz) (7-7-7-19 @ 533 MHz) (6-6-6-16 @ 457 MHz) (5-5-5-14 @ 380 MHz)

BIOS Properties:
	System BIOS Date	04/19/2012
	Video BIOS Date	02/20/12
	DMI BIOS Version	K43SJ.317

Graphics Processor Properties:
	Video Adapter	nVIDIA GeForce GT 520M (Asus)
	GPU Code Name	GF119M (PCI Express 2.0 x16 10DE / 1050, Rev A1)
	GPU Clock (Geometric Domain)	740 MHz
	GPU Clock (Shader Domain)	1480 MHz
	Memory Clock	800 MHz

Power Management


Power Management Properties:
	Current Power Source	AC Line
	Battery Status	No Battery
	Full Battery Lifetime	Unknown
	Remaining Battery Lifetime	Unknown

Portable Computer


Centrino (Carmel) Platform Compliancy:
	CPU: Intel Pentium M (Banias/Dothan)	No (Mobile Intel Core i5-2450M)
	Chipset: Intel i855GM/PM	No (Intel Cougar Point HM65, Intel Sandy Bridge)
	WLAN: Intel PRO/Wireless	No
	System: Centrino Compliant	No

Centrino (Sonoma) Platform Compliancy:
	CPU: Intel Pentium M (Dothan)	No (Mobile Intel Core i5-2450M)
	Chipset: Intel i915GM/PM	No (Intel Cougar Point HM65, Intel Sandy Bridge)
	WLAN: Intel PRO/Wireless 2200/2915	No
	System: Centrino Compliant	No

Centrino (Napa) Platform Compliancy:
	CPU: Intel Core (Yonah) / Core 2 (Merom)	No (Mobile Intel Core i5-2450M)
	Chipset: Intel i945GM/PM	No (Intel Cougar Point HM65, Intel Sandy Bridge)
	WLAN: Intel PRO/Wireless 3945/3965	No
	System: Centrino Compliant	No

Centrino (Santa Rosa) Platform Compliancy:
	CPU: Intel Core 2 (Merom/Penryn)	No (Mobile Intel Core i5-2450M)
	Chipset: Intel GM965/PM965	No (Intel Cougar Point HM65, Intel Sandy Bridge)
	WLAN: Intel Wireless WiFi Link 4965	No
	System: Centrino Compliant	No

Centrino 2 (Montevina) Platform Compliancy:
	CPU: Intel Core 2 (Penryn)	No (Mobile Intel Core i5-2450M)
	Chipset: Mobile Intel 4 Series	No (Intel Cougar Point HM65, Intel Sandy Bridge)
	WLAN: Intel WiFi Link 5000 Series	No
	System: Centrino 2 Compliant	No

Centrino (Calpella) Platform Compliancy:
	CPU: Intel Core i3/i5/i7 (Arrandale/Clarksfield)	No (Mobile Intel Core i5-2450M)
	Chipset: Mobile Intel 5 Series	No (Intel Cougar Point HM65, Intel Sandy Bridge)
	WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N	No
	System: Centrino Compliant	No

Centrino (Huron River) Platform Compliancy:
	CPU: Intel Core i3/i5/i7 (Sandy Bridge-MB)	Yes (Mobile Intel Core i5-2450M)
	Chipset: Mobile Intel 6 Series	Yes (Intel Cougar Point HM65, Intel Sandy Bridge)
	WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N	No
	System: Centrino Compliant	No

Centrino (Chief River) Platform Compliancy:
	CPU: Intel Core i3/i5/i7 (Ivy Bridge-MB)	No (Mobile Intel Core i5-2450M)
	Chipset: Mobile Intel 7 Series	No (Intel Cougar Point HM65, Intel Sandy Bridge)
	WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N	No
	System: Centrino Compliant	No

Centrino (Shark Bay-MB) Platform Compliancy:
	CPU: Intel Core i3/i5/i7 (Haswell-MB)	No (Mobile Intel Core i5-2450M)
	Chipset: Mobile Intel 8/9 Series	No (Intel Cougar Point HM65, Intel Sandy Bridge)
	WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N	No
	System: Centrino Compliant	No

Sensor


Sensor Properties:
	Sensor Type	CPU, HDD, Asus NB ACPI, PCH, SNB
	GPU Sensor Type	Diode (NV-Diode)

Temperatures:
	CPU	69 °C (156 °F)
	CPU Package	76 °C (169 °F)
	CPU IA Cores	76 °C (169 °F)
	CPU GT Cores	65 °C (149 °F)
	CPU #1 / Core #1	81 °C (178 °F)
	CPU #1 / Core #2	77 °C (171 °F)
	PCH Diode	50 °C (122 °F)
	GPU Diode	49 °C (120 °F)
	INTEL SSDSC2BW120A4	32 °C (90 °F)
	HGST HTS545050A7E380	23 °C (73 °F)

Cooling Fans:
	CPU	2800 RPM
	GPU	100%

Voltage Values:
	CPU Core	0.796 V
	GPU Core	1.000 V

Power Values:
	CPU Package	10.88 W
	CPU IA Cores	1.09 W

CPU


CPU Properties:
	CPU Type	Mobile DualCore Intel Core i5-2450M, 2900 MHz (29 x 100)
	CPU Alias	Sandy Bridge-MB
	CPU Stepping	D2
	Instruction Set	x86, x86-64, MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, AVX
	Original Clock	2500 MHz
	Min / Max CPU Multiplier	8x / 25x
	Engineering Sample	No
	L1 Code Cache	32 KB per core
	L1 Data Cache	32 KB per core
	L2 Cache	256 KB per core (On-Die, ECC, Full-Speed)
	L3 Cache	3 MB (On-Die, ECC, Full-Speed)

CPU Physical Info:
	Package Type	988 Pin rPGA
	Package Size	37.5 mm x 37.5 mm
	Process Technology	32 nm, CMOS, Cu, High-K + Metal Gate
	Typical Power	35 W

CPU Manufacturer:
	Company Name	Intel Corporation
	Product Information	http://ark.intel.com/search.aspx?q=Intel%20Core%20i5-2450M
	Driver Update	http://www.aida64.com/driver-updates

Multi CPU:
	Motherboard ID	NoteBook _ASUS_
	CPU #1	Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, 2494 MHz
	CPU #2	Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, 2494 MHz
	CPU #3	Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, 2494 MHz
	CPU #4	Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, 2494 MHz

CPU Utilization:
	CPU #1 / Core #1 / HTT Unit #1	0%
	CPU #1 / Core #1 / HTT Unit #2	0%
	CPU #1 / Core #2 / HTT Unit #1	0%
	CPU #1 / Core #2 / HTT Unit #2	0%

CPUID


CPUID Properties:
	CPUID Manufacturer	GenuineIntel
	CPUID CPU Name	Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
	CPUID Revision	000206A7h
	IA Brand ID	00h (Unknown)
	Platform ID	29h / MC 10h (rPGA988B)
	Microcode Update Revision	1Bh
	HTT / CMP Units	2 / 2
	Tjmax Temperature	100 °C (212 °F)
	CPU Thermal Design Power	35 W
	CPU IA Cores Thermal Design Current	97.5 A
	CPU GT Cores Thermal Design Current	32.5 A
	CPU Max Power Limit	56 W / 64.00 sec
	CPU Power Limit 1 (Long Duration)	35 W / 28.00 sec (Unlocked)
	CPU Power Limit 2 (Short Duration)	43.8 W / Unlimited Time (Unlocked)
	Max Turbo Boost Multipliers	1C: 31x, 2C: 29x

Instruction Set:
	64-bit x86 Extension (AMD64, Intel64)	Supported
	AMD 3DNow!	Not Supported
	AMD 3DNow! Professional	Not Supported
	AMD 3DNowPrefetch	Not Supported
	AMD Enhanced 3DNow!	Not Supported
	AMD Extended MMX	Not Supported
	AMD FMA4	Not Supported
	AMD MisAligned SSE	Not Supported
	AMD SSE4A	Not Supported
	AMD XOP	Not Supported
	Cyrix Extended MMX	Not Supported
	Enhanced REP MOVSB/STOSB	Not Supported
	Float-16 Conversion Instructions	Not Supported
	IA-64	Not Supported
	IA AES Extensions	Not Supported
	IA AVX	Supported, Enabled
	IA AVX2	Not Supported
	IA AVX-512 (AVX512F)	Not Supported
	IA AVX-512 52-bit Integer Instructions (AVX512IFMA52)	Not Supported
	IA AVX-512 Byte and Word Instructions (AVX512BW)	Not Supported
	IA AVX-512 Conflict Detection Instructions (AVX512CD)	Not Supported
	IA AVX-512 Doubleword and Quadword Instructions (AVX512DQ)	Not Supported
	IA AVX-512 Exponential and Reciprocal Instructions (AVX512ER)	Not Supported
	IA AVX-512 Prefetch Instructions (AVX512PF)	Not Supported
	IA AVX-512 Vector Bit Manipulation Instructions (AVX512VBMI)	Not Supported
	IA AVX-512 Vector Length Extensions (AVX512VL)	Not Supported
	IA BMI1	Not Supported
	IA BMI2	Not Supported
	IA FMA	Not Supported
	IA MMX	Supported
	IA SHA Extensions	Not Supported
	IA SSE	Supported
	IA SSE2	Supported
	IA SSE3	Supported
	IA Supplemental SSE3	Supported
	IA SSE4.1	Supported
	IA SSE4.2	Supported
	VIA Alternate Instruction Set	Not Supported
	ADCX / ADOX Instruction	Not Supported
	CLFLUSH Instruction	Supported
	CLFLUSHOPT Instruction	Not Supported
	CLWB Instruction	Not Supported
	CMPXCHG8B Instruction	Supported
	CMPXCHG16B Instruction	Supported
	Conditional Move Instruction	Supported
	INVPCID Instruction	Not Supported
	LAHF / SAHF Instruction	Supported
	LZCNT Instruction	Not Supported
	MONITOR / MWAIT Instruction	Supported
	MONITORX / MWAITX Instruction	Not Supported
	MOVBE Instruction	Not Supported
	PCLMULQDQ Instruction	Supported
	PCOMMIT Instruction	Not Supported
	POPCNT Instruction	Supported
	PREFETCHWT1 Instruction	Not Supported
	RDFSBASE / RDGSBASE / WRFSBASE / WRGSBASE Instruction	Not Supported
	RDRAND Instruction	Not Supported
	RDSEED Instruction	Not Supported
	RDTSCP Instruction	Supported
	SKINIT / STGI Instruction	Not Supported
	SYSCALL / SYSRET Instruction	Not Supported
	SYSENTER / SYSEXIT Instruction	Supported
	Trailing Bit Manipulation Instructions	Not Supported
	VIA FEMMS Instruction	Not Supported

Security Features:
	Advanced Cryptography Engine (ACE)	Not Supported
	Advanced Cryptography Engine 2 (ACE2)	Not Supported
	Data Execution Prevention (DEP, NX, EDB)	Supported
	Hardware Random Number Generator (RNG)	Not Supported
	Hardware Random Number Generator 2 (RNG2)	Not Supported
	Memory Protection Extensions (MPX)	Not Supported
	PadLock Hash Engine (PHE)	Not Supported
	PadLock Hash Engine 2 (PHE2)	Not Supported
	PadLock Montgomery Multiplier (PMM)	Not Supported
	PadLock Montgomery Multiplier 2 (PMM2)	Not Supported
	Processor Serial Number (PSN)	Not Supported
	Safer Mode Extensions (SMX)	Not Supported
	Software Guard Extensions (SGX)	Not Supported
	Supervisor Mode Access Prevention (SMAP)	Not Supported
	Supervisor Mode Execution Protection (SMEP)	Not Supported

Power Management Features:
	Application Power Management (APM)	Not Supported
	Automatic Clock Control	Supported
	Core C6 State (CC6)	Not Supported
	Digital Thermometer	Supported
	Dynamic FSB Frequency Switching	Not Supported
	Enhanced Halt State (C1E)	Supported, Enabled
	Enhanced SpeedStep Technology (EIST, ESS)	Supported, Enabled
	Frequency ID Control	Not Supported
	Hardware P-State Control	Not Supported
	Hardware Thermal Control (HTC)	Not Supported
	LongRun	Not Supported
	LongRun Table Interface	Not Supported
	Overstress	Not Supported
	Package C6 State (PC6)	Not Supported
	Parallax	Not Supported
	PowerSaver 1.0	Not Supported
	PowerSaver 2.0	Not Supported
	PowerSaver 3.0	Not Supported
	Processor Duty Cycle Control	Supported
	Software Thermal Control	Not Supported
	Temperature Sensing Diode	Not Supported
	Thermal Monitor 1	Supported
	Thermal Monitor 2	Supported
	Thermal Monitor 3	Not Supported
	Thermal Monitoring	Not Supported
	Thermal Trip	Not Supported
	Voltage ID Control	Not Supported

Virtualization Features:
	Extended Page Table (EPT)	Supported
	Hypervisor	Not Present
	INVEPT Instruction	Supported
	INVVPID Instruction	Supported
	Nested Paging (NPT, RVI)	Not Supported
	Secure Virtual Machine (SVM, Pacifica)	Not Supported
	Virtual Machine Extensions (VMX, Vanderpool)	Supported
	Virtual Processor ID (VPID)	Supported

CPUID Features:
	1 GB Page Size	Not Supported
	36-bit Page Size Extension	Supported
	64-bit DS Area	Supported
	Adaptive Overclocking	Not Supported
	Address Region Registers (ARR)	Not Supported
	Configurable TDP (cTDP)	Not Supported
	Core Performance Boost (CPB)	Not Supported
	Core Performance Counters	Not Supported
	CPL Qualified Debug Store	Supported
	Data Breakpoint Extension	Not Supported
	Debug Trace Store	Supported
	Debugging Extension	Supported
	Deprecated FPU CS and FPU DS	Not Supported
	Direct Cache Access	Not Supported
	Dynamic Acceleration Technology (IDA)	Not Supported
	Dynamic Configurable TDP (DcTDP)	Not Supported
	Extended APIC Register Space	Not Supported
	Fast Save & Restore	Supported
	Hardware Lock Elision (HLE)	Not Supported
	Hybrid Boost	Not Supported
	Hyper-Threading Technology (HTT)	Supported, Enabled
	Instruction Based Sampling	Not Supported
	Invariant Time Stamp Counter	Supported
	L1 Context ID	Not Supported
	L2I Performance Counters	Not Supported
	Lightweight Profiling	Not Supported
	Local APIC On Chip	Supported
	Machine Check Architecture (MCA)	Supported
	Machine Check Exception (MCE)	Supported
	Memory Configuration Registers (MCR)	Not Supported
	Memory Type Range Registers (MTRR)	Supported
	Model Specific Registers (MSR)	Supported
	NB Performance Counters	Not Supported
	Page Attribute Table (PAT)	Supported
	Page Global Extension	Supported
	Page Size Extension (PSE)	Supported
	Pending Break Event (PBE)	Supported
	Performance Time Stamp Counter (PTSC)	Not Supported
	Physical Address Extension (PAE)	Supported
	Platform Quality of Service Enforcement (PQE)	Not Supported
	Platform Quality of Service Monitoring (PQM)	Not Supported
	Process Context Identifiers (PCID)	Supported
	Processor Feedback Interface	Not Supported
	Processor Trace (PT)	Not Supported
	Restricted Transactional Memory (RTM)	Not Supported
	Self-Snoop	Supported
	Time Stamp Counter (TSC)	Supported
	Turbo Boost	Supported, Enabled
	Virtual Mode Extension	Supported
	Watchdog Timer	Not Supported
	x2APIC	Supported, Disabled
	XGETBV / XSETBV OS Enabled	Supported
	XSAVE / XRSTOR / XSETBV / XGETBV Extended States	Supported
	XSAVEOPT	Supported

CPUID Registers (CPU #1):
	CPUID 00000000	0000000D-756E6547-6C65746E-49656E69 [GenuineIntel]
	CPUID 00000001	000206A7-00100800-1DBAE3BF-BFEBFBFF
	CPUID 00000002	76035A01-00F0B2FF-00000000-00CA0000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C004121-01C0003F-0000003F-00000000 [SL 00]
	CPUID 00000004	1C004122-01C0003F-0000003F-00000000 [SL 01]
	CPUID 00000004	1C004143-01C0003F-000001FF-00000000 [SL 02]
	CPUID 00000004	1C03C163-02C0003F-00000FFF-00000006 [SL 03]
	CPUID 00000005	00000040-00000040-00000003-00021120
	CPUID 00000006	00000077-00000002-00000009-00000000
	CPUID 00000007	00000000-00000000-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07300403-00000000-00000000-00000603
	CPUID 0000000B	00000001-00000002-00000100-00000000 [SL 00]
	CPUID 0000000B	00000004-00000004-00000201-00000000 [SL 01]
	CPUID 0000000C	00000000-00000000-00000000-00000000
	CPUID 0000000D	00000007-00000340-00000340-00000000 [SL 00]
	CPUID 0000000D	00000001-00000000-00000000-00000000 [SL 01]
	CPUID 0000000D	00000100-00000240-00000000-00000000 [SL 02]
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000001-28100000
	CPUID 80000002	20202020-49202020-6C65746E-20295228 [ Intel(R) ]
	CPUID 80000003	65726F43-294D5428-2D356920-30353432 [Core(TM) i5-2450]
	CPUID 80000004	5043204D-20402055-30352E32-007A4847 [M CPU @ 2.50GHz]
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-01006040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

CPUID Registers (CPU #2 Virtual):
	CPUID 00000000	0000000D-756E6547-6C65746E-49656E69 [GenuineIntel]
	CPUID 00000001	000206A7-01100800-1DBAE3BF-BFEBFBFF
	CPUID 00000002	76035A01-00F0B2FF-00000000-00CA0000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C004121-01C0003F-0000003F-00000000 [SL 00]
	CPUID 00000004	1C004122-01C0003F-0000003F-00000000 [SL 01]
	CPUID 00000004	1C004143-01C0003F-000001FF-00000000 [SL 02]
	CPUID 00000004	1C03C163-02C0003F-00000FFF-00000006 [SL 03]
	CPUID 00000005	00000040-00000040-00000003-00021120
	CPUID 00000006	00000077-00000002-00000009-00000000
	CPUID 00000007	00000000-00000000-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07300403-00000000-00000000-00000603
	CPUID 0000000B	00000001-00000002-00000100-00000001 [SL 00]
	CPUID 0000000B	00000004-00000004-00000201-00000001 [SL 01]
	CPUID 0000000C	00000000-00000000-00000000-00000000
	CPUID 0000000D	00000007-00000340-00000340-00000000 [SL 00]
	CPUID 0000000D	00000001-00000000-00000000-00000000 [SL 01]
	CPUID 0000000D	00000100-00000240-00000000-00000000 [SL 02]
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000001-28100000
	CPUID 80000002	20202020-49202020-6C65746E-20295228 [ Intel(R) ]
	CPUID 80000003	65726F43-294D5428-2D356920-30353432 [Core(TM) i5-2450]
	CPUID 80000004	5043204D-20402055-30352E32-007A4847 [M CPU @ 2.50GHz]
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-01006040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

CPUID Registers (CPU #3):
	CPUID 00000000	0000000D-756E6547-6C65746E-49656E69 [GenuineIntel]
	CPUID 00000001	000206A7-02100800-1DBAE3BF-BFEBFBFF
	CPUID 00000002	76035A01-00F0B2FF-00000000-00CA0000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C004121-01C0003F-0000003F-00000000 [SL 00]
	CPUID 00000004	1C004122-01C0003F-0000003F-00000000 [SL 01]
	CPUID 00000004	1C004143-01C0003F-000001FF-00000000 [SL 02]
	CPUID 00000004	1C03C163-02C0003F-00000FFF-00000006 [SL 03]
	CPUID 00000005	00000040-00000040-00000003-00021120
	CPUID 00000006	00000077-00000002-00000009-00000000
	CPUID 00000007	00000000-00000000-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07300403-00000000-00000000-00000603
	CPUID 0000000B	00000001-00000002-00000100-00000002 [SL 00]
	CPUID 0000000B	00000004-00000004-00000201-00000002 [SL 01]
	CPUID 0000000C	00000000-00000000-00000000-00000000
	CPUID 0000000D	00000007-00000340-00000340-00000000 [SL 00]
	CPUID 0000000D	00000001-00000000-00000000-00000000 [SL 01]
	CPUID 0000000D	00000100-00000240-00000000-00000000 [SL 02]
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000001-28100000
	CPUID 80000002	20202020-49202020-6C65746E-20295228 [ Intel(R) ]
	CPUID 80000003	65726F43-294D5428-2D356920-30353432 [Core(TM) i5-2450]
	CPUID 80000004	5043204D-20402055-30352E32-007A4847 [M CPU @ 2.50GHz]
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-01006040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

CPUID Registers (CPU #4 Virtual):
	CPUID 00000000	0000000D-756E6547-6C65746E-49656E69 [GenuineIntel]
	CPUID 00000001	000206A7-03100800-1DBAE3BF-BFEBFBFF
	CPUID 00000002	76035A01-00F0B2FF-00000000-00CA0000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C004121-01C0003F-0000003F-00000000 [SL 00]
	CPUID 00000004	1C004122-01C0003F-0000003F-00000000 [SL 01]
	CPUID 00000004	1C004143-01C0003F-000001FF-00000000 [SL 02]
	CPUID 00000004	1C03C163-02C0003F-00000FFF-00000006 [SL 03]
	CPUID 00000005	00000040-00000040-00000003-00021120
	CPUID 00000006	00000077-00000002-00000009-00000000
	CPUID 00000007	00000000-00000000-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07300403-00000000-00000000-00000603
	CPUID 0000000B	00000001-00000002-00000100-00000003 [SL 00]
	CPUID 0000000B	00000004-00000004-00000201-00000003 [SL 01]
	CPUID 0000000C	00000000-00000000-00000000-00000000
	CPUID 0000000D	00000007-00000340-00000340-00000000 [SL 00]
	CPUID 0000000D	00000001-00000000-00000000-00000000 [SL 01]
	CPUID 0000000D	00000100-00000240-00000000-00000000 [SL 02]
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000001-28100000
	CPUID 80000002	20202020-49202020-6C65746E-20295228 [ Intel(R) ]
	CPUID 80000003	65726F43-294D5428-2D356920-30353432 [Core(TM) i5-2450]
	CPUID 80000004	5043204D-20402055-30352E32-007A4847 [M CPU @ 2.50GHz]
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-01006040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

MSR Registers:
	MSR 00000017	0010-0000-0000-0000 [PlatID = 4]
	MSR 0000001B	0000-0000-FEE0-0900
	MSR 00000035	0000-0000-0002-0004
	MSR 0000008B	0000-001B-0000-0000
	MSR 000000CE	0000-0800-6001-1900 [eD = 0]
	MSR 000000E7	0000-0000-0027-8228
	MSR 000000E7	0000-0000-00E6-FAB7 [S200]
	MSR 000000E7	0000-0000-012E-69A5 [S200]
	MSR 000000E8	0000-0000-0009-97C3 [S200]
	MSR 000000E8	0000-0000-0018-FAE4 [S200]
	MSR 000000E8	0000-0000-005F-1F36
	MSR 00000194	0000-0000-0001-0000
	MSR 00000198	0000-273B-0000-1D00
	MSR 00000198	0000-273B-0000-1D00 [S200]
	MSR 00000198	0000-273B-0000-1D00 [S200]
	MSR 00000199	0000-0000-0000-1F00
	MSR 0000019A	0000-0000-0000-0000
	MSR 0000019B	0000-0000-0000-0000
	MSR 0000019C	0000-0000-8821-0000
	MSR 0000019C	0000-0000-8821-0000 [S200]
	MSR 0000019C	0000-0000-8822-0000 [S200]
	MSR 0000019D	0000-0000-0000-0000
	MSR 000001A0	0000-0000-0085-0089
	MSR 000001A2	0000-0000-0064-0E00
	MSR 000001A4	0000-0000-0000-0000
	MSR 000001AA	0000-0000-0040-0000
	MSR 000001AC	< FAILED >
	MSR 000001AD	0000-0000-1D1D-1D1F
	MSR 000001B0	0000-0000-0000-0005
	MSR 000001B1	0000-0000-8821-0000
	MSR 000001B2	0000-0000-0000-0000
	MSR 000001FC	0000-0000-0004-005F
	MSR 00000300	< FAILED >
	MSR 0000030A	0000-0000-0000-0000
	MSR 0000030A	0000-0000-0000-0000 [S200]
	MSR 0000030A	0000-0000-0000-0000 [S200]
	MSR 0000030B	0000-0000-0000-0000
	MSR 0000030B	0000-0000-0000-0000 [S200]
	MSR 0000030B	0000-0000-0000-0000 [S200]
	MSR 00000480	00DA-0400-0000-0010
	MSR 00000481	0000-007F-0000-0016
	MSR 00000482	FFF9-FFFE-0401-E172
	MSR 00000483	007F-FFFF-0003-6DFF
	MSR 00000484	0000-FFFF-0000-11FF
	MSR 00000485	0000-0000-1004-01E5
	MSR 00000486	0000-0000-8000-0021
	MSR 00000487	0000-0000-FFFF-FFFF
	MSR 00000488	0000-0000-0000-2000
	MSR 00000489	0000-0000-0006-27FF
	MSR 0000048A	0000-0000-0000-002A
	MSR 0000048B	0000-00FF-0000-0000
	MSR 0000048C	0000-0F01-0611-4141
	MSR 0000048D	0000-007F-0000-0016
	MSR 0000048E	FFF9-FFFE-0400-6172
	MSR 0000048F	007F-FFFF-0003-6DFB
	MSR 00000490	0000-FFFF-0000-11FB
	MSR 00000601	1814-1494-8000-030C
	MSR 00000602	1814-1494-8000-0104
	MSR 00000603	0000-0000-8030-3030
	MSR 00000604	0000-0000-8064-6464
	MSR 00000606	0000-0000-000A-1003
	MSR 0000060A	0000-0000-0000-8850
	MSR 0000060B	0000-0000-0000-8868
	MSR 0000060C	0000-0000-0000-886D
	MSR 0000060D	0000-00F0-B2C7-DB9F
	MSR 00000610	0000-815E-00DC-8118
	MSR 00000611	0000-0000-5031-77BE [S200]
	MSR 00000611	0000-0000-5035-B269 [S200]
	MSR 00000611	0000-0000-5039-E0E7
	MSR 00000613	< FAILED >
	MSR 00000614	0010-01C0-00C0-0118
	MSR 00000618	< FAILED >
	MSR 00000619	< FAILED >
	MSR 0000061B	< FAILED >
	MSR 0000061C	< FAILED >
	MSR 00000638	0000-0000-0000-0000
	MSR 00000639	0000-0000-24A5-45B3 [S200]
	MSR 00000639	0000-0000-24A8-DE0C [S200]
	MSR 00000639	0000-0000-24AC-843F
	MSR 0000063A	0000-0000-0000-0000
	MSR 0000063B	< FAILED >
	MSR 00000640	0000-0000-0000-0000
	MSR 00000641	0000-0000-0000-0000
	MSR 00000641	0000-0000-0000-0000 [S200]
	MSR 00000641	0000-0000-0000-0000 [S200]
	MSR 00000642	0000-0000-0000-0010

Motherboard


Motherboard Properties:
	Motherboard ID	63-0100-000001-00101111-090710-Chipset$A1766317_BIOS DATE: 04/19/12 14:30:40 VER: 04.06.03
	Motherboard Name	Asus K43SJ Series Notebook

Front Side Bus Properties:
	Bus Type	BCLK
	Real Clock	100 MHz
	Effective Clock	100 MHz

Memory Bus Properties:
	Bus Type	Dual DDR3 SDRAM
	Bus Width	128-bit
	DRAM:FSB Ratio	20:3
	Real Clock	667 MHz (DDR)
	Effective Clock	1333 MHz
	Bandwidth	21333 MB/s

Chipset Bus Properties:
	Bus Type	Intel Direct Media Interface v2.0

Motherboard Manufacturer:
	Company Name	ASUSTeK Computer Inc.
	Product Information	http://www.asus.com/Motherboards
	BIOS Download	http://support.asus.com/download/download.aspx?SLanguage=en-us
	Driver Update	http://www.aida64.com/driver-updates
	BIOS Upgrades	http://www.aida64.com/bios-updates

Memory


Physical Memory:
	Total	8169 MB
	Used	1424 MB
	Free	6744 MB
	Utilization	17 %

Virtual Memory:
	Total	16336 MB
	Used	1507 MB
	Free	14829 MB
	Utilization	9 %

Paging File:
	Paging File	C:\pagefile.sys
	Current Size	8168 MB
	Current / Peak Usage	0 MB / 0 MB
	Utilization	0 %

Physical Address Extension (PAE):
	Supported by Operating System	Yes
	Supported by CPU	Yes
	Active	Yes

SPD


[ DIMM1: Kingston HP536726-H41-ELCUW ]

	Memory Module Properties:
		Module Name	Kingston HP536726-H41-ELCUW
		Serial Number	4B244F79h (2035229771)
		Manufacture Date	Week 50 / 2011
		Module Size	4 GB (2 ranks, 8 banks)
		Module Type	SO-DIMM
		Memory Type	DDR3 SDRAM
		Memory Speed	DDR3-1333 (667 MHz)
		Module Width	64 bit
		Module Voltage	1.5 V
		Error Detection Method	None
		Refresh Rate	Normal (7.8 us)

	Memory Timings:
		@ 666 MHz	9-9-9-24 (CL-RCD-RP-RAS) / 33-107-4-10-5-5-20 (RC-RFC-RRD-WR-WTR-RTP-FAW)
		@ 609 MHz	8-8-8-22 (CL-RCD-RP-RAS) / 30-98-4-10-5-5-19 (RC-RFC-RRD-WR-WTR-RTP-FAW)
		@ 533 MHz	7-7-7-20 (CL-RCD-RP-RAS) / 27-86-4-8-4-4-16 (RC-RFC-RRD-WR-WTR-RTP-FAW)
		@ 457 MHz	6-6-6-17 (CL-RCD-RP-RAS) / 23-74-3-7-4-4-14 (RC-RFC-RRD-WR-WTR-RTP-FAW)
		@ 380 MHz	5-5-5-14 (CL-RCD-RP-RAS) / 19-61-3-6-3-3-12 (RC-RFC-RRD-WR-WTR-RTP-FAW)

	Memory Module Features:
		Auto Self Refresh (ASR)	Not Supported
		DLL-Off Mode	Supported
		Extended Temperature Range	Supported
		Extended Temperature 1X Refresh Rate	Not Supported
		On-Die Thermal Sensor Readout (ODTS)	Not Supported
		Partial Array Self Refresh (PASR)	Supported
		RZQ/6	Supported
		RZQ/7	Supported

	Memory Module Manufacturer:
		Company Name	Kingston Technology Corporation
		Product Information	http://www.kingston.com/en/memory

[ DIMM3: SK Hynix HMT351S6EFR8C-PB ]

	Memory Module Properties:
		Module Name	SK Hynix HMT351S6EFR8C-PB
		Serial Number	3158E54Fh (1340430385)
		Manufacture Date	Week 44 / 2012
		Module Size	4 GB (2 ranks, 8 banks)
		Module Type	SO-DIMM
		Memory Type	DDR3 SDRAM
		Memory Speed	DDR3-1600 (800 MHz)
		Module Width	64 bit
		Module Voltage	1.5 V
		Error Detection Method	None
		Refresh Rate	Normal (7.8 us)
		DRAM Manufacturer	SK Hynix

	Memory Timings:
		@ 800 MHz	11-11-11-28 (CL-RCD-RP-RAS) / 39-128-5-12-6-6-24 (RC-RFC-RRD-WR-WTR-RTP-FAW)
		@ 761 MHz	10-10-10-27 (CL-RCD-RP-RAS) / 37-122-5-12-6-6-23 (RC-RFC-RRD-WR-WTR-RTP-FAW)
		@ 685 MHz	9-9-9-24 (CL-RCD-RP-RAS) / 33-110-5-11-6-6-21 (RC-RFC-RRD-WR-WTR-RTP-FAW)
		@ 609 MHz	8-8-8-22 (CL-RCD-RP-RAS) / 30-98-4-10-5-5-19 (RC-RFC-RRD-WR-WTR-RTP-FAW)
		@ 533 MHz	7-7-7-19 (CL-RCD-RP-RAS) / 26-86-4-8-4-4-16 (RC-RFC-RRD-WR-WTR-RTP-FAW)
		@ 457 MHz	6-6-6-16 (CL-RCD-RP-RAS) / 22-74-3-7-4-4-14 (RC-RFC-RRD-WR-WTR-RTP-FAW)
		@ 380 MHz	5-5-5-14 (CL-RCD-RP-RAS) / 19-61-3-6-3-3-12 (RC-RFC-RRD-WR-WTR-RTP-FAW)

	Memory Module Features:
		Auto Self Refresh (ASR)	Not Supported
		DLL-Off Mode	Supported
		Extended Temperature Range	Supported
		Extended Temperature 1X Refresh Rate	Not Supported
		On-Die Thermal Sensor Readout (ODTS)	Not Supported
		Partial Array Self Refresh (PASR)	Not Supported
		RZQ/6	Supported
		RZQ/7	Supported

Chipset


[ North Bridge: Intel Sandy Bridge-MB IMC ]

	North Bridge Properties:
		North Bridge	Intel Sandy Bridge-MB IMC
		Intel Platform	Huron River
		Supported Memory Types	DDR3-1066, DDR3-1333 SDRAM
		Maximum Memory Amount	16 GB
		Revision	09
		Process Technology	32 nm
		VT-d	Not Supported
		Extended APIC (x2APIC)	Supported

	Memory Controller:
		Type	Dual Channel (128-bit)
		Active Mode	Dual Channel (128-bit)

	Memory Timings:
		CAS Latency (CL)	9T
		RAS To CAS Delay (tRCD)	9T
		RAS Precharge (tRP)	9T
		RAS Active Time (tRAS)	24T
		Row Refresh Cycle Time (tRFC)	107T
		Command Rate (CR)	1T
		RAS To RAS Delay (tRRD)	4T
		Write Recovery Time (tWR)	10T
		Read To Read Delay (tRTR)	Same Rank: 4T, Different Rank: 1T, Different DIMM: 3T
		Read To Write Delay (tRTW)	Same Rank: 3T, Different Rank: 3T, Different DIMM: 3T
		Write To Read Delay (tWTR)	5T, Different Rank: 1T, Different DIMM: 1T
		Write To Write Delay (tWTW)	Same Rank: 4T, Different Rank: 3T, Different DIMM: 3T
		Read To Precharge Delay (tRTP)	5T
		Four Activate Window Delay (tFAW)	20T
		Write CAS Latency (tWCL)	7T
		CKE Min. Pulse Width (tCKE)	4T
		Refresh Period (tREF)	5199T
		Round Trip Latency (tRTL)	DIMM1: 34T, DIMM2: 32T, DIMM3: 34T, DIMM4: 32T
		I/O Latency (tIOL)	DIMM1: 2T, DIMM2: 0T, DIMM3: 2T, DIMM4: 0T
		Burst Length (BL)	8

	Error Correction:
		ECC	Not Supported
		ChipKill ECC	Not Supported
		RAID	Not Supported
		ECC Scrubbing	Not Supported

	Memory Slots:
		DRAM Slot #1	4 GB (DDR3 SDRAM)
		DRAM Slot #2	4 GB (DDR3 SDRAM)

	Integrated Graphics Controller:
		Graphics Controller Type	Intel HD Graphics
		Graphics Controller Status	Disabled

	PCI Express Controller:
		PCI-E 2.0 x16 port #2	In Use @ x16 (nVIDIA GeForce GT 520M (Asus) Video Adapter, nVIDIA GF119 - High Definition Audio Controller)

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ South Bridge: Intel Cougar Point HM65 ]

	South Bridge Properties:
		South Bridge	Intel Cougar Point HM65
		Intel Platform	Huron River
		Revision / Stepping	05 / B3
		Package Type	989 Pin FC-BGA
		Package Size	25 mm x 25 mm
		Process Technology	65 nm
		Die Size	100.73 mm2
		Core Voltage	1.05 V
		TDP	3.9 W

	High Definition Audio:
		Codec Name	Realtek ALC269
		Codec ID	10EC0269h / 10431AD3h
		Codec Revision	1001h
		Codec Type	Audio

	PCI Express Controller:
		PCI-E 2.0 x1 port #1	Empty
		PCI-E 2.0 x1 port #2	In Use @ x1 (Atheros AR9285 802.11b/g/n Wireless Network Adapter)
		PCI-E 2.0 x1 port #4	In Use @ x1 (ASMedia ASM1042 USB 3.0 xHCI Controller)
		PCI-E 2.0 x1 port #6	In Use @ x1 (Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter)

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

BIOS


BIOS Properties:
	BIOS Type	AMI EFI
	BIOS Version	K43SJ.317
	System BIOS Date	04/19/2012
	Video BIOS Date	02/20/12

BIOS Manufacturer:
	Company Name	American Megatrends Inc.
	Product Information	http://www.ami.com/amibios
	BIOS Upgrades	http://www.aida64.com/bios-updates

ACPI


[ APIC: Multiple APIC Description Table ]

	ACPI Table Properties:
		ACPI Signature	APIC
		Table Description	Multiple APIC Description Table
		Memory Address	00000000-BF7FDF18h
		Table Length	204 bytes
		OEM ID	_ASUS_
		OEM Table ID	NoteBook
		OEM Revision	06222004h
		Creator ID	MSFT
		Creator Revision	00010013h
		Local APIC Address	FEE00000h

	Processor Local APIC:
		ACPI Processor ID	01h
		APIC ID	00h
		Status	Enabled

	Processor Local APIC:
		ACPI Processor ID	02h
		APIC ID	02h
		Status	Enabled

	Processor Local APIC:
		ACPI Processor ID	03h
		APIC ID	01h
		Status	Enabled

	Processor Local APIC:
		ACPI Processor ID	04h
		APIC ID	03h
		Status	Enabled

	Processor Local APIC:
		ACPI Processor ID	05h
		APIC ID	04h
		Status	Disabled

	Processor Local APIC:
		ACPI Processor ID	06h
		APIC ID	05h
		Status	Disabled

	Processor Local APIC:
		ACPI Processor ID	07h
		APIC ID	06h
		Status	Disabled

	Processor Local APIC:
		ACPI Processor ID	08h
		APIC ID	07h
		Status	Disabled

	Processor Local APIC:
		ACPI Processor ID	09h
		APIC ID	08h
		Status	Disabled

	Processor Local APIC:
		ACPI Processor ID	0Ah
		APIC ID	09h
		Status	Disabled

	Processor Local APIC:
		ACPI Processor ID	0Bh
		APIC ID	0Ah
		Status	Disabled

	Processor Local APIC:
		ACPI Processor ID	0Ch
		APIC ID	0Bh
		Status	Disabled

	Processor Local APIC:
		ACPI Processor ID	0Dh
		APIC ID	0Ch
		Status	Disabled

	Processor Local APIC:
		ACPI Processor ID	0Eh
		APIC ID	0Dh
		Status	Disabled

	Processor Local APIC:
		ACPI Processor ID	0Fh
		APIC ID	0Eh
		Status	Disabled

	Processor Local APIC:
		ACPI Processor ID	10h
		APIC ID	0Fh
		Status	Disabled

	I/O APIC:
		I/O APIC ID	02h
		I/O APIC Address	FEC00000h
		Global System Interrupt Base	00000000h

	Interrupt Source Override:
		Bus	ISA
		Source	IRQ0
		Global System Interrupt	00000002h
		Polarity	Conforms to the specifications of the bus
		Trigger Mode	Conforms to the specifications of the bus

	Interrupt Source Override:
		Bus	ISA
		Source	IRQ9
		Global System Interrupt	00000009h
		Polarity	Active High
		Trigger Mode	Level-Triggered

[ DSDT: Differentiated System Description Table ]

	ACPI Table Properties:
		ACPI Signature	DSDT
		Table Description	Differentiated System Description Table
		Memory Address	00000000-BF767018h
		Table Length	41685 bytes
		OEM ID	_ASUS_
		OEM Table ID	NoteBook
		OEM Revision	00000000h
		Creator ID	INTL
		Creator Revision	20091112h

	nVIDIA SLI:
		SLI Certification	Not Present
		PCI 0-0-0-0 (Direct I/O)	8086-0104 (Intel)
		PCI 0-0-0-0 (HAL)	8086-0104 (Intel)

	Lucid Virtu:
		Virtu Certification	Not Present

[ ECDT: Embedded Controller Boot Resources Table ]

	ACPI Table Properties:
		ACPI Signature	ECDT
		Table Description	Embedded Controller Boot Resources Table
		Memory Address	00000000-BF7E5B18h
		Table Length	193 bytes
		OEM ID	_ASUS_
		OEM Table ID	NoteBook
		OEM Revision	06222004h
		Creator ID	AMI
		Creator Revision	00000000h

[ FACP: Fixed ACPI Description Table ]

	ACPI Table Properties:
		ACPI Signature	FACP
		Table Description	Fixed ACPI Description Table
		Memory Address	00000000-BF79BD98h
		Table Length	244 bytes
		OEM ID	_ASUS_
		OEM Table ID	NoteBook
		OEM Revision	06222004h
		Creator ID	MSFT
		Creator Revision	00010013h
		FACS Address	BF7E5E40h / 00000000-BF7E5D40h
		DSDT Address	BF767018h / 00000000-BF767018h
		SMI Command Port	000000B2h
		PM Timer	00000408h

[ FACS: Firmware ACPI Control Structure ]

	ACPI Table Properties:
		ACPI Signature	FACS
		Table Description	Firmware ACPI Control Structure
		Memory Address	00000000-BF7E5D40h
		Table Length	64 bytes
		Hardware Signature	00000000h
		Waking Vector	00000000h
		Global Lock	00000000h

[ HPET: IA-PC High Precision Event Timer Table ]

	ACPI Table Properties:
		ACPI Signature	HPET
		Table Description	IA-PC High Precision Event Timer Table
		Memory Address	00000000-BF7E6D18h
		Table Length	56 bytes
		OEM ID	_ASUS_
		OEM Table ID	NoteBook
		OEM Revision	06222004h
		Creator ID	AMI.
		Creator Revision	00000003h
		HPET Address	00000000-FED00000h
		Vendor ID	8086h
		Revision	01h
		Number of Timers	8
		Counter Size	64-bit
		Minimum Clock Ticks	14318
		Page Protection	No Guarantee
		OEM Attribute	0h
		LegacyReplacement IRQ Routing	Supported

[ MCFG: Memory Mapped Configuration Space Base Address Description Table ]

	ACPI Table Properties:
		ACPI Signature	MCFG
		Table Description	Memory Mapped Configuration Space Base Address Description Table
		Memory Address	00000000-BF7E6C98h
		Table Length	60 bytes
		OEM ID	_ASUS_
		OEM Table ID	NoteBook
		OEM Revision	06222004h
		Creator ID	MSFT
		Creator Revision	00000097h
		Config Space Address	00000000-E0000000h
		PCI Segment	0000h
		Start Bus Number	00h
		End Bus Number	3Fh

[ SSDT: Secondary System Description Table ]

	ACPI Table Properties:
		ACPI Signature	SSDT
		Table Description	Secondary System Description Table
		Memory Address	00000000-BF77D018h
		Table Length	2454 bytes
		OEM ID	PmRef
		OEM Table ID	CpuPm
		OEM Revision	00003000h
		Creator ID	INTL
		Creator Revision	20091112h

[ SSDT: Secondary System Description Table ]

	ACPI Table Properties:
		ACPI Signature	SSDT
		Table Description	Secondary System Description Table
		Memory Address	00000000-BF77E018h
		Table Length	2011 bytes
		OEM ID	PmRef
		OEM Table ID	Cpu0Ist
		OEM Revision	00003000h
		Creator ID	INTL
		Creator Revision	20091112h

[ SSDT: Secondary System Description Table ]

	ACPI Table Properties:
		ACPI Signature	SSDT
		Table Description	Secondary System Description Table
		Memory Address	00000000-BF789A98h
		Table Length	751 bytes
		OEM ID	SataRe
		OEM Table ID	SataTabl
		OEM Revision	00001000h
		Creator ID	INTL
		Creator Revision	20091112h

[ XSDT: Extended System Description Table ]

	ACPI Table Properties:
		ACPI Signature	XSDT
		Table Description	Extended System Description Table
		Memory Address	00000000-BF7FEE18h
		Table Length	100 bytes
		OEM ID	_ASUS_
		OEM Table ID	NoteBook
		OEM Revision	06222004h
		Creator ID	MSFT
		Creator Revision	00010013h
		XSDT Entry #0	00000000-BF79BD98h (FACP)
		XSDT Entry #1	00000000-BF7FDF18h (APIC)
		XSDT Entry #2	00000000-BF7E6D18h (HPET)
		XSDT Entry #3	00000000-BF7E5B18h (ECDT)
		XSDT Entry #4	00000000-BF7E6C98h (MCFG)
		XSDT Entry #5	00000000-BF77E018h (SSDT)
		XSDT Entry #6	00000000-BF77D018h (SSDT)
		XSDT Entry #7	00000000-BF789A98h (SSDT)

Operating System


Operating System Properties:
	OS Name	Microsoft Windows 7 Professional
	OS Language	English (United States)
	OS Installer Language	English (United States)
	OS Kernel Type	Multiprocessor Free (64-bit)
	OS Version	6.1.7601.17514 (Win7 RTM)
	OS Service Pack	Service Pack 1
	OS Installation Date	10/6/2015
	OS Root	C:\Windows

License Information:
	Registered Owner	huytv
	Registered Organization
	Product ID	00371-177-0000061-85459
	Product Key	HYF8J-CVRMY-CM74G-RPHKF-PW487
	Product Activation (WPA)	Required (27 days remaining)

Current Session:
	Computer Name	HUYTV-PC
	User Name	huytv
	Logon Domain	huytv-PC
	UpTime	2783 sec (0 days, 0 hours, 46 min, 23 sec)

Components Version:
	Common Controls	6.16
	Windows Mail	6.1.7600.16385 (win7_rtm.090713-1255)
	Windows Media Player	12.0.7600.16385 (win7_rtm.090713-1255)
	Windows Messenger	-
	MSN Messenger	-
	Internet Information Services (IIS)	-
	.NET Framework	3.5.30729.5420 built by: Win7SP1
	Novell Client	-
	DirectX	DirectX 11.0
	OpenGL	6.1.7600.16385 (win7_rtm.090713-1255)
	ASPI	-

Operating System Features:
	Debug Version	No
	DBCS Version	No
	Domain Controller	No
	Security Present	No
	Network Present	Yes
	Remote Session	No
	Safe Mode	No
	Slow Processor	No
	Terminal Services	Yes

Processes


Process Name	Process File Name	Type	Used Memory	Used Swap
aida64.exe	C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe	32-bit	52744 KB	46 KB
audiodg.exe		64-bit	15452 KB	15 KB
browser.exe	C:\Users\huytv\AppData\Local\CocCoc\Browser\Application\browser.exe	32-bit	34832 KB	25 KB
browser.exe	C:\Users\huytv\AppData\Local\CocCoc\Browser\Application\browser.exe	32-bit	72236 KB	64 KB
browser.exe	C:\Users\huytv\AppData\Local\CocCoc\Browser\Application\browser.exe	32-bit	63260 KB	32 KB
browser.exe	C:\Users\huytv\AppData\Local\CocCoc\Browser\Application\browser.exe	32-bit	164 MB	129 KB
browser.exe	C:\Users\huytv\AppData\Local\CocCoc\Browser\Application\browser.exe	32-bit	33840 KB	23 KB
CocCocCrashHandler.exe	C:\Users\huytv\AppData\Local\CocCoc\Update\1.3.39.17\CocCocCrashHandler.exe	32-bit	1624 KB	2 KB
csrss.exe	C:\Windows\system32\csrss.exe	64-bit	4188 KB	2 KB
csrss.exe	C:\Windows\system32\csrss.exe	64-bit	10196 KB	9 KB
dwm.exe	C:\Windows\system32\Dwm.exe	64-bit	5820 KB	2 KB
explorer.exe	C:\Windows\Explorer.EXE	64-bit	58756 KB	43 KB
lsass.exe	C:\Windows\system32\lsass.exe	64-bit	11036 KB	4 KB
lsm.exe	C:\Windows\system32\lsm.exe	64-bit	4268 KB	2 KB
mscorsvw.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe	32-bit	4984 KB	1 KB
mscorsvw.exe	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe	64-bit	5796 KB	2 KB
nvvsvc.exe	C:\Windows\system32\nvvsvc.exe	64-bit	13144 KB	5 KB
nvvsvc.exe	C:\Windows\system32\nvvsvc.exe	64-bit	7440 KB	2 KB
nvxdsync.exe	C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe	64-bit	22748 KB	10 KB
SearchIndexer.exe	C:\Windows\system32\SearchIndexer.exe	64-bit	26864 KB	27 KB
services.exe	C:\Windows\system32\services.exe	64-bit	8948 KB	5 KB
smss.exe		64-bit	1176 KB	0 KB
splwow64.exe	C:\Windows\splwow64.exe	64-bit	4760 KB	1 KB
spoolsv.exe	C:\Windows\System32\spoolsv.exe	64-bit	11796 KB	6 KB
sppsvc.exe	C:\Windows\system32\sppsvc.exe	64-bit	10632 KB	6 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	40724 KB	30 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	13496 KB	7 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	30552 KB	25 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	12980 KB	11 KB
svchost.exe	C:\Windows\System32\svchost.exe	64-bit	31512 KB	65 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	7448 KB	2 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	9584 KB	4 KB
svchost.exe	C:\Windows\system32\svchost.exe	64-bit	8780 KB	5 KB
svchost.exe	C:\Windows\System32\svchost.exe	64-bit	18080 KB	18 KB
svchost.exe	C:\Windows\System32\svchost.exe	64-bit	109 MB	102 KB
System Idle Process			24 KB	0 KB
System		64-bit	888 KB	0 KB
taskhost.exe	C:\Windows\system32\taskhost.exe	64-bit	8868 KB	8 KB
UniKeyNT.exe	C:\Program Files\UniKey\UniKeyNT.exe	64-bit	7380 KB	2 KB
wininit.exe	C:\Windows\system32\wininit.exe	64-bit	4420 KB	1 KB
winlogon.exe	C:\Windows\system32\winlogon.exe	64-bit	7360 KB	3 KB
WMIADAP.exe	\\?\C:\Windows\system32\wbem\WMIADAP.EXE	64-bit	5340 KB	2 KB
WmiPrvSE.exe	C:\Windows\system32\wbem\wmiprvse.exe	64-bit	8096 KB	4 KB
WmiPrvSE.exe	C:\Windows\system32\wbem\wmiprvse.exe	64-bit	6548 KB	2 KB
WmiPrvSE.exe	C:\Windows\sysWOW64\wbem\wmiprvse.exe	32-bit	7160 KB	3 KB

System Drivers


Driver Name	Driver Description	File Name	Version	Type	State
1394ohci	1394 OHCI Compliant Host Controller	1394ohci.sys	6.1.7601.17514	Kernel Driver	Stopped
ACPI	Microsoft ACPI Driver	ACPI.sys	6.1.7601.17514	Kernel Driver	Running
AcpiPmi	ACPI Power Meter Driver	acpipmi.sys	6.1.7601.17514	Kernel Driver	Stopped
adp94xx	adp94xx	adp94xx.sys	1.6.6.4	Kernel Driver	Stopped
adpahci	adpahci	adpahci.sys	1.6.6.1	Kernel Driver	Stopped
adpu320	adpu320	adpu320.sys	7.2.0.0	Kernel Driver	Stopped
AFD	Ancillary Function Driver for Winsock	afd.sys	6.1.7601.17514	Kernel Driver	Running
agp440	Intel AGP Bus Filter	agp440.sys	6.1.7600.16385	Kernel Driver	Stopped
AIDA64Driver	FinalWire AIDA64 Kernel Driver	kerneld.v64		Kernel Driver	Running
aliide	aliide	aliide.sys	1.2.0.0	Kernel Driver	Stopped
amdide	amdide	amdide.sys	6.1.7600.16385	Kernel Driver	Stopped
AmdK8	AMD K8 Processor Driver	amdk8.sys	6.1.7600.16385	Kernel Driver	Stopped
AmdPPM	AMD Processor Driver	amdppm.sys	6.1.7600.16385	Kernel Driver	Stopped
amdsata	amdsata	amdsata.sys	1.1.2.5	Kernel Driver	Stopped
amdsbs	amdsbs	amdsbs.sys	3.6.1540.127	Kernel Driver	Stopped
amdxata	amdxata	amdxata.sys	1.1.2.5	Kernel Driver	Running
AppID	AppID Driver	appid.sys	6.1.7601.17514	Kernel Driver	Stopped
arc	arc	arc.sys	5.2.0.10384	Kernel Driver	Stopped
arcsas	arcsas	arcsas.sys	5.2.0.16119	Kernel Driver	Stopped
asmthub3	ASMedia USB3 Hub Service	asmthub3.sys	1.12.5.0	Kernel Driver	Running
asmtxhci	ASMEDIA XHCI Service	asmtxhci.sys	1.12.5.0	Kernel Driver	Running
AsyncMac	RAS Asynchronous Media Driver	asyncmac.sys	6.1.7600.16385	Kernel Driver	Stopped
atapi	IDE Channel	atapi.sys	6.1.7600.16385	Kernel Driver	Running
athr	Atheros Extensible Wireless LAN device driver	athrx.sys	9.2.0.514	Kernel Driver	Running
b06bdrv	Broadcom NetXtreme II VBD	bxvbda.sys	4.8.2.0	Kernel Driver	Stopped
b57nd60a	Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0	b57nd60a.sys	10.100.4.0	Kernel Driver	Stopped
Beep	Beep			Kernel Driver	Running
blbdrive	blbdrive	blbdrive.sys	6.1.7600.16385	Kernel Driver	Running
bowser	Browser Support Driver	bowser.sys	6.1.7600.16385	File System Driver	Running
BrFiltLo	Brother USB Mass-Storage Lower Filter Driver	BrFiltLo.sys	1.10.0.2	Kernel Driver	Stopped
BrFiltUp	Brother USB Mass-Storage Upper Filter Driver	BrFiltUp.sys	1.4.0.1	Kernel Driver	Stopped
Brserid	Brother MFC Serial Port Interface Driver (WDM)	Brserid.sys	1.0.1.6	Kernel Driver	Stopped
BrSerWdm	Brother WDM Serial driver	BrSerWdm.sys	1.0.0.20	Kernel Driver	Stopped
BrUsbMdm	Brother MFC USB Fax Only Modem	BrUsbMdm.sys	1.0.0.12	Kernel Driver	Stopped
BrUsbSer	Brother MFC USB Serial WDM Driver	BrUsbSer.sys	1.0.1.3	Kernel Driver	Stopped
BtFilter	BtFilter	btfilter.sys	8.0.1.340	Kernel Driver	Stopped
BTHMODEM	Bluetooth Serial Communications Driver	bthmodem.sys	6.1.7600.16385	Kernel Driver	Stopped
BTHPORT	Bluetooth Port Driver	BTHport.sys	6.1.7601.17514	Kernel Driver	Stopped
BTHUSB	Bluetooth Radio USB Driver	BTHUSB.sys	6.1.7601.17514	Kernel Driver	Stopped
cdfs	CD/DVD File System Reader	cdfs.sys	6.1.7600.16385	File System Driver	Stopped
cdrom	CD-ROM Driver	cdrom.sys	6.1.7601.17514	Kernel Driver	Running
circlass	Consumer IR Devices	circlass.sys	6.1.7600.16385	Kernel Driver	Stopped
CLFS	Common Log (CLFS)	CLFS.sys	6.1.7600.16385	Kernel Driver	Running
CmBatt	Microsoft ACPI Control Method Battery Driver	CmBatt.sys	6.1.7600.16385	Kernel Driver	Running
cmdide	cmdide	cmdide.sys	2.0.7.0	Kernel Driver	Stopped
CNG	CNG	cng.sys	6.1.7601.17514	Kernel Driver	Running
Compbatt	Microsoft Composite Battery Driver	compbatt.sys	6.1.7600.16385	Kernel Driver	Running
CompositeBus	Composite Bus Enumerator Driver	CompositeBus.sys	6.1.7601.17514	Kernel Driver	Running
cpuz138	cpuz138	cpuz138_x64.sys	1.0.3.8	Kernel Driver	Stopped
crcdisk	Crcdisk Filter Driver	crcdisk.sys	6.1.7600.16385	Kernel Driver	Stopped
CSC	Offline Files Driver	csc.sys	6.1.7601.17514	Kernel Driver	Running
DfsC	DFS Namespace Client Driver	dfsc.sys	6.1.7601.17514	File System Driver	Running
discache	System Attribute Cache	discache.sys	6.1.7600.16385	Kernel Driver	Running
Disk	Disk Driver	disk.sys	6.1.7600.16385	Kernel Driver	Running
dmvsc	dmvsc	dmvsc.sys	6.1.7601.17514	Kernel Driver	Stopped
drmkaud	Microsoft Trusted Audio Drivers	drmkaud.sys	6.1.7600.16385	Kernel Driver	Stopped
DXGKrnl	LDDM Graphics Subsystem	dxgkrnl.sys	6.1.7601.17514	Kernel Driver	Running
ebdrv	Broadcom NetXtreme II 10 GigE VBD	evbda.sys	4.8.13.0	Kernel Driver	Stopped
elxstor	elxstor	elxstor.sys	7.2.10.211	Kernel Driver	Stopped
ErrDev	Microsoft Hardware Error Device Driver	errdev.sys	6.1.7600.16385	Kernel Driver	Stopped
exfat	exFAT File System Driver			File System Driver	Stopped
fastfat	FAT12/16/32 File System Driver			File System Driver	Running
fdc	Floppy Disk Controller Driver	fdc.sys	6.1.7600.16385	Kernel Driver	Stopped
FileInfo	File Information FS MiniFilter	fileinfo.sys	6.1.7600.16385	File System Driver	Running
Filetrace	Filetrace	filetrace.sys	6.1.7600.16385	File System Driver	Stopped
flpydisk	Floppy Disk Driver	flpydisk.sys	6.1.7600.16385	Kernel Driver	Stopped
FltMgr	FltMgr	fltmgr.sys	6.1.7601.17514	File System Driver	Running
FsDepends	File System Dependency Minifilter	FsDepends.sys	6.1.7600.16385	File System Driver	Stopped
fvevol	Bitlocker Drive Encryption Filter Driver	fvevol.sys	6.1.7601.17514	Kernel Driver	Running
gagp30kx	Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms	gagp30kx.sys	6.1.7600.16385	Kernel Driver	Stopped
hcw85cir	Hauppauge Consumer Infrared Receiver	hcw85cir.sys	1.31.27127.0	Kernel Driver	Stopped
HdAudAddService	Microsoft 1.1 UAA Function Driver for High Definition Audio Service	HdAudio.sys	6.1.7601.17514	Kernel Driver	Running
HDAudBus	Microsoft UAA Bus Driver for High Definition Audio	HDAudBus.sys	6.1.7601.17514	Kernel Driver	Running
HidBatt	HID UPS Battery Driver	HidBatt.sys	6.1.7600.16385	Kernel Driver	Stopped
HidBth	Microsoft Bluetooth HID Miniport	hidbth.sys	6.1.7600.16385	Kernel Driver	Stopped
HidIr	Microsoft Infrared HID Driver	hidir.sys	6.1.7600.16385	Kernel Driver	Stopped
HidUsb	Microsoft HID Class Driver	hidusb.sys	6.1.7601.17514	Kernel Driver	Running
HpSAMD	HpSAMD	HpSAMD.sys	6.12.6.64	Kernel Driver	Stopped
HTTP	HTTP	HTTP.sys	6.1.7601.17514	Kernel Driver	Running
hwpolicy	Hardware Policy Driver	hwpolicy.sys	6.1.7601.17514	Kernel Driver	Running
i8042prt	i8042 Keyboard and PS/2 Mouse Port Driver	i8042prt.sys	6.1.7600.16385	Kernel Driver	Running
iaStor	Intel AHCI Controller	iaStor.sys	11.1.0.1006	Kernel Driver	Running
iaStorV	iaStorV	iaStorV.sys	8.6.2.1014	Kernel Driver	Stopped
iirsp	iirsp	iirsp.sys	5.4.22.0	Kernel Driver	Stopped
intelide	intelide	intelide.sys	6.1.7600.16385	Kernel Driver	Stopped
intelppm	Intel Processor Driver	intelppm.sys	6.1.7600.16385	Kernel Driver	Running
IpFilterDriver	IP Traffic Filter Driver	ipfltdrv.sys	6.1.7601.17514	Kernel Driver	Stopped
IPMIDRV	IPMIDRV	IPMIDrv.sys	6.1.7601.17514	Kernel Driver	Stopped
IPNAT	IP Network Address Translator	ipnat.sys	6.1.7600.16385	Kernel Driver	Stopped
IRENUM	IR Bus Enumerator	irenum.sys	6.1.7600.16385	Kernel Driver	Stopped
isapnp	isapnp	isapnp.sys	6.1.7600.16385	Kernel Driver	Stopped
iScsiPrt	iScsiPort Driver	msiscsi.sys	6.1.7601.17514	Kernel Driver	Stopped
iusb3hcs	Intel(R) USB 3.0 Host Controller Switch Driver	iusb3hcs.sys	3.0.1.41	Kernel Driver	Running
kbdclass	Keyboard Class Driver	kbdclass.sys	6.1.7600.16385	Kernel Driver	Running
kbdhid	Keyboard HID Driver	kbdhid.sys	6.1.7601.17514	Kernel Driver	Running
KSecDD	KSecDD	ksecdd.sys	6.1.7601.17514	Kernel Driver	Running
KSecPkg	KSecPkg	ksecpkg.sys	6.1.7601.17514	Kernel Driver	Running
ksthunk	Kernel Streaming Thunks	ksthunk.sys	6.1.7600.16385	Kernel Driver	Running
lltdio	Link-Layer Topology Discovery Mapper I/O Driver	lltdio.sys	6.1.7600.16385	Kernel Driver	Running
LSI_FC	LSI_FC	lsi_fc.sys	1.28.3.52	Kernel Driver	Stopped
LSI_SAS	LSI_SAS	lsi_sas.sys	1.28.3.52	Kernel Driver	Stopped
LSI_SAS2	LSI_SAS2	lsi_sas2.sys	2.0.2.71	Kernel Driver	Stopped
LSI_SCSI	LSI_SCSI	lsi_scsi.sys	1.28.3.67	Kernel Driver	Stopped
luafv	UAC File Virtualization	luafv.sys	6.1.7600.16385	File System Driver	Running
megasas	megasas	megasas.sys	4.5.1.64	Kernel Driver	Stopped
MegaSR	MegaSR	MegaSR.sys	13.5.409.2009	Kernel Driver	Stopped
MEIx64	Intel(R) Management Engine Interface	TeeDriverx64.sys	9.5.15.1730	Kernel Driver	Running
Modem	Modem	modem.sys	6.1.7600.16385	Kernel Driver	Stopped
monitor	Microsoft Monitor Class Function Driver Service	monitor.sys	6.1.7600.16385	Kernel Driver	Running
mouclass	Mouse Class Driver	mouclass.sys	6.1.7600.16385	Kernel Driver	Running
mouhid	Mouse HID Driver	mouhid.sys	6.1.7600.16385	Kernel Driver	Running
mountmgr	Mount Point Manager	mountmgr.sys	6.1.7601.17514	Kernel Driver	Running
mpio	mpio	mpio.sys	6.1.7601.17514	Kernel Driver	Stopped
mpsdrv	Windows Firewall Authorization Driver	mpsdrv.sys	6.1.7600.16385	Kernel Driver	Running
MRxDAV	WebDav Client Redirector Driver	mrxdav.sys	6.1.7601.17514	File System Driver	Stopped
mrxsmb	SMB MiniRedirector Wrapper and Engine	mrxsmb.sys	6.1.7601.17514	File System Driver	Running
mrxsmb10	SMB 1.x MiniRedirector	mrxsmb10.sys	6.1.7601.17514	File System Driver	Running
mrxsmb20	SMB 2.0 MiniRedirector	mrxsmb20.sys	6.1.7601.17514	File System Driver	Running
msahci	msahci	msahci.sys	6.1.7601.17514	Kernel Driver	Running
msdsm	msdsm	msdsm.sys	6.1.7601.17514	Kernel Driver	Stopped
Msfs	Msfs			File System Driver	Running
mshidkmdf	Pass-through HID to KMDF Filter Driver	mshidkmdf.sys	6.1.7600.16385	Kernel Driver	Stopped
msisadrv	msisadrv	msisadrv.sys	6.1.7600.16385	Kernel Driver	Running
MSKSSRV	Microsoft Streaming Service Proxy	MSKSSRV.sys	6.1.7600.16385	Kernel Driver	Stopped
MSPCLOCK	Microsoft Streaming Clock Proxy	MSPCLOCK.sys	6.1.7600.16385	Kernel Driver	Stopped
MSPQM	Microsoft Streaming Quality Manager Proxy	MSPQM.sys	6.1.7600.16385	Kernel Driver	Stopped
MsRPC	MsRPC			Kernel Driver	Stopped
mssmbios	Microsoft System Management BIOS Driver	mssmbios.sys	6.1.7600.16385	Kernel Driver	Running
MSTEE	Microsoft Streaming Tee/Sink-to-Sink Converter	MSTEE.sys	6.1.7600.16385	Kernel Driver	Stopped
MTConfig	Microsoft Input Configuration Driver	MTConfig.sys	6.1.7600.16385	Kernel Driver	Stopped
Mup	Mup	mup.sys	6.1.7600.16385	File System Driver	Running
NativeWifiP	NativeWiFi Filter	nwifi.sys	6.1.7600.16385	Kernel Driver	Running
NDIS	NDIS System Driver	ndis.sys	6.1.7601.17514	Kernel Driver	Running
NdisCap	NDIS Capture LightWeight Filter	ndiscap.sys	6.1.7600.16385	Kernel Driver	Stopped
NdisTapi	Remote Access NDIS TAPI Driver	ndistapi.sys	6.1.7600.16385	Kernel Driver	Running
Ndisuio	NDIS Usermode I/O Protocol	ndisuio.sys	6.1.7601.17514	Kernel Driver	Running
NdisWan	Remote Access NDIS WAN Driver	ndiswan.sys	6.1.7601.17514	Kernel Driver	Running
NDProxy	NDIS Proxy			Kernel Driver	Running
NetBIOS	NetBIOS Interface	netbios.sys	6.1.7600.16385	File System Driver	Running
NetBT	NetBT	netbt.sys	6.1.7601.17514	Kernel Driver	Running
nfrd960	nfrd960	nfrd960.sys	7.10.0.0	Kernel Driver	Stopped
Npfs	Npfs			File System Driver	Running
nsiproxy	NSI proxy service driver.	nsiproxy.sys	6.1.7600.16385	Kernel Driver	Running
Ntfs	Ntfs			File System Driver	Running
Null	Null			Kernel Driver	Running
nv_agp	NVIDIA nForce AGP Bus Filter	nv_agp.sys	6.1.7600.16385	Kernel Driver	Stopped
NVHDA	Service for NVIDIA High Definition Audio Driver	nvhda64v.sys	1.3.34.3	Kernel Driver	Running
nvlddmkm	nvlddmkm	nvlddmkm.sys	9.18.13.5286	Kernel Driver	Running
nvraid	nvraid	nvraid.sys	10.6.0.18	Kernel Driver	Stopped
nvstor	nvstor	nvstor.sys	10.6.0.18	Kernel Driver	Stopped
ohci1394	1394 OHCI Compliant Host Controller (Legacy)	ohci1394.sys	6.1.7600.16385	Kernel Driver	Stopped
Parport	Parallel port driver	parport.sys	6.1.7600.16385	Kernel Driver	Stopped
partmgr	Partition Manager	partmgr.sys	6.1.7601.17514	Kernel Driver	Running
pci	PCI Bus Driver	pci.sys	6.1.7601.17514	Kernel Driver	Running
pciide	pciide	pciide.sys	6.1.7600.16385	Kernel Driver	Stopped
pcmcia	pcmcia	pcmcia.sys	6.1.7600.16385	Kernel Driver	Stopped
pcw	Performance Counters for Windows Driver	pcw.sys	6.1.7600.16385	Kernel Driver	Running
PEAUTH	PEAUTH	peauth.sys	6.1.7600.16385	Kernel Driver	Running
PptpMiniport	WAN Miniport (PPTP)	raspptp.sys	6.1.7601.17514	Kernel Driver	Running
Processor	Processor Driver	processr.sys	6.1.7600.16385	Kernel Driver	Stopped
Psched	QoS Packet Scheduler	pacer.sys	6.1.7601.17514	Kernel Driver	Running
ql2300	ql2300	ql2300.sys	9.1.8.6	Kernel Driver	Stopped
ql40xx	ql40xx	ql40xx.sys	2.1.3.20	Kernel Driver	Stopped
QWAVEdrv	QWAVE driver	qwavedrv.sys	6.1.7600.16385	Kernel Driver	Stopped
RasAcd	Remote Access Auto Connection Driver	rasacd.sys	6.1.7600.16385	Kernel Driver	Stopped
RasAgileVpn	WAN Miniport (IKEv2)	AgileVpn.sys	6.1.7600.16385	Kernel Driver	Running
Rasl2tp	WAN Miniport (L2TP)	rasl2tp.sys	6.1.7601.17514	Kernel Driver	Running
RasPppoe	Remote Access PPPOE Driver	raspppoe.sys	6.1.7600.16385	Kernel Driver	Running
RasSstp	WAN Miniport (SSTP)	rassstp.sys	6.1.7600.16385	Kernel Driver	Running
rdbss	Redirected Buffering Sub Sysytem	rdbss.sys	6.1.7601.17514	File System Driver	Running
rdpbus	Remote Desktop Device Redirector Bus Driver	rdpbus.sys	6.1.7600.16385	Kernel Driver	Running
RDPCDD	RDPCDD	RDPCDD.sys	6.1.7600.16385	Kernel Driver	Running
RDPDR	Terminal Server Device Redirector Driver	rdpdr.sys	6.1.7601.17514	Kernel Driver	Stopped
RDPENCDD	RDP Encoder Mirror Driver	rdpencdd.sys	6.1.7600.16385	Kernel Driver	Running
RDPREFMP	Reflector Display Driver used to gain access to graphics data	rdprefmp.sys	6.1.7600.16385	Kernel Driver	Running
RDPWD	RDP Winstation Driver			Kernel Driver	Stopped
rdyboost	ReadyBoost	rdyboost.sys	6.1.7601.17514	Kernel Driver	Running
rspndr	Link-Layer Topology Discovery Responder	rspndr.sys	6.1.7600.16385	Kernel Driver	Running
RSUSBVSTOR	RtsUVStor.Sys Realtek USB Card Reader	RtsUVStor.sys	6.3.9600.39057	Kernel Driver	Running
RTL8167	Realtek 8167 NT Driver	Rt64win7.sys	7.92.115.2015	Kernel Driver	Running
s3cap	s3cap	vms3cap.sys	6.1.7601.17514	Kernel Driver	Stopped
sbp2port	sbp2port	sbp2port.sys	6.1.7601.17514	Kernel Driver	Stopped
scfilter	Smart card PnP Class Filter Driver	scfilter.sys	6.1.7601.17514	Kernel Driver	Stopped
secdrv	Security Driver			Kernel Driver	Running
Serenum	Serenum Filter Driver	serenum.sys	6.1.7600.16385	Kernel Driver	Stopped
Serial	Serial	serial.sys	6.1.7600.16385	Kernel Driver	Stopped
sermouse	Serial Mouse Driver	sermouse.sys	6.1.7600.16385	Kernel Driver	Stopped
sffdisk	SFF Storage Class Driver	sffdisk.sys	6.1.7600.16385	Kernel Driver	Stopped
sffp_mmc	SFF Storage Protocol Driver for MMC	sffp_mmc.sys	6.1.7600.16385	Kernel Driver	Stopped
sffp_sd	SFF Storage Protocol Driver for SDBus	sffp_sd.sys	6.1.7601.17514	Kernel Driver	Stopped
sfloppy	High-Capacity Floppy Disk Drive	sfloppy.sys	6.1.7600.16385	Kernel Driver	Stopped
SiSRaid2	SiSRaid2	SiSRaid2.sys	5.1.1039.2600	Kernel Driver	Stopped
SiSRaid4	SiSRaid4	sisraid4.sys	5.1.1039.3600	Kernel Driver	Stopped
Smb	Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)	smb.sys	6.1.7600.16385	Kernel Driver	Stopped
spldr	Security Processor Loader Driver			Kernel Driver	Running
srv	Server SMB 1.xxx Driver	srv.sys	6.1.7601.17514	File System Driver	Running
srv2	Server SMB 2.xxx Driver	srv2.sys	6.1.7601.17514	File System Driver	Running
srvnet	srvnet	srvnet.sys	6.1.7601.17514	File System Driver	Running
stexstor	stexstor	stexstor.sys	5.0.1.1	Kernel Driver	Stopped
storflt	Disk Virtual Machine Bus Acceleration Filter Driver	vmstorfl.sys	6.1.7601.17514	Kernel Driver	Running
storvsc	storvsc	storvsc.sys	6.1.7601.17514	Kernel Driver	Stopped
swenum	Software Bus Driver	swenum.sys	6.1.7600.16385	Kernel Driver	Running
Tcpip	TCP/IP Protocol Driver	tcpip.sys	6.1.7601.17514	Kernel Driver	Running
TCPIP6	Microsoft IPv6 Protocol Driver	tcpip.sys	6.1.7601.17514	Kernel Driver	Stopped
tcpipreg	TCP/IP Registry Compatibility	tcpipreg.sys	6.1.7601.17514	Kernel Driver	Running
TDPIPE	TDPIPE	tdpipe.sys	6.1.7600.16385	Kernel Driver	Stopped
TDTCP	TDTCP	tdtcp.sys	6.1.7600.16385	Kernel Driver	Stopped
tdx	NetIO Legacy TDI Support Driver	tdx.sys	6.1.7601.17514	Kernel Driver	Running
TermDD	Terminal Device Driver	termdd.sys	6.1.7601.17514	Kernel Driver	Running
tssecsrv	Remote Desktop Services Security Filter Driver	tssecsrv.sys	6.1.7601.17514	Kernel Driver	Stopped
TsUsbFlt	TsUsbFlt	tsusbflt.sys	6.1.7601.17514	Kernel Driver	Stopped
TsUsbGD	Remote Desktop Generic USB Device	TsUsbGD.sys	6.1.7601.17514	Kernel Driver	Stopped
tunnel	Microsoft Tunnel Miniport Adapter Driver	tunnel.sys	6.1.7601.17514	Kernel Driver	Running
uagp35	Microsoft AGPv3.5 Filter	uagp35.sys	6.1.7600.16385	Kernel Driver	Stopped
udfs	udfs	udfs.sys	6.1.7601.17514	File System Driver	Stopped
uliagpkx	Uli AGP Bus Filter	uliagpkx.sys	6.1.7600.16385	Kernel Driver	Stopped
umbus	UMBus Enumerator Driver	umbus.sys	6.1.7601.17514	Kernel Driver	Running
UmPass	Microsoft UMPass Driver	umpass.sys	6.1.7600.16385	Kernel Driver	Stopped
usbccgp	Microsoft USB Generic Parent Driver	usbccgp.sys	6.1.7601.17514	Kernel Driver	Running
usbcir	eHome Infrared Receiver (USBCIR)	usbcir.sys	6.1.7600.16385	Kernel Driver	Stopped
usbehci	Microsoft USB 2.0 Enhanced Host Controller Miniport Driver	usbehci.sys	6.1.7601.17514	Kernel Driver	Running
usbhub	Microsoft USB Standard Hub Driver	usbhub.sys	6.1.7601.17514	Kernel Driver	Running
usbohci	Microsoft USB Open Host Controller Miniport Driver	usbohci.sys	6.1.7600.16385	Kernel Driver	Stopped
usbprint	Microsoft USB PRINTER Class	usbprint.sys	6.1.7600.16385	Kernel Driver	Stopped
USBSTOR	USB Mass Storage Driver	USBSTOR.SYS	6.1.7601.17514	Kernel Driver	Running
usbuhci	Microsoft USB Universal Host Controller Miniport Driver	usbuhci.sys	6.1.7600.16385	Kernel Driver	Stopped
usbvideo	USB Video Device (WDM)	usbvideo.sys	6.1.7601.17514	Kernel Driver	Running
vdrvroot	Microsoft Virtual Drive Enumerator Driver	vdrvroot.sys	6.1.7600.16385	Kernel Driver	Running
vga	vga	vgapnp.sys	6.1.7600.16385	Kernel Driver	Stopped
VgaSave	VgaSave	vga.sys	6.1.7600.16385	Kernel Driver	Running
vhdmp	vhdmp	vhdmp.sys	6.1.7601.17514	Kernel Driver	Stopped
viaide	viaide	viaide.sys	6.0.6000.170	Kernel Driver	Stopped
vmbus	vmbus	vmbus.sys	6.1.7601.17514	Kernel Driver	Stopped
VMBusHID	VMBusHID	VMBusHID.sys	6.1.7601.17514	Kernel Driver	Stopped
volmgr	Volume Manager Driver	volmgr.sys	6.1.7601.17514	Kernel Driver	Running
volmgrx	Dynamic Volume Manager	volmgrx.sys	6.1.7601.17514	Kernel Driver	Running
volsnap	Storage volumes	volsnap.sys	6.1.7601.17514	Kernel Driver	Running
vsmraid	vsmraid	vsmraid.sys	6.0.6000.6210	Kernel Driver	Stopped
vwifibus	Virtual WiFi Bus Driver	vwifibus.sys	6.1.7600.16385	Kernel Driver	Running
vwififlt	Virtual WiFi Filter Driver	vwififlt.sys	6.1.7600.16385	Kernel Driver	Running
WacomPen	Wacom Serial Pen HID Driver	wacompen.sys	6.1.7600.16385	Kernel Driver	Stopped
WANARP	Remote Access IP ARP Driver	wanarp.sys	6.1.7601.17514	Kernel Driver	Stopped
Wanarpv6	Remote Access IPv6 ARP Driver	wanarp.sys	6.1.7601.17514	Kernel Driver	Running
Wd	Wd	wd.sys	6.1.7600.16385	Kernel Driver	Stopped
Wdf01000	Kernel Mode Driver Frameworks service	Wdf01000.sys	1.11.9200.16384	Kernel Driver	Running
WfpLwf	WFP Lightweight Filter	wfplwf.sys	6.1.7600.16385	Kernel Driver	Running
WIMMount	WIMMount	wimmount.sys	6.1.7600.16385	File System Driver	Stopped
WmiAcpi	Microsoft Windows Management Interface for ACPI	wmiacpi.sys	6.1.7600.16385	Kernel Driver	Running
ws2ifsl	Winsock IFS Driver	ws2ifsl.sys	6.1.7600.16385	Kernel Driver	Stopped
WudfPf	User Mode Driver Frameworks Platform Driver	WudfPf.sys	6.1.7601.17514	Kernel Driver	Running
WUDFRd	WUDFRd	WUDFRd.sys	6.1.7601.17514	Kernel Driver	Stopped

Services


Service Name	Service Description	File Name	Version	Type	State	Account
AeLookupSvc	Application Experience	svchost.exe	6.1.7600.16385	Share Process	Running	localSystem
ALG	Application Layer Gateway Service	alg.exe	6.1.7600.16385	Own Process	Stopped	NT AUTHORITY\LocalService
AppIDSvc	Application Identity	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT Authority\LocalService
Appinfo	Application Information	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
AppMgmt	Application Management	svchost.exe	6.1.7600.16385	Share Process	Stopped	LocalSystem
AudioEndpointBuilder	Windows Audio Endpoint Builder	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
AudioSrv	Windows Audio	svchost.exe	6.1.7600.16385	Share Process	Running	NT AUTHORITY\LocalService
AxInstSV	ActiveX Installer (AxInstSV)	svchost.exe	6.1.7600.16385	Share Process	Stopped	LocalSystem
BDESVC	BitLocker Drive Encryption Service	svchost.exe	6.1.7600.16385	Share Process	Stopped	localSystem
BFE	Base Filtering Engine	svchost.exe	6.1.7600.16385	Share Process	Running	NT AUTHORITY\LocalService
BITS	Background Intelligent Transfer Service	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
Browser	Computer Browser	svchost.exe	6.1.7600.16385	Share Process	Stopped	LocalSystem
bthserv	Bluetooth Support Service	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\LocalService
CertPropSvc	Certificate Propagation	svchost.exe	6.1.7600.16385	Share Process	Stopped	LocalSystem
clr_optimization_v2.0.50727_32	Microsoft .NET Framework NGEN v2.0.50727_X86	mscorsvw.exe	2.0.50727.4927	Own Process	Running	LocalSystem
clr_optimization_v2.0.50727_64	Microsoft .NET Framework NGEN v2.0.50727_X64	mscorsvw.exe	2.0.50727.4927	Own Process	Running	LocalSystem
COMSysApp	COM+ System Application	dllhost.exe	6.1.7600.16385	Own Process	Stopped	LocalSystem
CryptSvc	Cryptographic Services	svchost.exe	6.1.7600.16385	Share Process	Running	NT Authority\NetworkService
CscService	Offline Files	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
DcomLaunch	DCOM Server Process Launcher	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
defragsvc	Disk Defragmenter	svchost.exe	6.1.7600.16385	Own Process	Stopped	localSystem
Dhcp	DHCP Client	svchost.exe	6.1.7600.16385	Share Process	Running	NT Authority\LocalService
Dnscache	DNS Client	svchost.exe	6.1.7600.16385	Share Process	Running	NT AUTHORITY\NetworkService
dot3svc	Wired AutoConfig	svchost.exe	6.1.7600.16385	Share Process	Stopped	localSystem
DPS	Diagnostic Policy Service	svchost.exe	6.1.7600.16385	Share Process	Running	NT AUTHORITY\LocalService
EapHost	Extensible Authentication Protocol	svchost.exe	6.1.7600.16385	Share Process	Running	localSystem
EFS	Encrypting File System (EFS)	lsass.exe	6.1.7600.16385	Share Process	Stopped	LocalSystem
ehRecvr	Windows Media Center Receiver Service	ehRecvr.exe	6.1.7601.17514	Own Process	Stopped	NT AUTHORITY\networkService
ehSched	Windows Media Center Scheduler Service	ehsched.exe	6.1.7600.16385	Own Process	Stopped	NT AUTHORITY\networkService
eventlog	Windows Event Log	svchost.exe	6.1.7600.16385	Share Process	Running	NT AUTHORITY\LocalService
EventSystem	COM+ Event System	svchost.exe	6.1.7600.16385	Share Process	Running	NT AUTHORITY\LocalService
Fax	Fax	fxssvc.exe	6.1.7601.17514	Own Process	Stopped	NT AUTHORITY\NetworkService
fdPHost	Function Discovery Provider Host	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\LocalService
FDResPub	Function Discovery Resource Publication	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\LocalService
FontCache	Windows Font Cache Service	svchost.exe	6.1.7600.16385	Share Process	Running	NT AUTHORITY\LocalService
FontCache3.0.0.0	Windows Presentation Foundation Font Cache 3.0.0.0	PresentationFontCache.exe	3.0.6920.5011	Own Process	Stopped	NT Authority\LocalService
gpsvc	Group Policy Client	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
hidserv	Human Interface Device Access	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
hkmsvc	Health Key and Certificate Management	svchost.exe	6.1.7600.16385	Share Process	Stopped	localSystem
HomeGroupListener	HomeGroup Listener	svchost.exe	6.1.7600.16385	Share Process	Stopped	LocalSystem
HomeGroupProvider	HomeGroup Provider	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\LocalService
idsvc	Windows CardSpace	infocard.exe	3.0.4506.5420	Share Process	Stopped	LocalSystem
IKEEXT	IKE and AuthIP IPsec Keying Modules	svchost.exe	6.1.7600.16385	Share Process	Stopped	LocalSystem
IPBusEnum	PnP-X IP Bus Enumerator	svchost.exe	6.1.7600.16385	Share Process	Stopped	LocalSystem
iphlpsvc	IP Helper	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
KeyIso	CNG Key Isolation	lsass.exe	6.1.7600.16385	Share Process	Running	LocalSystem
KtmRm	KtmRm for Distributed Transaction Coordinator	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\NetworkService
LanmanServer	Server	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
LanmanWorkstation	Workstation	svchost.exe	6.1.7600.16385	Share Process	Running	NT AUTHORITY\NetworkService
lltdsvc	Link-Layer Topology Discovery Mapper	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\LocalService
lmhosts	TCP/IP NetBIOS Helper	svchost.exe	6.1.7600.16385	Share Process	Running	NT AUTHORITY\LocalService
Mcx2Svc	Media Center Extender Service	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT Authority\LocalService
MMCSS	Multimedia Class Scheduler	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
MpsSvc	Windows Firewall	svchost.exe	6.1.7600.16385	Share Process	Running	NT Authority\LocalService
MSDTC	Distributed Transaction Coordinator	msdtc.exe	2001.12.8530.16385	Own Process	Stopped	NT AUTHORITY\NetworkService
MSiSCSI	Microsoft iSCSI Initiator Service	svchost.exe	6.1.7600.16385	Share Process	Stopped	LocalSystem
msiserver	Windows Installer	msiexec.exe	5.0.7601.17514	Own Process	Stopped	LocalSystem
napagent	Network Access Protection Agent	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\NetworkService
Netlogon	Netlogon	lsass.exe	6.1.7600.16385	Share Process	Stopped	LocalSystem
Netman	Network Connections	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
netprofm	Network List Service	svchost.exe	6.1.7600.16385	Share Process	Running	NT AUTHORITY\LocalService
NetTcpPortSharing	Net.Tcp Port Sharing Service	SMSvcHost.exe	3.0.4506.4926	Share Process	Stopped	NT AUTHORITY\LocalService
NlaSvc	Network Location Awareness	svchost.exe	6.1.7600.16385	Share Process	Running	NT AUTHORITY\NetworkService
nsi	Network Store Interface Service	svchost.exe	6.1.7600.16385	Share Process	Running	NT Authority\LocalService
nvsvc	NVIDIA Display Driver Service	nvvsvc.exe	8.17.13.5286	Own Process	Running	LocalSystem
p2pimsvc	Peer Networking Identity Manager	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\LocalService
p2psvc	Peer Networking Grouping	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\LocalService
PcaSvc	Program Compatibility Assistant Service	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
PeerDistSvc	BranchCache	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\NetworkService
PerfHost	Performance Counter DLL Host	perfhost.exe	6.1.7600.16385	Own Process	Stopped	NT AUTHORITY\LocalService
pla	Performance Logs & Alerts	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\LocalService
PlugPlay	Plug and Play	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
PNRPAutoReg	PNRP Machine Name Publication Service	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\LocalService
PNRPsvc	Peer Name Resolution Protocol	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\LocalService
PolicyAgent	IPsec Policy Agent	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT Authority\NetworkService
Power	Power	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
ProfSvc	User Profile Service	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
ProtectedStorage	Protected Storage	lsass.exe	6.1.7600.16385	Share Process	Stopped	LocalSystem
QWAVE	Quality Windows Audio Video Experience	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\LocalService
RasAuto	Remote Access Auto Connection Manager	svchost.exe	6.1.7600.16385	Share Process	Stopped	localSystem
RasMan	Remote Access Connection Manager	svchost.exe	6.1.7600.16385	Share Process	Stopped	localSystem
RemoteAccess	Routing and Remote Access	svchost.exe	6.1.7600.16385	Share Process	Stopped	localSystem
RemoteRegistry	Remote Registry	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\LocalService
RpcEptMapper	RPC Endpoint Mapper	svchost.exe	6.1.7600.16385	Share Process	Running	NT AUTHORITY\NetworkService
RpcLocator	Remote Procedure Call (RPC) Locator	locator.exe	6.1.7600.16385	Own Process	Stopped	NT AUTHORITY\NetworkService
RpcSs	Remote Procedure Call (RPC)	svchost.exe	6.1.7600.16385	Share Process	Running	NT AUTHORITY\NetworkService
SamSs	Security Accounts Manager	lsass.exe	6.1.7600.16385	Share Process	Running	LocalSystem
SCardSvr	Smart Card	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\LocalService
Schedule	Task Scheduler	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
SCPolicySvc	Smart Card Removal Policy	svchost.exe	6.1.7600.16385	Share Process	Stopped	LocalSystem
SDRSVC	Windows Backup	svchost.exe	6.1.7600.16385	Own Process	Stopped	localSystem
seclogon	Secondary Logon	svchost.exe	6.1.7600.16385	Share Process	Stopped	LocalSystem
SENS	System Event Notification Service	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
SensrSvc	Adaptive Brightness	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\LocalService
SessionEnv	Remote Desktop Configuration	svchost.exe	6.1.7600.16385	Share Process	Stopped	localSystem
SharedAccess	Internet Connection Sharing (ICS)	svchost.exe	6.1.7600.16385	Share Process	Stopped	LocalSystem
ShellHWDetection	Shell Hardware Detection	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
SNMPTRAP	SNMP Trap	snmptrap.exe	6.1.7600.16385	Own Process	Stopped	NT AUTHORITY\LocalService
Spooler	Print Spooler	spoolsv.exe	6.1.7601.17514	Own Process	Running	LocalSystem
sppsvc	Software Protection	sppsvc.exe	6.1.7601.17514	Own Process	Running	NT AUTHORITY\NetworkService
sppuinotify	SPP Notification Service	svchost.exe	6.1.7600.16385	Share Process	Running	NT AUTHORITY\LocalService
SSDPSRV	SSDP Discovery	svchost.exe	6.1.7600.16385	Share Process	Running	NT AUTHORITY\LocalService
SstpSvc	Secure Socket Tunneling Protocol Service	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT Authority\LocalService
stisvc	Windows Image Acquisition (WIA)	svchost.exe	6.1.7600.16385	Own Process	Stopped	NT Authority\LocalService
StorSvc	Storage Service	svchost.exe	6.1.7600.16385	Share Process	Stopped	LocalSystem
swprv	Microsoft Software Shadow Copy Provider	svchost.exe	6.1.7600.16385	Own Process	Stopped	LocalSystem
SysMain	Superfetch	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
TabletInputService	Tablet PC Input Service	svchost.exe	6.1.7600.16385	Share Process	Stopped	LocalSystem
TapiSrv	Telephony	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\NetworkService
TBS	TPM Base Services	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\LocalService
TermService	Remote Desktop Services	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT Authority\NetworkService
Themes	Themes	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
THREADORDER	Thread Ordering Server	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\LocalService
TrkWks	Distributed Link Tracking Client	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
TrustedInstaller	Windows Modules Installer	TrustedInstaller.exe	6.1.7601.17514	Own Process	Stopped	localSystem
UI0Detect	Interactive Services Detection	UI0Detect.exe	6.1.7600.16385	Own Process	Stopped	LocalSystem
UmRdpService	Remote Desktop Services UserMode Port Redirector	svchost.exe	6.1.7600.16385	Share Process	Stopped	localSystem
upnphost	UPnP Device Host	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\LocalService
UxSms	Desktop Window Manager Session Manager	svchost.exe	6.1.7600.16385	Share Process	Running	localSystem
VaultSvc	Credential Manager	lsass.exe	6.1.7600.16385	Share Process	Stopped	LocalSystem
vds	Virtual Disk	vds.exe	6.1.7601.17514	Own Process	Stopped	LocalSystem
VSS	Volume Shadow Copy	vssvc.exe	6.1.7601.17514	Own Process	Stopped	LocalSystem
W32Time	Windows Time	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\LocalService
wbengine	Block Level Backup Engine Service	wbengine.exe	6.1.7601.17514	Own Process	Stopped	localSystem
WbioSrvc	Windows Biometric Service	svchost.exe	6.1.7600.16385	Share Process	Stopped	LocalSystem
wcncsvc	Windows Connect Now - Config Registrar	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\LocalService
WcsPlugInService	Windows Color System	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\LocalService
WdiServiceHost	Diagnostic Service Host	svchost.exe	6.1.7600.16385	Share Process	Running	NT AUTHORITY\LocalService
WdiSystemHost	Diagnostic System Host	svchost.exe	6.1.7600.16385	Share Process	Stopped	LocalSystem
WebClient	WebClient	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\LocalService
Wecsvc	Windows Event Collector	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\NetworkService
wercplsupport	Problem Reports and Solutions Control Panel Support	svchost.exe	6.1.7600.16385	Share Process	Stopped	localSystem
WerSvc	Windows Error Reporting Service	svchost.exe	6.1.7600.16385	Share Process	Stopped	localSystem
WinDefend	Windows Defender	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
WinHttpAutoProxySvc	WinHTTP Web Proxy Auto-Discovery Service	svchost.exe	6.1.7600.16385	Share Process	Running	NT AUTHORITY\LocalService
Winmgmt	Windows Management Instrumentation	svchost.exe	6.1.7600.16385	Share Process	Running	localSystem
WinRM	Windows Remote Management (WS-Management)	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT AUTHORITY\NetworkService
Wlansvc	WLAN AutoConfig	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
wmiApSrv	WMI Performance Adapter	WmiApSrv.exe	6.1.7600.16385	Own Process	Stopped	localSystem
WMPNetworkSvc	Windows Media Player Network Sharing Service	wmpnetwk.exe		Own Process	Stopped	NT AUTHORITY\NetworkService
WPCSvc	Parental Controls	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT Authority\LocalService
WPDBusEnum	Portable Device Enumerator Service	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
wscsvc	Security Center	svchost.exe	6.1.7600.16385	Share Process	Running	NT AUTHORITY\LocalService
WSearch	Windows Search	SearchIndexer.exe	7.0.7600.16385	Own Process	Running	LocalSystem
wuauserv	Windows Update	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
wudfsvc	Windows Driver Foundation - User-mode Driver Framework	svchost.exe	6.1.7600.16385	Share Process	Running	LocalSystem
WwanSvc	WWAN AutoConfig	svchost.exe	6.1.7600.16385	Share Process	Stopped	NT Authority\LocalService

AX Files


AX File	Version	Description
bdaplgin.ax	6.1.7600.16385	Microsoft BDA Device Control Plug-in for MPEG2 based networks.
g711codc.ax	6.1.7601.17514	Intel G711 CODEC
iac25_32.ax	2.0.5.53	Indeo® audio software
ir41_32.ax	4.51.16.3	Intel Indeo® Video 4.5
ivfsrc.ax	5.10.2.51	Intel Indeo® video IVF Source Filter 5.10
ksproxy.ax	6.1.7601.17514	WDM Streaming ActiveMovie Proxy
kstvtune.ax	6.1.7601.17514	WDM Streaming TvTuner
kswdmcap.ax	6.1.7601.17514	WDM Streaming Video Capture
ksxbar.ax	6.1.7601.17514	WDM Streaming Crossbar
mpeg2data.ax	6.6.7601.17514	Microsoft MPEG-2 Section and Table Acquisition Module
mpg2splt.ax	6.6.7601.17514	DirectShow MPEG-2 Splitter.
msdvbnp.ax	6.6.7601.17514	Microsoft Network Provider for MPEG2 based networks.
msnp.ax	6.6.7601.17514	Microsoft Network Provider for MPEG2 based networks.
psisrndr.ax	6.6.7601.17514	Microsoft Transport Information Filter for MPEG2 based networks.
vbicodec.ax	6.6.7601.17514	Microsoft VBI Codec
vbisurf.ax	6.1.7601.17514	VBI Surface Allocator Filter
vidcap.ax	6.1.7600.16385	Video Capture Interface Server
wstpager.ax	6.6.7601.17514	Microsoft Teletext Server

DLL Files


DLL File	Version	Description
aaclient.dll	6.1.7601.17514	Anywhere access client
accessibilitycpl.dll	6.1.7601.17514	Ease of access control panel
acctres.dll	6.1.7600.16385	Microsoft Internet Account Manager Resources
acledit.dll	6.1.7600.16385	Access Control List Editor
aclui.dll	6.1.7600.16385	Security Descriptor Editor
acppage.dll	6.1.7601.17514	Compatibility Tab Shell Extension Library
actioncenter.dll	6.1.7601.17514	Action Center
actioncentercpl.dll	6.1.7601.17514	Action Center Control Panel
activeds.dll	6.1.7601.17514	ADs Router Layer DLL
actxprxy.dll	6.1.7601.17514	ActiveX Interface Marshaling Library
admparse.dll	8.0.7600.16385	IEAK Global Policy Template Parser
admtmpl.dll	6.1.7601.17514	Administrative Templates Extension
adprovider.dll	6.1.7600.16385	adprovider DLL
adsldp.dll	6.1.7601.17514	ADs LDAP Provider DLL
adsldpc.dll	6.1.7600.16385	ADs LDAP Provider C DLL
adsmsext.dll	6.1.7600.16385	ADs LDAP Provider DLL
adsnt.dll	6.1.7600.16385	ADs Windows NT Provider DLL
adtschema.dll	6.1.7600.16385	Security Audit Schema DLL
advapi32.dll	6.1.7601.17514	Advanced Windows 32 Base API
advpack.dll	8.0.7600.16385	ADVPACK
aecache.dll	6.1.7600.16385	AECache Sysprep Plugin
aeevts.dll	6.1.7600.16385	Application Experience Event Resources
alttab.dll	6.1.7600.16385	Windows Shell Alt Tab
amstream.dll	6.6.7601.17514	DirectShow Runtime.
amxread.dll	6.1.7600.16385	API Tracing Manifest Read Library
apds.dll	6.1.7600.16385	Microsoft® Help Data Services Module
apilogen.dll	6.1.7600.16385	API Tracing Log Engine
api-ms-win-core-console-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-datetime-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-debug-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-delayload-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-errorhandling-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-fibers-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-file-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-handle-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-heap-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-interlocked-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-io-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-libraryloader-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-localization-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-localregistry-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-memory-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-misc-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-namedpipe-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-processenvironment-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-processthreads-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-profile-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-rtlsupport-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-string-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-synch-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-sysinfo-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-threadpool-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-util-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-core-xstate-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-security-base-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-security-lsalookup-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-security-sddl-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-service-core-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-service-management-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-service-management-l2-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
api-ms-win-service-winsvc-l1-1-0.dll	6.1.7600.16385	ApiSet Stub DLL
apircl.dll	6.1.7600.16385	Microsoft® InfoTech IR Local DLL
apisetschema.dll	6.1.7600.16385	ApiSet Schema DLL
apphelp.dll	6.1.7601.17514	Application Compatibility Client Library
apphlpdm.dll	6.1.7600.16385	Application Compatibility Help Module
appidapi.dll	6.1.7600.16385	Application Identity APIs Dll
appidpolicyengineapi.dll	6.1.7600.16385	AppId Policy Engine API Module
appmgmts.dll	6.1.7600.16385	Software installation Service
appmgr.dll	6.1.7601.17514	Software Installation Snapin Extenstion
apss.dll	6.1.7600.16385	Microsoft® InfoTech Storage System Library
asferror.dll	12.0.7600.16385	ASF Error Definitions
asycfilt.dll	6.1.7601.17514
atl.dll	3.5.2284.0	ATL Module for Windows XP (Unicode)
atmfd.dll	5.1.2.230	Windows NT OpenType/Type 1 Font Driver
atmlib.dll	5.1.2.230	Windows NT OpenType/Type 1 API Library.
audiodev.dll	6.1.7601.17514	Portable Media Devices Shell Extension
audioeng.dll	6.1.7600.16385	Audio Engine
audiokse.dll	6.1.7600.16385	Audio Ks Endpoint
audioses.dll	6.1.7601.17514	Audio Session
auditnativesnapin.dll	6.1.7600.16385	Audit Policy Group Policy Editor Extension
auditpolicygpinterop.dll	6.1.7600.16385	Audit Policy GP Module
auditpolmsg.dll	6.1.7600.16385	Audit Policy MMC SnapIn Messages
authfwcfg.dll	6.1.7600.16385	Windows Firewall with Advanced Security Configuration Helper
authfwgp.dll	6.1.7600.16385	Windows Firewall with Advanced Security Group Policy Editor Extension
authfwsnapin.dll	6.1.7601.17514	Microsoft.WindowsFirewall.SnapIn
authfwwizfwk.dll	6.1.7600.16385	Wizard Framework
authui.dll	6.1.7601.17514	Windows Authentication UI
authz.dll	6.1.7600.16385	Authorization Framework
autoplay.dll	6.1.7601.17514	AutoPlay Control Panel
auxiliarydisplayapi.dll	6.1.7600.16385	Microsoft Windows SideShow API
auxiliarydisplaycpl.dll	6.1.7601.17514	Microsoft Windows SideShow Control Panel
avicap32.dll	6.1.7600.16385	AVI Capture window class
avifil32.dll	6.1.7601.17514	Microsoft AVI File support library
avrt.dll	6.1.7600.16385	Multimedia Realtime Runtime
azroles.dll	6.1.7601.17514	azroles Module
azroleui.dll	6.1.7601.17514	Authorization Manager
azsqlext.dll	6.1.7601.17514	AzMan Sql Audit Extended Stored Procedures Dll
basecsp.dll	6.1.7601.17514	Microsoft Base Smart Card Crypto Provider
batmeter.dll	6.1.7601.17514	Battery Meter Helper DLL
bcrypt.dll	6.1.7600.16385	Windows Cryptographic Primitives Library (Wow64)
bcryptprimitives.dll	6.1.7600.16385	Windows Cryptographic Primitives Library
bidispl.dll	6.1.7600.16385	Bidispl DLL
biocredprov.dll	6.1.7600.16385	WinBio Credential Provider
bitsperf.dll	7.5.7601.17514	Perfmon Counter Access
bitsprx2.dll	7.5.7600.16385	Background Intelligent Transfer Service Proxy
bitsprx3.dll	7.5.7600.16385	Background Intelligent Transfer Service 2.0 Proxy
bitsprx4.dll	7.5.7600.16385	Background Intelligent Transfer Service 2.5 Proxy
bitsprx5.dll	7.5.7600.16385	Background Intelligent Transfer Service 3.0 Proxy
bitsprx6.dll	7.5.7600.16385	Background Intelligent Transfer Service 4.0 Proxy
blackbox.dll	11.0.7601.17514	BlackBox DLL
bootvid.dll	6.1.7600.16385	VGA Boot Driver
browcli.dll	6.1.7601.17514	Browser Service Client DLL
browseui.dll	6.1.7601.17514	Shell Browser UI Library
btpanui.dll	6.1.7600.16385	Bluetooth PAN User Interface
bwcontexthandler.dll	1.0.0.1	ContextH Application
bwunpairelevated.dll	6.1.7600.16385	BWUnpairElevated Proxy Dll
c_g18030.dll	6.1.7600.16385	GB18030 DBCS-Unicode Conversion DLL
c_is2022.dll	6.1.7600.16385	ISO-2022 Code Page Translation DLL
c_iscii.dll	6.1.7601.17514	ISCII Code Page Translation DLL
cabinet.dll	6.1.7601.17514	Microsoft® Cabinet File API
cabview.dll	6.1.7601.17514	Cabinet File Viewer Shell Extension
capiprovider.dll	6.1.7600.16385	capiprovider DLL
capisp.dll	6.1.7600.16385	Sysprep cleanup dll for CAPI
catsrv.dll	2001.12.8530.16385	COM+ Configuration Catalog Server
catsrvps.dll	2001.12.8530.16385	COM+ Configuration Catalog Server Proxy/Stub
catsrvut.dll	2001.12.8530.16385	COM+ Configuration Catalog Server Utilities
cca.dll	6.6.7601.17514	CCA DirectShow Filter.
cdosys.dll	6.6.7601.17514	Microsoft CDO for Windows Library
certcli.dll	6.1.7601.17514	Microsoft® Active Directory Certificate Services Client
certcredprovider.dll	6.1.7600.16385	Cert Credential Provider
certenc.dll	6.1.7600.16385	Active Directory Certificate Services Encoding
certenroll.dll	6.1.7601.17514	Microsoft® Active Directory Certificate Services Enrollment Client
certenrollui.dll	6.1.7600.16385	X509 Certificate Enrollment UI
certmgr.dll	6.1.7601.17514	Certificates snap-in
certpoleng.dll	6.1.7601.17514	Certificate Policy Engine
cewmdm.dll	12.0.7600.16385	Windows CE WMDM Service Provider
cfgbkend.dll	6.1.7600.16385	Configuration Backend Interface
cfgmgr32.dll	6.1.7601.17514	Configuration Manager DLL
chsbrkr.dll	6.1.7600.16385	Simplified Chinese Word Breaker
chtbrkr.dll	6.1.7600.16385	Chinese Traditional Word Breaker
chxreadingstringime.dll	6.1.7600.16385	CHxReadingStringIME
cic.dll	6.1.7600.16385	CIC - MMC controls for Taskpad
clb.dll	6.1.7600.16385	Column List Box
clbcatq.dll	2001.12.8530.16385	COM+ Configuration Catalog
clfsw32.dll	6.1.7600.16385	Common Log Marshalling Win32 DLL
cliconfg.dll	6.1.7600.16385	SQL Client Configuration Utility DLL
clusapi.dll	6.1.7601.17514	Cluster API Library
cmcfg32.dll	7.2.7600.16385	Microsoft Connection Manager Configuration Dll
cmdial32.dll	7.2.7600.16385	Microsoft Connection Manager
cmicryptinstall.dll	6.1.7600.16385	Installers for cryptographic elements of CMI objects
cmifw.dll	6.1.7600.16385	Windows Firewall rule configuration plug-in
cmipnpinstall.dll	6.1.7600.16385	PNP plugin installer for CMI
cmlua.dll	7.2.7600.16385	Connection Manager Admin API Helper
cmpbk32.dll	7.2.7600.16385	Microsoft Connection Manager Phonebook
cmstplua.dll	7.2.7600.16385	Connection Manager Admin API Helper for Setup
cmutil.dll	7.2.7600.16385	Microsoft Connection Manager Utility Lib
cngaudit.dll	6.1.7600.16385	Windows Cryptographic Next Generation audit library
cngprovider.dll	6.1.7600.16385	cngprovider DLL
cnvfat.dll	6.1.7600.16385	FAT File System Conversion Utility DLL
colbact.dll	2001.12.8530.16385	COM+
colorcnv.dll	6.1.7600.16385	Windows Media Color Conversion
colorui.dll	6.1.7600.16385	Microsoft Color Control Panel
comcat.dll	6.1.7600.16385	Microsoft Component Category Manager Library
comctl32.dll	5.82.7601.17514	User Experience Controls Library
comdlg32.dll	6.1.7601.17514	Common Dialogs DLL
compobj.dll	2.10.35.35	OLE 2.1 16/32 Interoperability Library
compstui.dll	6.1.7600.16385	Common Property Sheet User Interface DLL
comrepl.dll	2001.12.8530.16385	COM+
comres.dll	2001.12.8530.16385	COM+ Resources
comsnap.dll	2001.12.8530.16385	COM+ Explorer MMC Snapin
comsvcs.dll	2001.12.8530.16385	COM+ Services
comuid.dll	2001.12.8530.16385	COM+ Explorer UI
connect.dll	6.1.7600.16385	Get Connected Wizards
console.dll	6.1.7600.16385	Control Panel Console Applet
corpol.dll	8.0.7600.16385	Microsoft COM Runtime Execution Engine
cpfilters.dll	6.6.7601.17514	PTFilter & Encypter/Decrypter Tagger Filters.
credssp.dll	6.1.7601.17514	Credential Delegation Security Package
credui.dll	6.1.7601.17514	Credential Manager User Interface
crtdll.dll	4.0.1183.1	Microsoft C Runtime Library
crypt32.dll	6.1.7601.17514	Crypto API32
cryptbase.dll	6.1.7600.16385	Base cryptographic API DLL
cryptdlg.dll	6.1.7600.16385	Microsoft Common Certificate Dialogs
cryptdll.dll	6.1.7600.16385	Cryptography Manager
cryptext.dll	6.1.7600.16385	Crypto Shell Extensions
cryptnet.dll	6.1.7600.16385	Crypto Network Related API
cryptsp.dll	6.1.7600.16385	Cryptographic Service Provider API
cryptsvc.dll	6.1.7601.17514	Cryptographic Services
cryptui.dll	6.1.7601.17514	Microsoft Trust UI Provider
cryptxml.dll	6.1.7600.16385	XML DigSig API
cscapi.dll	6.1.7601.17514	Offline Files Win32 API
cscdll.dll	6.1.7601.17514	Offline Files Temporary Shim
cscobj.dll	6.1.7601.17514	In-proc COM object used by clients of CSC API
ctl3d32.dll	2.31.0.0	Ctl3D 3D Windows Controls
d2d1.dll	6.1.7601.17514	Microsoft D2D Library
d3d10.dll	6.1.7600.16385	Direct3D 10 Runtime
d3d10_1.dll	6.1.7600.16385	Direct3D 10.1 Runtime
d3d10_1core.dll	6.1.7601.17514	Direct3D 10.1 Runtime
d3d10core.dll	6.1.7600.16385	Direct3D 10 Runtime
d3d10level9.dll	6.1.7601.17514	Direct3D 10 to Direct3D9 Translation Runtime
d3d10warp.dll	6.1.7601.17514	Direct3D 10 Rasterizer
d3d11.dll	6.1.7601.17514	Direct3D 11 Runtime
d3d8.dll	6.1.7600.16385	Microsoft Direct3D
d3d8thk.dll	6.1.7600.16385	Microsoft Direct3D OS Thunk Layer
d3d9.dll	6.1.7601.17514	Direct3D 9 Runtime
d3dim.dll	6.1.7600.16385	Microsoft Direct3D
d3dim700.dll	6.1.7600.16385	Microsoft Direct3D
d3dramp.dll	6.1.7600.16385	Microsoft Direct3D
d3dxof.dll	6.1.7600.16385	DirectX Files DLL
dataclen.dll	6.1.7600.16385	Disk Space Cleaner for Windows
davclnt.dll	6.1.7601.17514	Web DAV Client DLL
davhlpr.dll	6.1.7600.16385	DAV Helper DLL
dbgeng.dll	6.1.7601.17514	Windows Symbolic Debugger Engine
dbghelp.dll	6.1.7601.17514	Windows Image Helper
dbnetlib.dll	6.1.7600.16385	Winsock Oriented Net DLL for SQL Clients
dbnmpntw.dll	6.1.7600.16385	Named Pipes Net DLL for SQL Clients
dciman32.dll	6.1.7600.16385	DCI Manager
ddaclsys.dll	6.1.7600.16385	SysPrep module for Reseting Data Drive ACL
ddoiproxy.dll	6.1.7600.16385	DDOI Interface Proxy
ddores.dll	6.1.7600.16385	Device Category information and resources
ddraw.dll	6.1.7600.16385	Microsoft DirectDraw
ddrawex.dll	6.1.7600.16385	Direct Draw Ex
defaultlocationcpl.dll	6.1.7601.17514	Default Location Control Panel
deskadp.dll	6.1.7600.16385	Advanced display adapter properties
deskmon.dll	6.1.7600.16385	Advanced display monitor properties
deskperf.dll	6.1.7600.16385	Advanced display performance properties
devenum.dll	6.6.7600.16385	Device enumeration.
devicecenter.dll	6.1.7601.17514	Device Center
devicedisplaystatusmanager.dll	6.1.7600.16385	Device Display Status Manager
devicemetadataparsers.dll	6.1.7600.16385	Common Device Metadata parsers
devicepairing.dll	6.1.7600.16385	Shell extensions for Device Pairing
devicepairingfolder.dll	6.1.7601.17514	Device Pairing Folder
devicepairinghandler.dll	6.1.7600.16385	Device Pairing Handler Dll
devicepairingproxy.dll	6.1.7600.16385	Device Pairing Proxy Dll
deviceuxres.dll	6.1.7600.16385	Windows Device User Experience Resource File
devmgr.dll	6.1.7600.16385	Device Manager MMC Snapin
devobj.dll	6.1.7600.16385	Device Information Set DLL
devrtl.dll	6.1.7600.16385	Device Management Run Time Library
dfscli.dll	6.1.7600.16385	Windows NT Distributed File System Client DLL
dfshim.dll	4.0.40305.0	ClickOnce Application Deployment Support Library
dfsshlex.dll	6.1.7600.16385	Distributed File System shell extension
dhcpcmonitor.dll	6.1.7600.16385	DHCP Client Monitor Dll
dhcpcore.dll	6.1.7601.17514	DHCP Client Service
dhcpcore6.dll	6.1.7600.16385	DHCPv6 Client
dhcpcsvc.dll	6.1.7600.16385	DHCP Client Service
dhcpcsvc6.dll	6.1.7600.16385	DHCPv6 Client
dhcpqec.dll	6.1.7600.16385	Microsoft DHCP NAP Enforcement Client
dhcpsapi.dll	6.1.7600.16385	DHCP Server API Stub DLL
difxapi.dll	2.1.0.0	Driver Install Frameworks for API library module
dimsjob.dll	6.1.7600.16385	DIMS Job DLL
dimsroam.dll	6.1.7600.16385	Key Roaming DIMS Provider DLL
dinput.dll	6.1.7600.16385	Microsoft DirectInput
dinput8.dll	6.1.7600.16385	Microsoft DirectInput
directdb.dll	6.1.7600.16385	Microsoft Direct Database API
diskcopy.dll	6.1.7600.16385	Windows DiskCopy
dispex.dll	5.8.7600.16385	Microsoft ® DispEx
display.dll	6.1.7601.17514	Display Control Panel
dmband.dll	6.1.7600.16385	Microsoft DirectMusic Band
dmcompos.dll	6.1.7600.16385	Microsoft DirectMusic Composer
dmdlgs.dll	6.1.7600.16385	Disk Management Snap-in Dialogs
dmdskmgr.dll	6.1.7600.16385	Disk Management Snap-in Support Library
dmdskres.dll	6.1.7600.16385	Disk Management Snap-in Resources
dmdskres2.dll	6.1.7600.16385	Disk Management Snap-in Resources
dmime.dll	6.1.7600.16385	Microsoft DirectMusic Interactive Engine
dmintf.dll	6.1.7600.16385	Disk Management DCOM Interface Stub
dmloader.dll	6.1.7600.16385	Microsoft DirectMusic Loader
dmocx.dll	6.1.7600.16385	TreeView OCX
dmrc.dll	6.1.7600.16385	Windows MRC
dmscript.dll	6.1.7600.16385	Microsoft DirectMusic Scripting
dmstyle.dll	6.1.7600.16385	Microsoft DirectMusic Style Engline
dmsynth.dll	6.1.7600.16385	Microsoft DirectMusic Software Synthesizer
dmusic.dll	6.1.7600.16385	Microsoft DirectMusic Core Services
dmutil.dll	6.1.7600.16385	Logical Disk Manager Utility Library
dmvdsitf.dll	6.1.7600.16385	Disk Management Snap-in Support Library
dnsapi.dll	6.1.7601.17514	DNS Client API DLL
dnscmmc.dll	6.1.7601.17514	DNS Client MMC Snap-in DLL
docprop.dll	6.1.7600.16385	OLE DocFile Property Page
dot3api.dll	6.1.7601.17514	802.3 Autoconfiguration API
dot3cfg.dll	6.1.7601.17514	802.3 Netsh Helper
dot3dlg.dll	6.1.7600.16385	802.3 UI Helper
dot3gpclnt.dll	6.1.7600.16385	802.3 Group Policy Client
dot3gpui.dll	6.1.7600.16385	802.3 Network Policy Management Snap-in
dot3hc.dll	6.1.7600.16385	Dot3 Helper Class
dot3msm.dll	6.1.7601.17514	802.3 Media Specific Module
dot3ui.dll	6.1.7601.17514	802.3 Advanced UI
dpapiprovider.dll	6.1.7600.16385	dpapiprovider DLL
dplayx.dll	6.1.7600.16385	Microsoft DirectPlay
dpmodemx.dll	6.1.7600.16385	Modem and Serial Connection For DirectPlay
dpnaddr.dll	6.1.7601.17514	Microsoft DirectPlay8 Address
dpnathlp.dll	6.1.7600.16385	Microsoft DirectPlay NAT Helper UPnP
dpnet.dll	6.1.7600.16385	Microsoft DirectPlay
dpnhpast.dll	6.1.7600.16385	Microsoft DirectPlay NAT Helper PAST
dpnhupnp.dll	6.1.7600.16385	Microsoft DirectPlay NAT Helper UPNP
dpnlobby.dll	6.1.7600.16385	Microsoft DirectPlay8 Lobby
dpwsockx.dll	6.1.7600.16385	Internet TCP/IP and IPX Connection For DirectPlay
dpx.dll	6.1.7601.17514	Microsoft(R) Delta Package Expander
drmmgrtn.dll	11.0.7601.17514	DRM Migration DLL
drmv2clt.dll	11.0.7600.16385	DRMv2 Client DLL
drprov.dll	6.1.7600.16385	Microsoft Remote Desktop Session Host Server Network Provider
drt.dll	6.1.7600.16385	Distributed Routing Table
drtprov.dll	6.1.7600.16385	Distributed Routing Table Providers
drttransport.dll	6.1.7600.16385	Distributed Routing Table Transport Provider
drvstore.dll	6.1.7601.17514	Driver Store API
ds32gt.dll	6.1.7600.16385	ODBC Driver Setup Generic Thunk
dsauth.dll	6.1.7601.17514	DS Authorization for Services
dsdmo.dll	6.1.7600.16385	DirectSound Effects
dshowrdpfilter.dll	1.0.0.0	RDP Renderer Filter (redirector)
dskquota.dll	6.1.7600.16385	Windows Shell Disk Quota Support DLL
dskquoui.dll	6.1.7601.17514	Windows Shell Disk Quota UI DLL
dsound.dll	6.1.7600.16385	DirectSound
dsprop.dll	6.1.7600.16385	Windows Active Directory Property Pages
dsquery.dll	6.1.7600.16385	Directory Service Find
dsrole.dll	6.1.7600.16385	DS Role Client DLL
dssec.dll	6.1.7600.16385	Directory Service Security UI
dssenh.dll	6.1.7600.16385	Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
dsuiext.dll	6.1.7601.17514	Directory Service Common UI
dswave.dll	6.1.7600.16385	Microsoft DirectMusic Wave
dtsh.dll	6.1.7600.16385	Detection and Sharing Status API
dui70.dll	6.1.7600.16385	Windows DirectUI Engine
duser.dll	6.1.7600.16385	Windows DirectUser Engine
dwmapi.dll	6.1.7600.16385	Microsoft Desktop Window Manager API
dwmcore.dll	6.1.7601.17514	Microsoft DWM Core Library
dwrite.dll	6.1.7601.17514	Microsoft DirectX Typography Services
dxdiagn.dll	6.1.7601.17514	Microsoft DirectX Diagnostic Tool
dxgi.dll	6.1.7601.17514	DirectX Graphics Infrastructure
dxmasf.dll	12.0.7601.17514	Microsoft Windows Media Component Removal File.
dxptaskringtone.dll	6.1.7601.17514	Microsoft Ringtone Editor
dxptasksync.dll	6.1.7601.17514	Microsoft Windows DXP Sync.
dxtmsft.dll	8.0.7600.16385	DirectX Media -- Image DirectX Transforms
dxtrans.dll	8.0.7600.16385	DirectX Media -- DirectX Transform Core
dxva2.dll	6.1.7600.16385	DirectX Video Acceleration 2.0 DLL
eapp3hst.dll	6.1.7601.17514	Microsoft ThirdPartyEapDispatcher
eappcfg.dll	6.1.7600.16385	Eap Peer Config
eappgnui.dll	6.1.7601.17514	EAP Generic UI
eapphost.dll	6.1.7601.17514	Microsoft EAPHost Peer service
eappprxy.dll	6.1.7600.16385	Microsoft EAPHost Peer Client DLL
eapqec.dll	6.1.7600.16385	Microsoft EAP NAP Enforcement Client
efsadu.dll	6.1.7600.16385	File Encryption Utility
efscore.dll	6.1.7601.17514	EFS Core Library
efsutil.dll	6.1.7600.16385	EFS Utility Library
ehstorapi.dll	6.1.7601.17514	Windows Enhanced Storage API
ehstorpwdmgr.dll	6.1.7600.16385	Windows Enhanced Storage Password Manager
ehstorshell.dll	6.1.7600.16385	Windows Enhanced Storage Shell Extension DLL
els.dll	6.1.7600.16385	Event Viewer Snapin
elscore.dll	6.1.7600.16385	Els Core Platform DLL
elslad.dll	6.1.7600.16385	ELS Language Detection
elstrans.dll	6.1.7601.17514	ELS Transliteration Service
encapi.dll	6.1.7600.16385	Encoder API
encdec.dll	6.6.7601.17514	XDSCodec & Encypter/Decrypter Tagger Filters.
eqossnap.dll	6.1.7600.16385	EQoS Snapin extension
es.dll	2001.12.8530.16385	COM+
esent.dll	6.1.7601.17514	Extensible Storage Engine for Microsoft(R) Windows(R)
esentprf.dll	6.1.7600.16385	Extensible Storage Engine Performance Monitoring Library for Microsoft(R) Windows(R)
eventcls.dll	6.1.7600.16385	Microsoft® Volume Shadow Copy Service event class
evr.dll	6.1.7601.17514	Enhanced Video Renderer DLL
explorerframe.dll	6.1.7601.17514	ExplorerFrame
expsrv.dll	6.0.72.9589	Visual Basic for Applications Runtime - Expression Service
f3ahvoas.dll	6.1.7600.16385	JP Japanese Keyboard Layout for Fujitsu FMV oyayubi-shift keyboard
faultrep.dll	6.1.7601.17514	Windows User Mode Crash Reporting DLL
fdbth.dll	6.1.7600.16385	Function Discovery Bluetooth Provider Dll
fdbthproxy.dll	6.1.7600.16385	Bluetooth Provider Proxy Dll
fde.dll	6.1.7601.17514	Folder Redirection Snapin Extension
fdeploy.dll	6.1.7601.17514	Folder Redirection Group Policy Extension
fdpnp.dll	6.1.7600.16385	Pnp Provider Dll
fdproxy.dll	6.1.7600.16385	Function Discovery Proxy Dll
fdssdp.dll	6.1.7600.16385	Function Discovery SSDP Provider Dll
fdwcn.dll	6.1.7600.16385	Windows Connect Now - Config Function Discovery Provider DLL
fdwnet.dll	6.1.7600.16385	Function Discovery WNet Provider Dll
fdwsd.dll	6.1.7600.16385	Function Discovery WS Discovery Provider Dll
feclient.dll	6.1.7600.16385	Windows NT File Encryption Client Interfaces
filemgmt.dll	6.1.7600.16385	Services and Shared Folders
findnetprinters.dll	6.1.7600.16385	Find Network Printers COM Component
firewallapi.dll	6.1.7600.16385	Windows Firewall API
firewallcontrolpanel.dll	6.1.7601.17514	Windows Firewall Control Panel
fltlib.dll	6.1.7600.16385	Filter Library
fmifs.dll	6.1.7600.16385	FM IFS Utility DLL
fms.dll	1.1.6000.16384	Font Management Services
fontext.dll	6.1.7601.17514	Windows Font Folder
fontsub.dll	6.1.7601.17514	Font Subsetting DLL
fphc.dll	6.1.7601.17514	Filtering Platform Helper Class
framedyn.dll	6.1.7601.17514	WMI SDK Provider Framework
framedynos.dll	6.1.7601.17514	WMI SDK Provider Framework
fthsvc.dll	6.1.7600.16385	Microsoft Windows Fault Tolerant Heap Diagnostic Module
fundisc.dll	6.1.7600.16385	Function Discovery Dll
fwcfg.dll	6.1.7600.16385	Windows Firewall Configuration Helper
fwpuclnt.dll	6.1.7601.17514	FWP/IPsec User-Mode API
fwremotesvr.dll	6.1.7600.16385	Windows Firewall Remote APIs Server
fxsapi.dll	6.1.7600.16385	Microsoft Fax API Support DLL
fxscom.dll	6.1.7600.16385	Microsoft Fax Server COM Client Interface
fxscomex.dll	6.1.7600.16385	Microsoft Fax Server Extended COM Client Interface
fxsext32.dll	6.1.7600.16385	Microsoft Fax Exchange Command Extension
fxsresm.dll	6.1.7600.16385	Microsoft Fax Resource DLL
fxsxp32.dll	6.1.7600.16385	Microsoft Fax Transport Provider
gameux.dll	6.1.7601.17514	Games Explorer
gameuxlegacygdfs.dll	1.0.0.1	Legacy GDF resource DLL
gcdef.dll	6.1.7600.16385	Game Controllers Default Sheets
gdi32.dll	6.1.7601.17514	GDI Client DLL
getuname.dll	6.1.7600.16385	Unicode name Dll for UCE
glmf32.dll	6.1.7600.16385	OpenGL Metafiling DLL
glu32.dll	6.1.7600.16385	OpenGL Utility Library DLL
gpapi.dll	6.1.7600.16385	Group Policy Client API
gpedit.dll	6.1.7600.16385	GPEdit
gpprefcl.dll	6.1.7601.17514	Group Policy Preference Client
gpprnext.dll	6.1.7600.16385	Group Policy Printer Extension
gpscript.dll	6.1.7600.16385	Script Client Side Extension
gptext.dll	6.1.7600.16385	GPTExt
hbaapi.dll	6.1.7601.17514	HBA API data interface dll for HBA_API_Rev_2-18_2002MAR1.doc
hcproviders.dll	6.1.7600.16385	Action Center Providers
helppaneproxy.dll	6.1.7600.16385	Microsoft® Help Proxy
hgcpl.dll	6.1.7601.17514	HomeGroup Control Panel
hhsetup.dll	6.1.7600.16385	Microsoft® HTML Help
hid.dll	6.1.7600.16385	Hid User Library
hidserv.dll	6.1.7600.16385	HID Service
hlink.dll	6.1.7600.16385	Microsoft Office 2000 component
hnetcfg.dll	6.1.7600.16385	Home Networking Configuration Manager
hnetmon.dll	6.1.7600.16385	Home Networking Monitor DLL
httpapi.dll	6.1.7601.17514	HTTP Protocol Stack API
htui.dll	6.1.7600.16385	Common halftone Color Adjustment Dialogs
ias.dll	6.1.7600.16385	Network Policy Server
iasacct.dll	6.1.7601.17514	NPS Accounting Provider
iasads.dll	6.1.7600.16385	NPS Active Directory Data Store
iasdatastore.dll	6.1.7600.16385	NPS Datastore server
iashlpr.dll	6.1.7600.16385	NPS Surrogate Component
iasmigplugin.dll	6.1.7600.16385	NPS Migration DLL
iasnap.dll	6.1.7600.16385	NPS NAP Provider
iaspolcy.dll	6.1.7600.16385	NPS Pipeline
iasrad.dll	6.1.7601.17514	NPS RADIUS Protocol Component
iasrecst.dll	6.1.7601.17514	NPS XML Datastore Access
iassam.dll	6.1.7600.16385	NPS NT SAM Provider
iassdo.dll	6.1.7600.16385	NPS SDO Component
iassvcs.dll	6.1.7600.16385	NPS Services Component
icardie.dll	8.0.7600.16385	Microsoft Information Card IE Helper
icardres.dll	3.0.4506.4926	Windows CardSpace
iccvid.dll	1.10.0.13	Cinepak® Codec
icm32.dll	6.1.7600.16385	Microsoft Color Management Module (CMM)
icmp.dll	6.1.7600.16385	ICMP DLL
icmui.dll	6.1.7600.16385	Microsoft Color Matching System User Interface DLL
iconcodecservice.dll	6.1.7600.16385	Converts a PNG part of the icon to a legacy bmp icon
icsigd.dll	6.1.7600.16385	Internet Gateway Device properties
idndl.dll	6.1.7600.16385	Downlevel DLL
idstore.dll	6.1.7600.16385	Identity Store
ieakeng.dll	8.0.7600.16385	Internet Explorer Administration Kit Engine Library
ieaksie.dll	8.0.7600.16385	Internet Explorer Snap-in Extension to Group Policy
ieakui.dll	8.0.7600.16385	Microsoft IEAK Shared UI DLL
ieapfltr.dll	8.0.6001.18669	Microsoft SmartScreen Filter
iedkcs32.dll	18.0.7601.17514	IEAK branding
ieframe.dll	8.0.7601.17514	Internet Browser
iepeers.dll	8.0.7601.17514	Internet Explorer Peer Objects
iernonce.dll	8.0.7600.16385	Extended RunOnce processing with UI
iertutil.dll	8.0.7601.17514	Run time utility for Internet Explorer
iesetup.dll	8.0.7600.16385	IOD Version Map
iesysprep.dll	8.0.7601.17514	IE Sysprep Provider
ieui.dll	8.0.7600.16385	Internet Explorer UI Engine
ifmon.dll	6.1.7600.16385	IF Monitor DLL
ifsutil.dll	6.1.7601.17514	IFS Utility DLL
ifsutilx.dll	6.1.7600.16385	IFS Utility Extension DLL
imagehlp.dll	6.1.7601.17514	Windows NT Image Helper
imageres.dll	6.1.7600.16385	Windows Image Resource
imagesp1.dll	6.1.7600.16385	Windows SP1 Image Resource
imapi.dll	6.1.7600.16385	Image Mastering API
imapi2.dll	6.1.7601.17514	Image Mastering API v2
imapi2fs.dll	6.1.7601.17514	Image Mastering File System Imaging API v2
imgutil.dll	8.0.7601.17514	IE plugin image decoder support DLL
imjp10k.dll	10.1.7600.16385	Microsoft IME
imm32.dll	6.1.7601.17514	Multi-User Windows IMM32 API Client DLL
inetcomm.dll	6.1.7601.17514	Microsoft Internet Messaging API Resources
inetmib1.dll	6.1.7601.17514	Microsoft MIB-II subagent
inetres.dll	6.1.7600.16385	Microsoft Internet Messaging API Resources
infocardapi.dll	3.0.4506.4926	Microsoft InfoCards
inked.dll	6.1.7600.16385	Microsoft Tablet PC InkEdit Control
input.dll	6.1.7601.17514	InputSetting DLL
inseng.dll	8.0.7601.17514	Install engine
iologmsg.dll	6.1.7600.16385	IO Logging DLL
ipbusenumproxy.dll	6.1.7600.16385	Associated Device Presence Proxy Dll
iphlpapi.dll	6.1.7601.17514	IP Helper API
iprop.dll	6.1.7600.16385	OLE PropertySet Implementation
iprtprio.dll	6.1.7600.16385	IP Routing Protocol Priority DLL
iprtrmgr.dll	6.1.7601.17514	IP Router Manager
ipsecsnp.dll	6.1.7600.16385	IP Security Policy Management Snap-in
ipsmsnap.dll	6.1.7601.17514	IP Security Monitor Snap-in
ir32_32.dll	3.24.15.3	Intel Indeo(R) Video R3.2 32-bit Driver
ir41_qc.dll	4.30.62.2	Intel Indeo® Video Interactive Quick Compressor
ir41_qcx.dll	4.30.62.2	Intel Indeo® Video Interactive Quick Compressor
ir50_32.dll	5.2562.15.55	Intel Indeo® video 5.10
ir50_qc.dll	5.0.63.48	Intel Indeo® video 5.10 Quick Compressor
ir50_qcx.dll	5.0.63.48	Intel Indeo® video 5.10 Quick Compressor
irclass.dll	6.1.7600.16385	Infrared Class Coinstaller
iscsicpl.dll	5.2.3790.1830	iSCSI Initiator Control Panel Applet
iscsidsc.dll	6.1.7600.16385	iSCSI Discovery api
iscsied.dll	6.1.7600.16385	iSCSI Extension DLL
iscsium.dll	6.1.7601.17514	iSCSI Discovery api
iscsiwmi.dll	6.1.7600.16385	MS iSCSI Initiator WMI Provider
itircl.dll	6.1.7601.17514	Microsoft® InfoTech IR Local DLL
itss.dll	6.1.7600.16385	Microsoft® InfoTech Storage System Library
itvdata.dll	6.6.7601.17514	iTV Data Filters.
iyuv_32.dll	6.1.7601.17514	Intel Indeo(R) Video YUV Codec
jscript.dll	5.8.7601.17514	Microsoft ® JScript
jsproxy.dll	8.0.7600.16385	JScript Proxy Auto-Configuration
kbd101.dll	6.1.7600.16385	JP Japanese Keyboard Layout for 101
kbd101a.dll	6.1.7600.16385	KO Hangeul Keyboard Layout for 101 (Type A)
kbd101b.dll	6.1.7600.16385	KO Hangeul Keyboard Layout for 101(Type B)
kbd101c.dll	6.1.7600.16385	KO Hangeul Keyboard Layout for 101(Type C)
kbd103.dll	6.1.7600.16385	KO Hangeul Keyboard Layout for 103
kbd106.dll	6.1.7600.16385	JP Japanese Keyboard Layout for 106
kbd106n.dll	6.1.7600.16385	JP Japanese Keyboard Layout for 106
kbda1.dll	6.1.7600.16385	Arabic_English_101 Keyboard Layout
kbda2.dll	6.1.7600.16385	Arabic_2 Keyboard Layout
kbda3.dll	6.1.7600.16385	Arabic_French_102 Keyboard Layout
kbdal.dll	6.1.7600.16385	Albania Keyboard Layout
kbdarme.dll	6.1.7600.16385	Eastern Armenian Keyboard Layout
kbdarmw.dll	6.1.7600.16385	Western Armenian Keyboard Layout
kbdax2.dll	6.1.7600.16385	JP Japanese Keyboard Layout for AX2
kbdaze.dll	6.1.7600.16385	Azerbaijan_Cyrillic Keyboard Layout
kbdazel.dll	6.1.7600.16385	Azeri-Latin Keyboard Layout
kbdbash.dll	6.1.7601.17514	Bashkir Keyboard Layout
kbdbe.dll	6.1.7600.16385	Belgian Keyboard Layout
kbdbene.dll	6.1.7600.16385	Belgian Dutch Keyboard Layout
kbdbgph.dll	6.1.7600.16385	Bulgarian Phonetic Keyboard Layout
kbdbgph1.dll	6.1.7600.16385	Bulgarian (Phonetic Traditional) Keyboard Layout
kbdbhc.dll	6.1.7600.16385	Bosnian (Cyrillic) Keyboard Layout
kbdblr.dll	6.1.7601.17514	Belarusian Keyboard Layout
kbdbr.dll	6.1.7600.16385	Brazilian Keyboard Layout
kbdbu.dll	6.1.7600.16385	Bulgarian (Typewriter) Keyboard Layout
kbdbulg.dll	6.1.7601.17514	Bulgarian Keyboard Layout
kbdca.dll	6.1.7600.16385	Canadian Multilingual Keyboard Layout
kbdcan.dll	6.1.7600.16385	Canadian Multilingual Standard Keyboard Layout
kbdcr.dll	6.1.7600.16385	Croatian/Slovenian Keyboard Layout
kbdcz.dll	6.1.7600.16385	Czech Keyboard Layout
kbdcz1.dll	6.1.7601.17514	Czech_101 Keyboard Layout
kbdcz2.dll	6.1.7600.16385	Czech_Programmer's Keyboard Layout
kbdda.dll	6.1.7600.16385	Danish Keyboard Layout
kbddiv1.dll	6.1.7600.16385	Divehi Phonetic Keyboard Layout
kbddiv2.dll	6.1.7600.16385	Divehi Typewriter Keyboard Layout
kbddv.dll	6.1.7600.16385	Dvorak US English Keyboard Layout
kbdes.dll	6.1.7600.16385	Spanish Alernate Keyboard Layout
kbdest.dll	6.1.7600.16385	Estonia Keyboard Layout
kbdfa.dll	6.1.7600.16385	Persian Keyboard Layout
kbdfc.dll	6.1.7600.16385	Canadian French Keyboard Layout
kbdfi.dll	6.1.7600.16385	Finnish Keyboard Layout
kbdfi1.dll	6.1.7600.16385	Finnish-Swedish with Sami Keyboard Layout
kbdfo.dll	6.1.7600.16385	Færoese Keyboard Layout
kbdfr.dll	6.1.7600.16385	French Keyboard Layout
kbdgae.dll	6.1.7600.16385	Gaelic Keyboard Layout
kbdgeo.dll	6.1.7601.17514	Georgian Keyboard Layout
kbdgeoer.dll	6.1.7600.16385	Georgian (Ergonomic) Keyboard Layout
kbdgeoqw.dll	6.1.7600.16385	Georgian (QWERTY) Keyboard Layout
kbdgkl.dll	6.1.7601.17514	Greek_Latin Keyboard Layout
kbdgr.dll	6.1.7600.16385	German Keyboard Layout
kbdgr1.dll	6.1.7601.17514	German_IBM Keyboard Layout
kbdgrlnd.dll	6.1.7600.16385	Greenlandic Keyboard Layout
kbdhau.dll	6.1.7600.16385	Hausa Keyboard Layout
kbdhe.dll	6.1.7600.16385	Greek Keyboard Layout
kbdhe220.dll	6.1.7600.16385	Greek IBM 220 Keyboard Layout
kbdhe319.dll	6.1.7600.16385	Greek IBM 319 Keyboard Layout
kbdheb.dll	6.1.7600.16385	KBDHEB Keyboard Layout
kbdhela2.dll	6.1.7600.16385	Greek IBM 220 Latin Keyboard Layout
kbdhela3.dll	6.1.7600.16385	Greek IBM 319 Latin Keyboard Layout
kbdhept.dll	6.1.7600.16385	Greek_Polytonic Keyboard Layout
kbdhu.dll	6.1.7600.16385	Hungarian Keyboard Layout
kbdhu1.dll	6.1.7600.16385	Hungarian 101-key Keyboard Layout
kbdibm02.dll	6.1.7600.16385	JP Japanese Keyboard Layout for IBM 5576-002/003
kbdibo.dll	6.1.7600.16385	Igbo Keyboard Layout
kbdic.dll	6.1.7600.16385	Icelandic Keyboard Layout
kbdinasa.dll	6.1.7600.16385	Assamese (Inscript) Keyboard Layout
kbdinbe1.dll	6.1.7600.16385	Bengali - Inscript (Legacy) Keyboard Layout
kbdinbe2.dll	6.1.7600.16385	Bengali (Inscript) Keyboard Layout
kbdinben.dll	6.1.7601.17514	Bengali Keyboard Layout
kbdindev.dll	6.1.7600.16385	Devanagari Keyboard Layout
kbdinguj.dll	6.1.7600.16385	Gujarati Keyboard Layout
kbdinhin.dll	6.1.7601.17514	Hindi Keyboard Layout
kbdinkan.dll	6.1.7601.17514	Kannada Keyboard Layout
kbdinmal.dll	6.1.7600.16385	Malayalam Keyboard Layout Keyboard Layout
kbdinmar.dll	6.1.7601.17514	Marathi Keyboard Layout
kbdinori.dll	6.1.7601.17514	Oriya Keyboard Layout
kbdinpun.dll	6.1.7600.16385	Punjabi/Gurmukhi Keyboard Layout
kbdintam.dll	6.1.7601.17514	Tamil Keyboard Layout
kbdintel.dll	6.1.7601.17514	Telugu Keyboard Layout
kbdinuk2.dll	6.1.7600.16385	Inuktitut Naqittaut Keyboard Layout
kbdir.dll	6.1.7600.16385	Irish Keyboard Layout
kbdit.dll	6.1.7600.16385	Italian Keyboard Layout
kbdit142.dll	6.1.7600.16385	Italian 142 Keyboard Layout
kbdiulat.dll	6.1.7600.16385	Inuktitut Latin Keyboard Layout
kbdjpn.dll	6.1.7600.16385	JP Japanese Keyboard Layout Stub driver
kbdkaz.dll	6.1.7600.16385	Kazak_Cyrillic Keyboard Layout
kbdkhmr.dll	6.1.7600.16385	Cambodian Standard Keyboard Layout
kbdkor.dll	6.1.7600.16385	KO Hangeul Keyboard Layout Stub driver
kbdkyr.dll	6.1.7600.16385	Kyrgyz Keyboard Layout
kbdla.dll	6.1.7600.16385	Latin-American Spanish Keyboard Layout
kbdlao.dll	6.1.7600.16385	Lao Standard Keyboard Layout
kbdlk41a.dll	6.1.7601.17514	DEC LK411-AJ Keyboard Layout
kbdlt.dll	6.1.7600.16385	Lithuania Keyboard Layout
kbdlt1.dll	6.1.7601.17514	Lithuanian Keyboard Layout
kbdlt2.dll	6.1.7600.16385	Lithuanian Standard Keyboard Layout
kbdlv.dll	6.1.7600.16385	Latvia Keyboard Layout
kbdlv1.dll	6.1.7600.16385	Latvia-QWERTY Keyboard Layout
kbdmac.dll	6.1.7600.16385	Macedonian (FYROM) Keyboard Layout
kbdmacst.dll	6.1.7600.16385	Macedonian (FYROM) - Standard Keyboard Layout
kbdmaori.dll	6.1.7601.17514	Maori Keyboard Layout
kbdmlt47.dll	6.1.7600.16385	Maltese 47-key Keyboard Layout
kbdmlt48.dll	6.1.7600.16385	Maltese 48-key Keyboard Layout
kbdmon.dll	6.1.7601.17514	Mongolian Keyboard Layout
kbdmonmo.dll	6.1.7600.16385	Mongolian (Mongolian Script) Keyboard Layout
kbdne.dll	6.1.7600.16385	Dutch Keyboard Layout
kbdnec.dll	6.1.7600.16385	JP Japanese Keyboard Layout for (NEC PC-9800)
kbdnec95.dll	6.1.7600.16385	JP Japanese Keyboard Layout for (NEC PC-9800 Windows 95)
kbdnecat.dll	6.1.7600.16385	JP Japanese Keyboard Layout for (NEC PC-9800 on PC98-NX)
kbdnecnt.dll	6.1.7600.16385	JP Japanese NEC PC-9800 Keyboard Layout
kbdnepr.dll	6.1.7601.17514	Nepali Keyboard Layout
kbdno.dll	6.1.7600.16385	Norwegian Keyboard Layout
kbdno1.dll	6.1.7600.16385	Norwegian with Sami Keyboard Layout
kbdnso.dll	6.1.7600.16385	Sesotho sa Leboa Keyboard Layout
kbdpash.dll	6.1.7600.16385	Pashto (Afghanistan) Keyboard Layout
kbdpl.dll	6.1.7600.16385	Polish Keyboard Layout
kbdpl1.dll	6.1.7600.16385	Polish Programmer's Keyboard Layout
kbdpo.dll	6.1.7601.17514	Portuguese Keyboard Layout
kbdro.dll	6.1.7600.16385	Romanian (Legacy) Keyboard Layout
kbdropr.dll	6.1.7600.16385	Romanian (Programmers) Keyboard Layout
kbdrost.dll	6.1.7600.16385	Romanian (Standard) Keyboard Layout
kbdru.dll	6.1.7600.16385	Russian Keyboard Layout
kbdru1.dll	6.1.7600.16385	Russia(Typewriter) Keyboard Layout
kbdsf.dll	6.1.7601.17514	Swiss French Keyboard Layout
kbdsg.dll	6.1.7601.17514	Swiss German Keyboard Layout
kbdsl.dll	6.1.7600.16385	Slovak Keyboard Layout
kbdsl1.dll	6.1.7600.16385	Slovak(QWERTY) Keyboard Layout
kbdsmsfi.dll	6.1.7600.16385	Sami Extended Finland-Sweden Keyboard Layout
kbdsmsno.dll	6.1.7600.16385	Sami Extended Norway Keyboard Layout
kbdsn1.dll	6.1.7600.16385	Sinhala Keyboard Layout
kbdsorex.dll	6.1.7600.16385	Sorbian Extended Keyboard Layout
kbdsors1.dll	6.1.7600.16385	Sorbian Standard Keyboard Layout
kbdsorst.dll	6.1.7600.16385	Sorbian Standard (Legacy) Keyboard Layout
kbdsp.dll	6.1.7600.16385	Spanish Keyboard Layout
kbdsw.dll	6.1.7600.16385	Swedish Keyboard Layout
kbdsw09.dll	6.1.7600.16385	Sinhala - Wij 9 Keyboard Layout
kbdsyr1.dll	6.1.7600.16385	Syriac Standard Keyboard Layout
kbdsyr2.dll	6.1.7600.16385	Syriac Phoenetic Keyboard Layout
kbdtajik.dll	6.1.7601.17514	Tajik Keyboard Layout
kbdtat.dll	6.1.7600.16385	Tatar_Cyrillic Keyboard Layout
kbdth0.dll	6.1.7600.16385	Thai Kedmanee Keyboard Layout
kbdth1.dll	6.1.7600.16385	Thai Pattachote Keyboard Layout
kbdth2.dll	6.1.7600.16385	Thai Kedmanee (non-ShiftLock) Keyboard Layout
kbdth3.dll	6.1.7600.16385	Thai Pattachote (non-ShiftLock) Keyboard Layout
kbdtiprc.dll	6.1.7600.16385	Tibetan (PRC) Keyboard Layout
kbdtuf.dll	6.1.7601.17514	Turkish F Keyboard Layout
kbdtuq.dll	6.1.7601.17514	Turkish Q Keyboard Layout
kbdturme.dll	6.1.7601.17514	Turkmen Keyboard Layout
kbdughr.dll	6.1.7600.16385	Uyghur (Legacy) Keyboard Layout
kbdughr1.dll	6.1.7601.17514	Uyghur Keyboard Layout
kbduk.dll	6.1.7600.16385	United Kingdom Keyboard Layout
kbdukx.dll	6.1.7600.16385	United Kingdom Extended Keyboard Layout
kbdur.dll	6.1.7600.16385	Ukrainian Keyboard Layout
kbdur1.dll	6.1.7600.16385	Ukrainian (Enhanced) Keyboard Layout
kbdurdu.dll	6.1.7600.16385	Urdu Keyboard Layout
kbdus.dll	6.1.7601.17514	United States Keyboard Layout
kbdusa.dll	6.1.7600.16385	US IBM Arabic 238_L Keyboard Layout
kbdusl.dll	6.1.7600.16385	Dvorak Left-Hand US English Keyboard Layout
kbdusr.dll	6.1.7600.16385	Dvorak Right-Hand US English Keyboard Layout
kbdusx.dll	6.1.7600.16385	US Multinational Keyboard Layout
kbduzb.dll	6.1.7600.16385	Uzbek_Cyrillic Keyboard Layout
kbdvntc.dll	6.1.7600.16385	Vietnamese Keyboard Layout
kbdwol.dll	6.1.7600.16385	Wolof Keyboard Layout
kbdyak.dll	6.1.7600.16385	Yakut - Russia Keyboard Layout
kbdyba.dll	6.1.7600.16385	Yoruba Keyboard Layout
kbdycc.dll	6.1.7600.16385	Serbian (Cyrillic) Keyboard Layout
kbdycl.dll	6.1.7600.16385	Serbian (Latin) Keyboard Layout
kerberos.dll	6.1.7601.17514	Kerberos Security Package
kernel32.dll	6.1.7601.17514	Windows NT BASE API Client DLL
kernelbase.dll	6.1.7601.17514	Windows NT BASE API Client DLL
keyiso.dll	6.1.7600.16385	CNG Key Isolation Service
keymgr.dll	6.1.7600.16385	Stored User Names and Passwords
korwbrkr.dll	6.1.7600.16385	korwbrkr
ksuser.dll	6.1.7600.16385	User CSA Library
ktmw32.dll	6.1.7600.16385	Windows KTM Win32 Client DLL
l2gpstore.dll	6.1.7600.16385	Policy Storage dll
l2nacp.dll	6.1.7600.16385	Windows Onex Credential Provider
l2sechc.dll	6.1.7600.16385	Layer 2 Security Diagnostics Helper Classes
laprxy.dll	12.0.7600.16385	Windows Media Logagent Proxy
licmgr10.dll	8.0.7601.17514	Microsoft® License Manager DLL
linkinfo.dll	6.1.7600.16385	Windows Volume Tracking
loadperf.dll	6.1.7600.16385	Load & Unload Performance Counters
localsec.dll	6.1.7601.17514	Local Users and Groups MMC Snapin
locationapi.dll	6.1.7600.16385	Microsoft Windows Location API
loghours.dll	6.1.7600.16385	Schedule Dialog
logoncli.dll	6.1.7601.17514	Net Logon Client DLL
lpk.dll	6.1.7600.16385	Language Pack
lsmproxy.dll	6.1.7601.17514	LSM interfaces proxy Dll
luainstall.dll	6.1.7601.17514	Lua manifest install
lz32.dll	6.1.7600.16385	LZ Expand/Compress API DLL
magnification.dll	6.1.7600.16385	Microsoft Magnification API
mapi32.dll	1.0.2536.0	Extended MAPI 1.0 for Windows NT
mapistub.dll	1.0.2536.0	Extended MAPI 1.0 for Windows NT
mcewmdrmndbootstrap.dll	1.3.2302.0	Windows® Media Center WMDRM-ND Receiver Bridge Bootstrap DLL
mciavi32.dll	6.1.7601.17514	Video For Windows MCI driver
mcicda.dll	6.1.7600.16385	MCI driver for cdaudio devices
mciqtz32.dll	6.6.7601.17514	DirectShow MCI Driver
mciseq.dll	6.1.7600.16385	MCI driver for MIDI sequencer
mciwave.dll	6.1.7600.16385	MCI driver for waveform audio
mctres.dll	6.1.7600.16385	MCT resource DLL
mdminst.dll	6.1.7600.16385	Modem Class Installer
mediametadatahandler.dll	6.1.7601.17514	Media Metadata Handler
mf.dll	12.0.7601.17514	Media Foundation DLL
mf3216.dll	6.1.7600.16385	32-bit to 16-bit Metafile Conversion DLL
mfaacenc.dll	6.1.7600.16385	Media Foundation AAC Encoder
mfc40.dll	4.1.0.6151	MFCDLL Shared Library - Retail Version
mfc40u.dll	4.1.0.6151	MFCDLL Shared Library - Retail Version
mfc42.dll	6.6.8063.0	MFCDLL Shared Library - Retail Version
mfc42u.dll	6.6.8063.0	MFCDLL Shared Library - Retail Version
mfcsubs.dll	2001.12.8530.16385	COM+
mfds.dll	12.0.7601.17514	Media Foundation Direct Show wrapper DLL
mfdvdec.dll	6.1.7600.16385	Media Foundation DV Decoder
mferror.dll	12.0.7600.16385	Media Foundation Error DLL
mfh264enc.dll	6.1.7600.16385	Media Foundation H264 Encoder
mfmjpegdec.dll	6.1.7600.16385	Media Foundation MJPEG Decoder
mfplat.dll	12.0.7600.16385	Media Foundation Platform DLL
mfplay.dll	12.0.7601.17514	Media Foundation Playback API DLL
mfps.dll	12.0.7600.16385	Media Foundation Proxy DLL
mfreadwrite.dll	12.0.7601.17514	Media Foundation ReadWrite DLL
mfvdsp.dll	6.1.7600.16385	Windows Media Foundation Video DSP Components
mfwmaaec.dll	6.1.7600.16385	Windows Media Audio AEC for Media Foundation
mgmtapi.dll	6.1.7600.16385	Microsoft SNMP Manager API (uses WinSNMP)
midimap.dll	6.1.7600.16385	Microsoft MIDI Mapper
migisol.dll	6.1.7601.17514	Migration System Isolation Layer
miguiresource.dll	6.1.7600.16385	MIG wini32 resources
mimefilt.dll	2008.0.7601.17514	MIME Filter
mlang.dll	6.1.7600.16385	Multi Language Support DLL
mmcbase.dll	6.1.7600.16385	MMC Base DLL
mmci.dll	6.1.7600.16385	Media class installer
mmcico.dll	6.1.7600.16385	Media class co-installer
mmcndmgr.dll	6.1.7601.17514	MMC Node Manager DLL
mmcshext.dll	6.1.7600.16385	MMC Shell Extension DLL
mmdevapi.dll	6.1.7601.17514	MMDevice API
mmres.dll	6.1.7600.16385	General Audio Resources
modemui.dll	6.1.7600.16385	Windows Modem Properties
moricons.dll	6.1.7600.16385	Windows NT Setup Icon Resources Library
mp3dmod.dll	6.1.7600.16385	Microsoft MP3 Decoder DMO
mp43decd.dll	6.1.7600.16385	Windows Media MPEG-4 Video Decoder
mp4sdecd.dll	6.1.7600.16385	Windows Media MPEG-4 S Video Decoder
mpg4decd.dll	6.1.7600.16385	Windows Media MPEG-4 Video Decoder
mpr.dll	6.1.7600.16385	Multiple Provider Router DLL
mprapi.dll	6.1.7601.17514	Windows NT MP Router Administration DLL
mprddm.dll	6.1.7601.17514	Demand Dial Manager Supervisor
mprdim.dll	6.1.7600.16385	Dynamic Interface Manager
mprmsg.dll	6.1.7600.16385	Multi-Protocol Router Service Messages DLL
msaatext.dll	2.0.10413.0	Active Accessibility text support
msac3enc.dll	6.1.7601.17514	Microsoft AC-3 Encoder
msacm32.dll	6.1.7600.16385	Microsoft ACM Audio Filter
msadce.dll	6.1.7601.17514	OLE DB Cursor Engine
msadcer.dll	6.1.7600.16385	OLE DB Cursor Engine Resources
msadcf.dll	6.1.7601.17514	Remote Data Services Data Factory
msadcfr.dll	6.1.7600.16385	Remote Data Services Data Factory Resources
msadco.dll	6.1.7601.17514	Remote Data Services Data Control
msadcor.dll	6.1.7600.16385	Remote Data Services Data Control Resources
msadcs.dll	6.1.7601.17514	Remote Data Services ISAPI Library
msadds.dll	6.1.7600.16385	OLE DB Data Shape Provider
msaddsr.dll	6.1.7600.16385	OLE DB Data Shape Provider Resources
msader15.dll	6.1.7600.16385	ActiveX Data Objects Resources
msado15.dll	6.1.7601.17514	ActiveX Data Objects
msadomd.dll	6.1.7601.17514	ActiveX Data Objects (Multi-Dimensional)
msador15.dll	6.1.7601.17514	Microsoft ActiveX Data Objects Recordset
msadox.dll	6.1.7601.17514	ActiveX Data Objects Extensions
msadrh15.dll	6.1.7600.16385	ActiveX Data Objects Rowset Helper
msafd.dll	6.1.7600.16385	Microsoft Windows Sockets 2.0 Service Provider
msasn1.dll	6.1.7601.17514	ASN.1 Runtime APIs
msaudite.dll	6.1.7600.16385	Security Audit Events DLL
mscandui.dll	6.1.7600.16385	MSCANDUI Server DLL
mscat32.dll	6.1.7600.16385	MSCAT32 Forwarder DLL
msclmd.dll	6.1.7601.17514	Microsoft Class Mini-driver
mscms.dll	6.1.7601.17514	Microsoft Color Matching System DLL
mscoree.dll	4.0.40305.0	Microsoft .NET Runtime Execution Engine
mscorier.dll	2.0.50727.5420	Microsoft .NET Runtime IE resources
mscories.dll	2.0.50727.5420	Microsoft .NET IE SECURITY REGISTRATION
mscpx32r.dll	6.1.7600.16385	ODBC Code Page Translator Resources
mscpxl32.dll	6.1.7600.16385	ODBC Code Page Translator
msctf.dll	6.1.7600.16385	MSCTF Server DLL
msctfmonitor.dll	6.1.7600.16385	MsCtfMonitor DLL
msctfp.dll	6.1.7600.16385	MSCTFP Server DLL
msctfui.dll	6.1.7600.16385	MSCTFUI Server DLL
msdadc.dll	6.1.7600.16385	OLE DB Data Conversion Stub
msdadiag.dll	6.1.7600.16385	Built-In Diagnostics
msdaenum.dll	6.1.7600.16385	OLE DB Root Enumerator Stub
msdaer.dll	6.1.7600.16385	OLE DB Error Collection Stub
msdaora.dll	6.1.7600.16385	OLE DB Provider for Oracle
msdaorar.dll	6.1.7600.16385	OLE DB Provider for Oracle Resources
msdaosp.dll	6.1.7601.17514	OLE DB Simple Provider
msdaprsr.dll	6.1.7600.16385	OLE DB Persistence Services Resources
msdaprst.dll	6.1.7600.16385	OLE DB Persistence Services
msdaps.dll	6.1.7600.16385	OLE DB Interface Proxies/Stubs
msdarem.dll	6.1.7601.17514	OLE DB Remote Provider
msdaremr.dll	6.1.7600.16385	OLE DB Remote Provider Resources
msdart.dll	6.1.7600.16385	OLE DB Runtime Routines
msdasc.dll	6.1.7600.16385	OLE DB Service Components Stub
msdasql.dll	6.1.7601.17514	OLE DB Provider for ODBC Drivers
msdasqlr.dll	6.1.7600.16385	OLE DB Provider for ODBC Drivers Resources
msdatl3.dll	6.1.7600.16385	OLE DB Implementation Support Routines
msdatt.dll	6.1.7600.16385	OLE DB Temporary Table Services
msdaurl.dll	6.1.7600.16385	OLE DB RootBinder Stub
msdelta.dll	6.1.7600.16385	Microsoft Patch Engine
msdfmap.dll	6.1.7601.17514	Data Factory Handler
msdmo.dll	6.6.7601.17514	DMO Runtime
msdrm.dll	6.1.7601.17514	Windows Rights Management client
msdtcprx.dll	2001.12.8530.16385	Microsoft Distributed Transaction Coordinator OLE Transactions Interface Proxy DLL
msdtcuiu.dll	2001.12.8530.16385	Microsoft Distributed Transaction Coordinator Administrative DLL
msdtcvsp1res.dll	2001.12.8530.16385	Microsoft Distributed Transaction Coordinator Resources for Vista SP1
msexch40.dll	4.0.9756.0	Microsoft Jet Exchange Isam
msexcl40.dll	4.0.9756.0	Microsoft Jet Excel Isam
msfeeds.dll	8.0.7601.17514	Microsoft Feeds Manager
msfeedsbs.dll	8.0.7601.17514	Microsoft Feeds Background Sync
msftedit.dll	5.41.21.2510	Rich Text Edit Control, v4.1
mshtml.dll	8.0.7601.17514	Microsoft (R) HTML Viewer
mshtmled.dll	8.0.7601.17514	Microsoft® HTML Editing Component
mshtmler.dll	8.0.7600.16385	Microsoft® HTML Editing Component's Resource DLL
msi.dll	5.0.7601.17514	Windows Installer
msidcrl30.dll	6.1.7600.16385	IDCRL Dynamic Link Library
msident.dll	6.1.7600.16385	Microsoft Identity Manager
msidle.dll	6.1.7600.16385	User Idle Monitor
msidntld.dll	6.1.7600.16385	Microsoft Identity Manager
msieftp.dll	6.1.7601.17514	Microsoft Internet Explorer FTP Folder Shell Extension
msihnd.dll	5.0.7601.17514	Windows® installer
msiltcfg.dll	5.0.7600.16385	Windows Installer Configuration API Stub
msimg32.dll	6.1.7600.16385	GDIEXT Client DLL
msimsg.dll	5.0.7600.16385	Windows® Installer International Messages
msimtf.dll	6.1.7600.16385	Active IMM Server DLL
msisip.dll	5.0.7600.16385	MSI Signature SIP Provider
msjet40.dll	4.0.9756.0	Microsoft Jet Engine Library
msjetoledb40.dll	4.0.9756.0
msjint40.dll	4.0.9756.0	Microsoft Jet Database Engine International DLL
msjro.dll	6.1.7601.17514	Jet and Replication Objects
msjter40.dll	4.0.9756.0	Microsoft Jet Database Engine Error DLL
msjtes40.dll	4.0.9756.0	Microsoft Jet Expression Service
msls31.dll	3.10.349.0	Microsoft Line Services library file
msltus40.dll	4.0.9756.0	Microsoft Jet Lotus 1-2-3 Isam
msmpeg2adec.dll	6.1.7140.0	Microsoft DTV-DVD Audio Decoder
msmpeg2enc.dll	6.1.7601.17514	Microsoft MPEG-2 Encoder
msmpeg2vdec.dll	6.1.7140.0	Microsoft DTV-DVD Video Decoder
msnetobj.dll	11.0.7601.17514	DRM ActiveX Network Object
msobjs.dll	6.1.7600.16385	System object audit names
msoeacct.dll	6.1.7600.16385	Microsoft Internet Account Manager
msoert2.dll	6.1.7600.16385	Microsoft Windows Mail RT Lib
msorc32r.dll	6.1.7600.16385	ODBC Driver for Oracle Resources
msorcl32.dll	6.1.7601.17514	ODBC Driver for Oracle
mspatcha.dll	6.1.7600.16385	Microsoft File Patch Application API
mspbde40.dll	4.0.9756.0	Microsoft Jet Paradox Isam
msports.dll	6.1.7600.16385	Ports Class Installer
msrating.dll	8.0.7601.17514	Internet Ratings and Local User Management DLL
msrd2x40.dll	4.0.9756.0	Microsoft (R) Red ISAM
msrd3x40.dll	4.0.9756.0	Microsoft (R) Red ISAM
msrdc.dll	6.1.7600.16385	Remote Differential Compression COM server
msrdpwebaccess.dll	6.1.7600.16385	Microsoft Remote Desktop Services Web Access Control
msrepl40.dll	4.0.9756.0	Microsoft Replication Library
msrle32.dll	6.1.7601.17514	Microsoft RLE Compressor
msscntrs.dll	7.0.7600.16385	msscntrs.dll
msscp.dll	11.0.7601.17514	Windows Media Secure Content Provider
mssha.dll	6.1.7600.16385	Windows Security Health Agent
msshavmsg.dll	6.1.7600.16385	Windows Security Health Agent Validator Message
msshooks.dll	7.0.7600.16385	MSSHooks.dll
mssign32.dll	6.1.7600.16385	Microsoft Trust Signing APIs
mssip32.dll	6.1.7600.16385	MSSIP32 Forwarder DLL
mssitlb.dll	7.0.7600.16385	mssitlb
mssph.dll	7.0.7600.16385	Microsoft Search Protocol Handler
mssphtb.dll	7.0.7601.17514	Outlook MSSearch Connector
mssprxy.dll	7.0.7600.16385	Microsoft Search Proxy
mssrch.dll	7.0.7601.17514	mssrch.dll
mssvp.dll	7.0.7601.17514	MSSearch Vista Platform
msswch.dll	6.1.7600.16385	msswch
mstask.dll	6.1.7601.17514	Task Scheduler interface DLL
mstext40.dll	4.0.9756.0	Microsoft Jet Text Isam
mstime.dll	8.0.7601.17514	Microsoft (R) Timed Interactive Multimedia Extensions to HTML
mstscax.dll	6.1.7601.17514	Remote Desktop Services ActiveX Client
msutb.dll	6.1.7601.17514	MSUTB Server DLL
msv1_0.dll	6.1.7601.17514	Microsoft Authentication Package v1.0
msvbvm60.dll	6.0.98.15	Visual Basic Virtual Machine
msvcirt.dll	7.0.7600.16385	Windows NT IOStreams DLL
msvcp60.dll	7.0.7600.16385	Windows NT C++ Runtime Library DLL
msvcrt.dll	7.0.7600.16385	Windows NT CRT DLL
msvcrt20.dll	2.12.0.0	Microsoft® C Runtime Library
msvcrt40.dll	6.1.7600.16385	VC 4.x CRT DLL (Forwarded to msvcrt.dll)
msvfw32.dll	6.1.7601.17514	Microsoft Video for Windows DLL
msvidc32.dll	6.1.7601.17514	Microsoft Video 1 Compressor
msvidctl.dll	6.5.7601.17514	ActiveX control for streaming video
mswdat10.dll	4.0.9756.0	Microsoft Jet Sort Tables
mswmdm.dll	12.0.7600.16385	Windows Media Device Manager Core
mswsock.dll	6.1.7601.17514	Microsoft Windows Sockets 2.0 Service Provider
mswstr10.dll	4.0.9756.0	Microsoft Jet Sort Library
msxactps.dll	6.1.7600.16385	OLE DB Transaction Proxies/Stubs
msxbde40.dll	4.0.9756.0	Microsoft Jet xBASE Isam
msxml3.dll	8.110.7601.17514	MSXML 3.0 SP11
msxml3r.dll	8.110.7600.16385	XML Resources
msxml6.dll	6.30.7601.17514	MSXML 6.0 SP3
msxml6r.dll	6.30.7600.16385	XML Resources
msyuv.dll	6.1.7601.17514	Microsoft UYVY Video Decompressor
mtxclu.dll	2001.12.8531.17514	Microsoft Distributed Transaction Coordinator Failover Clustering Support DLL
mtxdm.dll	2001.12.8530.16385	COM+
mtxex.dll	2001.12.8530.16385	COM+
mtxlegih.dll	2001.12.8530.16385	COM+
mtxoci.dll	2001.12.8530.16385	Microsoft Distributed Transaction Coordinator Database Support DLL for Oracle
muifontsetup.dll	6.1.7601.17514	MUI Callback for font registry settings
mycomput.dll	6.1.7600.16385	Computer Management
mydocs.dll	6.1.7601.17514	My Documents Folder UI
napcrypt.dll	6.1.7601.17514	NAP Cryptographic API helper
napdsnap.dll	6.1.7601.17514	NAP GPEdit Extension
naphlpr.dll	6.1.7601.17514	NAP client config API helper
napinsp.dll	6.1.7600.16385	E-mail Naming Shim Provider
napipsec.dll	6.1.7600.16385	NAP IPSec Enforcement Client
napmontr.dll	6.1.7600.16385	NAP Netsh Helper
nativehooks.dll	6.1.7600.16385	Microsoft Narrator Native hook handler
naturallanguage6.dll	6.1.7601.17514	Natural Language Development Platform 6
ncdprop.dll	6.1.7600.16385	Advanced network device properties
nci.dll	6.1.7601.17514	CoInstaller: NET
ncobjapi.dll	6.1.7600.16385	Microsoft® Windows® Operating System
ncrypt.dll	6.1.7600.16385	Windows cryptographic library
ncryptui.dll	6.1.7601.17514	Windows cryptographic key protection UI library
ncsi.dll	6.1.7601.17514	Network Connectivity Status Indicator
nddeapi.dll	6.1.7600.16385	Network DDE Share Management APIs
ndfapi.dll	6.1.7600.16385	Network Diagnostic Framework Client API
ndfetw.dll	6.1.7600.16385	Network Diagnostic Engine Event Interface
ndfhcdiscovery.dll	6.1.7600.16385	Network Diagnostic Framework HC Discovery API
ndiscapcfg.dll	6.1.7600.16385	NdisCap Notify Object
ndishc.dll	6.1.7600.16385	NDIS Helper Classes
ndproxystub.dll	6.1.7600.16385	Network Diagnostic Engine Proxy/Stub
negoexts.dll	6.1.7600.16385	NegoExtender Security Package
netapi32.dll	6.1.7601.17514	Net Win32 API DLL
netbios.dll	6.1.7600.16385	NetBIOS Interface Library
netcenter.dll	6.1.7601.17514	Network Center control panel
netcfgx.dll	6.1.7601.17514	Network Configuration Objects
netcorehc.dll	6.1.7600.16385	Networking Core Diagnostics Helper Classes
netdiagfx.dll	6.1.7601.17514	Network Diagnostic Framework
netevent.dll	6.1.7600.16385	Net Event Handler
netfxperf.dll	4.0.40305.0	Extensible Performance Counter Shim
neth.dll	6.1.7600.16385	Net Help Messages DLL
netid.dll	6.1.7601.17514	System Control Panel Applet; Network ID Page
netiohlp.dll	6.1.7601.17514	Netio Helper DLL
netjoin.dll	6.1.7601.17514	Domain Join DLL
netlogon.dll	6.1.7601.17514	Net Logon Services DLL
netmsg.dll	6.1.7600.16385	Net Messages DLL
netplwiz.dll	6.1.7601.17514	Map Network Drives/Network Places Wizard
netprof.dll	6.1.7600.16385	Network Profile Management UI
netprofm.dll	6.1.7600.16385	Network List Manager
netshell.dll	6.1.7601.17514	Network Connections Shell
netutils.dll	6.1.7601.17514	Net Win32 API Helpers DLL
networkexplorer.dll	6.1.7601.17514	Network Explorer
networkitemfactory.dll	6.1.7600.16385	NetworkItem Factory
networkmap.dll	6.1.7601.17514	Network Map
newdev.dll	6.0.5054.0	Add Hardware Device Library
nlaapi.dll	6.1.7601.17514	Network Location Awareness 2
nlhtml.dll	2008.0.7600.16385	HTML filter
nlmgp.dll	6.1.7600.16385	Network List Manager Snapin
nlmsprep.dll	6.1.7600.16385	Network List Manager Sysprep Module
nlsbres.dll	6.1.7601.17514	NLSBuild resource DLL
nlsdata0000.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0001.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0002.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0003.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0007.dll	6.1.7600.16385	Microsoft German Natural Language Server Data and Code
nlsdata0009.dll	6.1.7600.16385	Microsoft English Natural Language Server Data and Code
nlsdata000a.dll	6.1.7600.16385	Microsoft Spanish Natural Language Server Data and Code
nlsdata000c.dll	6.1.7600.16385	Microsoft French Natural Language Server Data and Code
nlsdata000d.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata000f.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0010.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0011.dll	6.1.7600.16385	Microsoft Japanese Natural Language Server Data and Code
nlsdata0013.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0018.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0019.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata001a.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata001b.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata001d.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0020.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0021.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0022.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0024.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0026.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0027.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata002a.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0039.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata003e.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0045.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0046.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0047.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0049.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata004a.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata004b.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata004c.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata004e.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0414.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0416.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0816.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata081a.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdata0c1a.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsdl.dll	6.1.7600.16385	Nls Downlevel DLL
nlslexicons0001.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0002.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0003.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0007.dll	6.1.7600.16385	Microsoft German Natural Language Server Data and Code
nlslexicons0009.dll	6.1.7600.16385	Microsoft English Natural Language Server Data and Code
nlslexicons000a.dll	6.1.7600.16385	Microsoft Spanish Natural Language Server Data and Code
nlslexicons000c.dll	6.1.7600.16385	Microsoft French Natural Language Server Data and Code
nlslexicons000d.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons000f.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0010.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0011.dll	6.1.7600.16385	Microsoft Japanese Natural Language Server Data and Code
nlslexicons0013.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0018.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0019.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons001a.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons001b.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons001d.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0020.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0021.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0022.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0024.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0026.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0027.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons002a.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0039.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons003e.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0045.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0046.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0047.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0049.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons004a.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons004b.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons004c.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons004e.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0414.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0416.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0816.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons081a.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlslexicons0c1a.dll	6.1.7600.16385	Microsoft Neutral Natural Language Server Data and Code
nlsmodels0011.dll	6.1.7600.16385	Microsoft Japanese Natural Language Server Data and Code
normaliz.dll	6.1.7600.16385	Unicode Normalization DLL
npmproxy.dll	6.1.7600.16385	Network List Manager Proxy
nshhttp.dll	6.1.7600.16385	HTTP netsh DLL
nshipsec.dll	6.1.7601.17514	Net Shell IP Security helper DLL
nshwfp.dll	6.1.7601.17514	Windows Filtering Platform Netsh Helper
nsi.dll	6.1.7600.16385	NSI User-mode interface DLL
ntdll.dll	6.1.7601.17514	NT Layer DLL
ntdsapi.dll	6.1.7600.16385	Active Directory Domain Services API
ntlanman.dll	6.1.7601.17514	Microsoft® Lan Manager
ntlanui2.dll	6.1.7600.16385	Network object shell UI
ntmarta.dll	6.1.7600.16385	Windows NT MARTA provider
ntprint.dll	6.1.7601.17514	Spooler Setup DLL
ntshrui.dll	6.1.7601.17514	Shell extensions for sharing
ntvdm64.dll	6.1.7600.16385	16-bit Emulation on NT64
nvapi.dll	9.18.13.5286	NVIDIA NVAPI Library, Version 352.86
nvcompiler.dll
nvcuda.dll	8.17.13.5286	NVIDIA CUDA Driver, Version 352.86
nvcuvid.dll	7.17.13.5286	NVIDIA CUDA Video Decode API, Version 352.86
nvd3dum.dll	9.18.13.5286	NVIDIA WDDM D3D Driver, Version 352.86
nvfbc.dll	6.14.13.5286	NVIDIA Frame Buffer Capture Library, Version
nvifr.dll	6.14.13.5286	NVIDIA In-band Frame Rendering Library, Version
nvinit.dll	9.18.13.5286	NVIDIA shim initialization dll, Version 352.86
nvoglshim32.dll	9.18.13.5286	NVIDIA OpenGL Shim Driver, Version 352.86
nvoglv32.dll	9.18.13.5286	NVIDIA Compatible OpenGL ICD
nvopencl.dll	8.17.13.5286	NVIDIA CUDA 7.5.8 OpenCL 1.1 Driver, Version 352.86
nvumdshim.dll	9.18.13.5286	NVIDIA D3D Shim Driver, Version 352.86
nvwgf2um.dll	9.18.13.5286	NVIDIA D3D10 Driver, Version 352.86
objsel.dll	6.1.7600.16385	Object Picker Dialog
occache.dll	8.0.7601.17514	Object Control Viewer
ocsetapi.dll	6.1.7601.17514	Windows Optional Component Setup API
odbc32.dll	6.1.7601.17514	ODBC Driver Manager
odbc32gt.dll	6.1.7600.16385	ODBC Driver Generic Thunk
odbcbcp.dll	6.1.7600.16385	BCP for ODBC
odbcconf.dll	6.1.7601.17514	ODBC Driver Configuration Program
odbccp32.dll	6.1.7601.17514	ODBC Installer
odbccr32.dll	6.1.7600.16385	ODBC Cursor Library
odbccu32.dll	6.1.7600.16385	ODBC Cursor Library
odbcint.dll	6.1.7600.16385	ODBC Resources
odbcji32.dll	6.1.7600.16385	Microsoft ODBC Desktop Driver Pack 3.5
odbcjt32.dll	6.1.7601.17514	Microsoft ODBC Desktop Driver Pack 3.5
odbctrac.dll	6.1.7601.17514	ODBC Driver Manager Trace
oddbse32.dll	6.1.7600.16385	ODBC (3.0) driver for DBase
odexl32.dll	6.1.7600.16385	ODBC (3.0) driver for Excel
odfox32.dll	6.1.7600.16385	ODBC (3.0) driver for FoxPro
odpdx32.dll	6.1.7600.16385	ODBC (3.0) driver for Paradox
odtext32.dll	6.1.7600.16385	ODBC (3.0) driver for text files
offfilt.dll	2008.0.7600.16385	OFFICE Filter
ogldrv.dll	6.1.7600.16385	MSOGL
ole2.dll	2.10.35.35	OLE 2.1 16/32 Interoperability Library
ole2disp.dll	2.10.3050.1	OLE 2.1 16/32 Interoperability Library
ole2nls.dll	2.10.3050.1	OLE 2.1 16/32 Interoperability Library
ole32.dll	6.1.7601.17514	Microsoft OLE for Windows
oleacc.dll	7.0.0.0	Active Accessibility Core Component
oleacchooks.dll	7.0.0.0	Active Accessibility Event Hooks Library
oleaccrc.dll	7.0.0.0	Active Accessibility Resource DLL
oleaut32.dll	6.1.7601.17514
olecli32.dll	6.1.7600.16385	Object Linking and Embedding Client Library
oledb32.dll	6.1.7601.17514	OLE DB Core Services
oledb32r.dll	6.1.7600.16385	OLE DB Core Services Resources
oledlg.dll	6.1.7600.16385	OLE User Interface Support
oleprn.dll	6.1.7600.16385	Oleprn DLL
olepro32.dll	6.1.7601.17514
oleres.dll	6.1.7600.16385	Ole resource dll
olesvr32.dll	6.1.7600.16385	Object Linking and Embedding Server Library
olethk32.dll	6.1.7601.17514	Microsoft OLE for Windows
onex.dll	6.1.7601.17514	IEEE 802.1X supplicant library
onexui.dll	6.1.7601.17514	IEEE 802.1X supplicant UI library
onlineidcpl.dll	6.1.7601.17514	Online IDs Control Panel
oobefldr.dll	6.1.7601.17514	Getting Started
opcservices.dll	6.1.7601.17514	Native Code OPC Services Library
opengl32.dll	6.1.7600.16385	OpenGL Client DLL
osbaseln.dll	6.1.7600.16385	Service Reporting API
osuninst.dll	6.1.7600.16385	Uninstall Interface
p2p.dll	6.1.7600.16385	Peer-to-Peer Grouping
p2pcollab.dll	6.1.7600.16385	Peer-to-Peer Collaboration
p2pgraph.dll	6.1.7600.16385	Peer-to-Peer Graphing
p2pnetsh.dll	6.1.7600.16385	Peer-to-Peer NetSh Helper
packager.dll	6.1.7600.16385	Object Packager2
panmap.dll	6.1.7600.16385	PANOSE(tm) Font Mapper
pautoenr.dll	6.1.7600.16385	Auto Enrollment DLL
pcaui.dll	6.1.7600.16385	Program Compatibility Assistant User Interface Module
pcwum.dll	6.1.7600.16385	Performance Counters for Windows Native DLL
pdh.dll	6.1.7601.17514	Windows Performance Data Helper DLL
pdhui.dll	6.1.7601.17514	PDH UI
peerdist.dll	6.1.7600.16385	BranchCache Client Library
peerdistsh.dll	6.1.7600.16385	BranchCache Netshell Helper
perfcentercpl.dll	6.1.7601.17514	Performance Center
perfctrs.dll	6.1.7600.16385	Performance Counters
perfdisk.dll	6.1.7600.16385	Windows Disk Performance Objects DLL
perfnet.dll	6.1.7600.16385	Windows Network Service Performance Objects DLL
perfos.dll	6.1.7600.16385	Windows System Performance Objects DLL
perfproc.dll	6.1.7600.16385	Windows System Process Performance Objects DLL
perfts.dll	6.1.7601.17514	Windows Remote Desktop Services Performance Objects
photometadatahandler.dll	6.1.7600.16385	Photo Metadata Handler
photowiz.dll	6.1.7601.17514	Photo Printing Wizard
pid.dll	6.1.7600.16385	Microsoft PID
pidgenx.dll	6.1.7600.16385	Pid Generation
pifmgr.dll	6.1.7601.17514	Windows NT PIF Manager Icon Resources Library
pku2u.dll	6.1.7600.16385	Pku2u Security Package
pla.dll	6.1.7601.17514	Performance Logs & Alerts
playsndsrv.dll	6.1.7600.16385	PlaySound Service
pmcsnap.dll	6.1.7600.16385	pmcsnap dll
pngfilt.dll	8.0.7600.16385	IE PNG plugin image decoder
pnidui.dll	6.1.7601.17514	Network System Icon
pnpsetup.dll	6.1.7600.16385	Pnp installer for CMI
pnrpnsp.dll	6.1.7600.16385	PNRP Name Space Provider
polstore.dll	6.1.7600.16385	Policy Storage dll
portabledeviceapi.dll	6.1.7601.17514	Windows Portable Device API Components
portabledeviceclassextension.dll	6.1.7600.16385	Windows Portable Device Class Extension Component
portabledeviceconnectapi.dll	6.1.7600.16385	Portable Device Connection API Components
portabledevicestatus.dll	6.1.7601.17514	Microsoft Windows Portable Device Status Provider
portabledevicesyncprovider.dll	6.1.7601.17514	Microsoft Windows Portable Device Provider.
portabledevicetypes.dll	6.1.7600.16385	Windows Portable Device (Parameter) Types Component
portabledevicewiacompat.dll	6.1.7600.16385	PortableDevice WIA Compatibility Driver
portabledevicewmdrm.dll	6.1.7600.16385	Windows Portable Device WMDRM Component
pots.dll	6.1.7600.16385	Power Troubleshooter
powercpl.dll	6.1.7601.17514	Power Options Control Panel
powrprof.dll	6.1.7600.16385	Power Profile Helper DLL
ppcsnap.dll	6.1.7600.16385	ppcsnap DLL
presentationcffrasterizernative_v0300.dll	3.0.6920.4902	WinFX OpenType/CFF Rasterizer
presentationhostproxy.dll	4.0.40305.0	Windows Presentation Foundation Host Proxy
presentationnative_v0300.dll	3.0.6920.4902	PresentationNative_v0300.dll
prflbmsg.dll	6.1.7600.16385	Perflib Event Messages
printui.dll	6.1.7601.17514	Printer Settings User Interface
prncache.dll	6.1.7601.17514	Print UI Cache
prnfldr.dll	6.1.7601.17514	prnfldr dll
prnntfy.dll	6.1.7600.16385	prnntfy DLL
prntvpt.dll	6.1.7601.17514	Print Ticket Services Module
profapi.dll	6.1.7600.16385	User Profile Basic API
propsys.dll	7.0.7601.17514	Microsoft Property System
provsvc.dll	6.1.7601.17514	Windows HomeGroup
provthrd.dll	6.1.7600.16385	WMI Provider Thread & Log Library
psapi.dll	6.1.7600.16385	Process Status Helper
psbase.dll	6.1.7600.16385	Protected Storage default provider
pshed.dll	6.1.7600.16385	Platform Specific Hardware Error Driver
psisdecd.dll	6.6.7600.16385	Microsoft SI/PSI parser for MPEG2 based networks.
pstorec.dll	6.1.7600.16385	Protected Storage COM interfaces
pstorsvc.dll	6.1.7600.16385	Protected storage server
puiapi.dll	6.1.7600.16385	puiapi DLL
puiobj.dll	6.1.7601.17514	PrintUI Objects DLL
pwrshplugin.dll	6.1.7600.16385	pwrshplugin.dll
qagent.dll	6.1.7601.17514	Quarantine Agent Proxy
qasf.dll	12.0.7601.17514	DirectShow ASF Support
qcap.dll	6.6.7601.17514	DirectShow Runtime.
qcliprov.dll	6.1.7601.17514	Quarantine Client WMI Provider
qdv.dll	6.6.7601.17514	DirectShow Runtime.
qdvd.dll	6.6.7601.17514	DirectShow DVD PlayBack Runtime.
qedit.dll	6.6.7601.17514	DirectShow Editing.
qedwipes.dll	6.6.7600.16385	DirectShow Editing SMPTE Wipes
qmgrprxy.dll	7.5.7600.16385	Background Intelligent Transfer Service Proxy
qshvhost.dll	6.1.7601.17514	Quarantine SHV Host
qsvrmgmt.dll	6.1.7601.17514	Quarantine Server Management
quartz.dll	6.6.7601.17514	DirectShow Runtime.
query.dll	6.1.7601.17514	Content Index Utility DLL
qutil.dll	6.1.7601.17514	Quarantine Utilities
qwave.dll	6.1.7600.16385	Windows NT
racengn.dll	6.1.7601.17514	Reliability analysis metrics calculation engine
racpldlg.dll	6.1.7600.16385	Remote Assistance Contact List
radardt.dll	6.1.7600.16385	Microsoft Windows Resource Exhaustion Detector
radarrs.dll	6.1.7600.16385	Microsoft Windows Resource Exhaustion Resolver
rasadhlp.dll	6.1.7600.16385	Remote Access AutoDial Helper
rasapi32.dll	6.1.7600.16385	Remote Access API
rascfg.dll	6.1.7600.16385	RAS Configuration Objects
raschap.dll	6.1.7601.17514	Remote Access PPP CHAP
rasctrs.dll	6.1.7600.16385	Windows NT Remote Access Perfmon Counter dll
rasdiag.dll	6.1.7600.16385	RAS Diagnostics Helper Classes
rasdlg.dll	6.1.7600.16385	Remote Access Common Dialog API
rasgcw.dll	6.1.7600.16385	RAS Wizard Pages
rasman.dll	6.1.7600.16385	Remote Access Connection Manager
rasmm.dll	6.1.7600.16385	RAS Media Manager
rasmontr.dll	6.1.7600.16385	RAS Monitor DLL
rasmxs.dll	6.1.7600.16385	Remote Access Device DLL for modems, PADs and switches
rasplap.dll	6.1.7600.16385	RAS PLAP Credential Provider
rasppp.dll	6.1.7601.17514	Remote Access PPP
rasser.dll	6.1.7600.16385	Remote Access Media DLL for COM ports
rastapi.dll	6.1.7601.17514	Remote Access TAPI Compliance Layer
rastls.dll	6.1.7601.17514	Remote Access PPP EAP-TLS
rdpcore.dll	6.1.7601.17514	RDP Core DLL
rdpd3d.dll	6.1.7601.17514	RDP Direct3D Remoting DLL
rdpencom.dll	6.1.7601.17514	RDPSRAPI COM Objects
rdpendp.dll	6.1.7601.17514	RDP Audio Endpoint
rdprefdrvapi.dll	6.1.7601.17514	Reflector Driver API
reagent.dll	6.1.7601.17514	Microsoft Windows Recovery Agent DLL
regapi.dll	6.1.7601.17514	Registry Configuration APIs
regctrl.dll	6.1.7600.16385	RegCtrl
remotepg.dll	6.1.7601.17514	Remote Sessions CPL Extension
resampledmo.dll	6.1.7600.16385	Windows Media Resampler
resutils.dll	6.1.7601.17514	Microsoft Cluster Resource Utility DLL
rgb9rast.dll	6.1.7600.16385	Microsoft® Windows® Operating System
riched20.dll	5.31.23.1230	Rich Text Edit Control, v3.1
riched32.dll	6.1.7601.17514	Wrapper Dll for Richedit 1.0
rnr20.dll	6.1.7600.16385	Windows Socket2 NameSpace DLL
rpcdiag.dll	6.1.7600.16385	RPC Diagnostics
rpchttp.dll	6.1.7601.17514	RPC HTTP DLL
rpcndfp.dll	1.0.0.1	RPC NDF Helper Class
rpcns4.dll	6.1.7600.16385	Remote Procedure Call Name Service Client
rpcnsh.dll	6.1.7600.16385	RPC Netshell Helper
rpcrt4.dll	6.1.7601.17514	Remote Procedure Call Runtime
rpcrtremote.dll	6.1.7601.17514	Remote RPC Extension
rsaenh.dll	6.1.7600.16385	Microsoft Enhanced Cryptographic Provider
rscricon.dll	1.10.0.0	Realtek Card Reader Icon Dll
rshx32.dll	6.1.7600.16385	Security Shell Extension
rstrtmgr.dll	6.1.7600.16385	Restart Manager
rtffilt.dll	2008.0.7600.16385	RTF Filter
rtm.dll	6.1.7600.16385	Routing Table Manager
rtutils.dll	6.1.7601.17514	Routing Utilities
samcli.dll	6.1.7601.17514	Security Accounts Manager Client DLL
samlib.dll	6.1.7600.16385	SAM Library DLL
sampleres.dll	6.1.7600.16385	Microsoft Samples
sas.dll	6.1.7600.16385	WinLogon Software SAS Library
sbe.dll	6.6.7601.17514	DirectShow Stream Buffer Filter.
sbeio.dll	12.0.7600.16385	Stream Buffer IO DLL
sberes.dll	6.6.7600.16385	DirectShow Stream Buffer Filter Resouces.
scansetting.dll	6.1.7601.17514	Microsoft® Windows(TM) ScanSettings Profile and Scanning implementation
scarddlg.dll	6.1.7600.16385	SCardDlg - Smart Card Common Dialog
scecli.dll	6.1.7601.17514	Windows Security Configuration Editor Client Engine
scesrv.dll	6.1.7601.17514	Windows Security Configuration Editor Engine
schannel.dll	6.1.7601.17514	TLS / SSL Security Provider
schedcli.dll	6.1.7601.17514	Scheduler Service Client DLL
scksp.dll	6.1.7600.16385	Microsoft Smart Card Key Storage Provider
scripto.dll	6.6.7600.16385	Microsoft ScriptO
scrobj.dll	5.8.7600.16385	Windows ® Script Component Runtime
scrptadm.dll	6.1.7601.17514	Script Adm Extension
scrrun.dll	5.8.7600.16385	Microsoft ® Script Runtime
sdiageng.dll	6.1.7600.16385	Scripted Diagnostics Execution Engine
sdiagprv.dll	6.1.7600.16385	Windows Scripted Diagnostic Provider API
sdohlp.dll	6.1.7600.16385	NPS SDO Helper Component
searchfolder.dll	6.1.7601.17514	SearchFolder
sechost.dll	6.1.7600.16385	Host for SCM/SDDL/LSA Lookup APIs
secproc.dll	6.1.7601.17514	Windows Rights Management Desktop Security Processor
secproc_isv.dll	6.1.7601.17514	Windows Rights Management Desktop Security Processor
secproc_ssp.dll	6.1.7601.17514	Windows Rights Management Services Server Security Processor
secproc_ssp_isv.dll	6.1.7601.17514	Windows Rights Management Services Server Security Processor (Pre-production)
secur32.dll	6.1.7601.17514	Security Support Provider Interface
security.dll	6.1.7600.16385	Security Support Provider Interface
sendmail.dll	6.1.7600.16385	Send Mail
sens.dll	6.1.7600.16385	System Event Notification Service (SENS)
sensapi.dll	6.1.7600.16385	SENS Connectivity API DLL
sensorsapi.dll	6.1.7600.16385	Sensor API
sensorscpl.dll	6.1.7601.17514	Open Location and Other Sensors
serialui.dll	6.1.7600.16385	Serial Port Property Pages
serwvdrv.dll	6.1.7600.16385	Unimodem Serial Wave driver
sessenv.dll	6.1.7601.17514	Remote Desktop Configuration service
setupapi.dll	6.1.7601.17514	Windows Setup API
setupcln.dll	6.1.7601.17514	Setup Files Cleanup
sfc.dll	6.1.7600.16385	Windows File Protection
sfc_os.dll	6.1.7600.16385	Windows File Protection
shacct.dll	6.1.7601.17514	Shell Accounts Classes
shdocvw.dll	6.1.7601.17514	Shell Doc Object and Control Library
shell32.dll	6.1.7601.17514	Windows Shell Common Dll
shellstyle.dll	6.1.7600.16385	Windows Shell Style Resource Dll
shfolder.dll	6.1.7600.16385	Shell Folder Service
shgina.dll	6.1.7601.17514	Windows Shell User Logon
shimeng.dll	6.1.7600.16385	Shim Engine DLL
shimgvw.dll	6.1.7601.17514	Photo Gallery Viewer
shlwapi.dll	6.1.7601.17514	Shell Light-weight Utility Library
shpafact.dll	6.1.7600.16385	Windows Shell LUA/PA Elevation Factory Dll
shsetup.dll	6.1.7601.17514	Shell setup helper
shsvcs.dll	6.1.7601.17514	Windows Shell Services Dll
shunimpl.dll	6.1.7601.17514	Windows Shell Obsolete APIs
shwebsvc.dll	6.1.7601.17514	Windows Shell Web Services
signdrv.dll	6.1.7600.16385	WMI provider for Signed Drivers
sisbkup.dll	6.1.7601.17514	Single-Instance Store Backup Support Functions
slc.dll	6.1.7600.16385	Software Licensing Client Dll
slcext.dll	6.1.7600.16385	Software Licensing Client Extension Dll
slwga.dll	6.1.7601.17514	Software Licensing WGA API
smartcardcredentialprovider.dll	6.1.7601.17514	Windows Smartcard Credential Provider
smbhelperclass.dll	1.0.0.1	SMB (File Sharing) Helper Class for Network Diagnostic Framework
sndvolsso.dll	6.1.7601.17514	SCA Volume
snmpapi.dll	6.1.7600.16385	SNMP Utility Library
softkbd.dll	6.1.7600.16385	Soft Keyboard Server and Tip
softpub.dll	6.1.7600.16385	Softpub Forwarder DLL
sortserver2003compat.dll	6.1.7600.16385	Sort Version Server 2003
sortwindows6compat.dll	6.1.7600.16385	Sort Version Windows 6.0
spbcd.dll	6.1.7601.17514	BCD Sysprep Plugin
spfileq.dll	6.1.7600.16385	Windows SPFILEQ
spinf.dll	6.1.7600.16385	Windows SPINF
spnet.dll	6.1.7600.16385	Net Sysprep Plugin
spopk.dll	6.1.7601.17514	OPK Sysprep Plugin
spp.dll	6.1.7601.17514	Microsoft® Windows Shared Protection Point Library
sppc.dll	6.1.7601.17514	Software Licensing Client Dll
sppcc.dll	6.1.7600.16385	Software Licensing Commerce Client
sppcext.dll	6.1.7600.16385	Software Protection Platform Client Extension Dll
sppcomapi.dll	6.1.7601.17514	Software Licensing Library
sppcommdlg.dll	6.1.7600.16385	Software Licensing UI API
sppinst.dll	6.1.7601.17514	SPP CMI Installer Plug-in DLL
sppwmi.dll	6.1.7600.16385	Software Protection Platform WMI provider
spwinsat.dll	6.1.7600.16385	WinSAT Sysprep Plugin
spwizeng.dll	6.1.7601.17514	Setup Wizard Framework
spwizimg.dll	6.1.7600.16385	Setup Wizard Framework Resources
spwizres.dll	6.1.7601.17514	Setup Wizard Framework Resources
spwmp.dll	6.1.7601.17514	Windows Media Player System Preparation DLL
sqlceoledb30.dll	3.0.7600.0	Microsoft SQL Mobile
sqlceqp30.dll	3.0.7600.0	Microsoft SQL Mobile
sqlcese30.dll	3.0.7601.0	Microsoft SQL Mobile
sqloledb.dll	6.1.7601.17514	OLE DB Provider for SQL Server
sqlsrv32.dll	6.1.7601.17514	SQL Server ODBC Driver
sqlunirl.dll	2000.80.728.0	String Function .DLL for SQL Enterprise Components
sqlwid.dll	1999.10.20.0	Unicode Function .DLL for SQL Enterprise Components
sqlwoa.dll	1999.10.20.0	Unicode/ANSI Function .DLL for SQL Enterprise Components
sqlxmlx.dll	6.1.7600.16385	XML extensions for SQL Server
sqmapi.dll	6.1.7601.17514	SQM Client
srchadmin.dll	7.0.7601.17514	Indexing Options
srclient.dll	6.1.7600.16385	Microsoft® Windows System Restore Client Library
srhelper.dll	6.1.7600.16385	Microsoft® Windows driver and windows update enumeration library
srpuxnativesnapin.dll	6.1.7600.16385	Application Control Policies Group Policy Editor Extension
srvcli.dll	6.1.7601.17514	Server Service Client DLL
sscore.dll	6.1.7601.17514	Server Service Core DLL
ssdpapi.dll	6.1.7600.16385	SSDP Client API DLL
sspicli.dll	6.1.7601.17514	Security Support Provider Interface
ssshim.dll	6.1.7600.16385	Windows Componentization Platform Servicing API
stclient.dll	2001.12.8530.16385	COM+ Configuration Catalog Client
sti.dll	6.1.7600.16385	Still Image Devices client DLL
stobject.dll	6.1.7601.17514	Systray shell service object
storage.dll	2.10.35.35	OLE 2.1 16/32 Interoperability Library
storagecontexthandler.dll	6.1.7600.16385	Device Center Storage Context Menu Handler
storprop.dll	6.1.7600.16385	Property Pages for Storage Devices
structuredquery.dll	7.0.7601.17514	Structured Query
sud.dll	6.1.7601.17514	SUD Control Panel
sxproxy.dll	6.1.7600.16385	Microsoft® Windows System Protection Proxy Library
sxs.dll	6.1.7601.17514	Fusion 2.5
sxshared.dll	6.1.7600.16385	Microsoft® Windows SX Shared Library
sxsstore.dll	6.1.7600.16385	Sxs Store DLL
synccenter.dll	6.1.7601.17514	Microsoft Sync Center
synceng.dll	6.1.7600.16385	Windows Briefcase Engine
synchostps.dll	6.1.7600.16385	Proxystub for sync host
syncinfrastructure.dll	6.1.7600.16385	Microsoft Windows Sync Infrastructure.
syncinfrastructureps.dll	6.1.7600.16385	Microsoft Windows sync infrastructure proxy stub.
syncreg.dll	2007.94.7600.16385	Microsoft Synchronization Framework Registration
syncui.dll	6.1.7601.17514	Windows Briefcase
syssetup.dll	6.1.7601.17514	Windows NT System Setup
systemcpl.dll	6.1.7601.17514	My System CPL
t2embed.dll	6.1.7601.17514	Microsoft T2Embed Font Embedding
tapi3.dll	6.1.7600.16385	Microsoft TAPI3
tapi32.dll	6.1.7600.16385	Microsoft® Windows(TM) Telephony API Client DLL
tapimigplugin.dll	6.1.7600.16385	Microsoft® Windows(TM) TAPI Migration Plugin Dll
tapiperf.dll	6.1.7600.16385	Microsoft® Windows(TM) Telephony Performance Monitor
tapisrv.dll	6.1.7601.17514	Microsoft® Windows(TM) Telephony Server
tapisysprep.dll	6.1.7600.16385	Microsoft® Windows(TM) Telephony Sysprep Work
tapiui.dll	6.1.7600.16385	Microsoft® Windows(TM) Telephony API UI DLL
taskcomp.dll	6.1.7601.17514	Task Scheduler Backward Compatibility Plug-in
taskschd.dll	6.1.7601.17514	Task Scheduler COM API
taskschdps.dll	6.1.7600.16385	Task Scheduler Interfaces Proxy
tbs.dll	6.1.7600.16385	TBS
tcpipcfg.dll	6.1.7601.17514	Network Configuration Objects
tcpmonui.dll	6.1.7600.16385	Standard TCP/IP Port Monitor UI DLL
tdh.dll	6.1.7600.16385	Event Trace Helper Library
termmgr.dll	6.1.7601.17514	Microsoft TAPI3 Terminal Manager
thawbrkr.dll	6.1.7600.16385	Thai Word Breaker
themecpl.dll	6.1.7601.17514	Personalization CPL
themeui.dll	6.1.7601.17514	Windows Theme API
thumbcache.dll	6.1.7601.17514	Microsoft Thumbnail Cache
timedatemuicallback.dll	6.1.7600.16385	Time Date Control UI Language Change plugin
tlscsp.dll	6.1.7601.17514	Microsoft® Remote Desktop Services Cryptographic Utility
tpmcompc.dll	6.1.7600.16385	Computer Chooser Dialog
tquery.dll	7.0.7601.17514	tquery.dll
traffic.dll	6.1.7600.16385	Microsoft Traffic Control 1.0 DLL
trapi.dll	6.1.7601.17514	Microsoft Narrator Text Renderer
tsbyuv.dll	6.1.7601.17514	Toshiba Video Codec
tschannel.dll	6.1.7600.16385	Task Scheduler Proxy
tsgqec.dll	6.1.7601.17514	RD Gateway QEC
tsmf.dll	6.1.7601.17514	RDP MF Plugin
tspkg.dll	6.1.7601.17514	Web Service Security Package
tsworkspace.dll	6.1.7601.17514	RemoteApp and Desktop Connection Component
tvratings.dll	6.6.7600.16385	Module for managing TV ratings
twext.dll	6.1.7601.17514	Previous Versions property page
txflog.dll	2001.12.8530.16385	COM+
txfw32.dll	6.1.7600.16385	TxF Win32 DLL
typelib.dll	2.10.3029.1	OLE 2.1 16/32 Interoperability Library
tzres.dll	6.1.7601.17514	Time Zones resource DLL
ubpm.dll	6.1.7600.16385	Unified Background Process Manager DLL
ucmhc.dll	6.1.7600.16385	UCM Helper Class
udhisapi.dll	6.1.7600.16385	UPnP Device Host ISAPI Extension
uexfat.dll	6.1.7600.16385	eXfat Utility DLL
ufat.dll	6.1.7600.16385	FAT Utility DLL
uianimation.dll	6.1.7600.16385	Windows Animation Manager
uiautomationcore.dll	7.0.0.0	Microsoft UI Automation Core
uicom.dll	6.1.7600.16385	Add/Remove Modems
uiribbon.dll	6.1.7601.17514	Windows Ribbon Framework
uiribbonres.dll	6.1.7601.17514	Windows Ribbon Framework Resources
ulib.dll	6.1.7600.16385	File Utilities Support DLL
umdmxfrm.dll	6.1.7600.16385	Unimodem Tranform Module
unimdmat.dll	6.1.7601.17514	Unimodem Service Provider AT Mini Driver
uniplat.dll	6.1.7600.16385	Unimodem AT Mini Driver Platform Driver for Windows NT
untfs.dll	6.1.7601.17514	NTFS Utility DLL
upnp.dll	6.1.7601.17514	UPnP Control Point API
upnphost.dll	6.1.7600.16385	UPnP Device Host
ureg.dll	6.1.7600.16385	Registry Utility DLL
url.dll	8.0.7600.16385	Internet Shortcut Shell Extension DLL
urlmon.dll	8.0.7601.17514	OLE32 Extensions for Win32
usbceip.dll	6.1.7600.16385	USBCEIP Task
usbperf.dll	6.1.7600.16385	USB Performance Objects DLL
usbui.dll	6.1.7600.16385	USB UI Dll
user32.dll	6.1.7601.17514	Multi-User Windows USER API Client DLL
useraccountcontrolsettings.dll	6.1.7601.17514	UserAccountControlSettings
usercpl.dll	6.1.7601.17514	User control panel
userenv.dll	6.1.7601.17514	Userenv
usp10.dll	1.626.7601.17514	Uniscribe Unicode script processor
utildll.dll	6.1.7601.17514	WinStation utility support DLL
uudf.dll	6.1.7600.16385	UDF Utility DLL
uxinit.dll	6.1.7600.16385	Windows User Experience Session Initialization Dll
uxlib.dll	6.1.7601.17514	Setup Wizard Framework
uxlibres.dll	6.1.7600.16385	UXLib Resources
uxtheme.dll	6.1.7600.16385	Microsoft UxTheme Library
van.dll	6.1.7601.17514	View Available Networks
vault.dll	6.1.7601.17514	Windows vault Control Panel
vaultcli.dll	6.1.7600.16385	Credential Vault Client Library
vbajet32.dll	6.0.1.9431	Visual Basic for Applications Development Environment - Expression Service Loader
vbscript.dll	5.8.7601.17514	Microsoft ® VBScript
vdmdbg.dll	6.1.7600.16385	VDMDBG.DLL
vds_ps.dll	6.1.7600.16385	Microsoft® Virtual Disk Service proxy/stub
vdsbas.dll	6.1.7601.17514	Virtual Disk Service Basic Provider
vdsdyn.dll	6.1.7600.16385	VDS Dynamic Volume Provider, Version 2.1.0.1
vdsvd.dll	6.1.7600.16385	VDS Virtual Disk Provider, Version 1.0
verifier.dll	6.1.7600.16385	Standard application verifier provider dll
version.dll	6.1.7600.16385	Version Checking and File Installation Libraries
vfpodbc.dll	1.0.2.0	vfpodbc
vfwwdm32.dll	6.1.7601.17514	VfW MM Driver for WDM Video Capture Devices
vidreszr.dll	6.1.7600.16385	Windows Media Resizer
virtdisk.dll	6.1.7600.16385	Virtual Disk API DLL
vpnikeapi.dll	6.1.7601.17514	VPN IKE API's
vss_ps.dll	6.1.7600.16385	Microsoft® Volume Shadow Copy Service proxy/stub
vssapi.dll	6.1.7601.17514	Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL
vsstrace.dll	6.1.7600.16385	Microsoft® Volume Shadow Copy Service Tracing Library
w32topl.dll	6.1.7600.16385	Windows NT Topology Maintenance Tool
wab32.dll	6.1.7600.16385	Microsoft (R) Contacts DLL
wab32res.dll	6.1.7600.16385	Microsoft (R) Contacts DLL
wabsyncprovider.dll	6.1.7600.16385	Microsoft Windows Contacts Sync Provider
wavemsp.dll	6.1.7601.17514	Microsoft Wave MSP
wbemcomn.dll	6.1.7601.17514	WMI
wcnapi.dll	6.1.7600.16385	Windows Connect Now - API Helper DLL
wcncsvc.dll	6.1.7601.17514	Windows Connect Now - Config Registrar Service
wcneapauthproxy.dll	6.1.7600.16385	Windows Connect Now - WCN EAP Authenticator Proxy
wcneappeerproxy.dll	6.1.7600.16385	Windows Connect Now - WCN EAP PEER Proxy
wcnwiz.dll	6.1.7600.16385	Windows Connect Now Wizards
wcspluginservice.dll	6.1.7600.16385	WcsPlugInService DLL
wdc.dll	6.1.7601.17514	Performance Monitor
wdi.dll	6.1.7600.16385	Windows Diagnostic Infrastructure
wdigest.dll	6.1.7600.16385	Microsoft Digest Access
wdscore.dll	6.1.7601.17514	Panther Engine Module
webcheck.dll	8.0.7601.17514	Web Site Monitor
webclnt.dll	6.1.7601.17514	Web DAV Service DLL
webio.dll	6.1.7601.17514	Web Transfer Protocols API
webservices.dll	6.1.7601.17514	Windows Web Services Runtime
wecapi.dll	6.1.7600.16385	Event Collector Configuration API
wer.dll	6.1.7601.17514	Windows Error Reporting DLL
werdiagcontroller.dll	6.1.7600.16385	WER Diagnostic Controller
werui.dll	6.1.7600.16385	Windows Error Reporting UI DLL
wevtapi.dll	6.1.7600.16385	Eventing Consumption and Configuration API
wevtfwd.dll	6.1.7600.16385	WS-Management Event Forwarding Plug-in
wfapigp.dll	6.1.7600.16385	Windows Firewall GPO Helper dll
wfhc.dll	6.1.7600.16385	Windows Firewall Helper Class
whealogr.dll	6.1.7600.16385	WHEA Troubleshooter
whhelper.dll	6.1.7600.16385	Net shell helper DLL for winHttp
wiaaut.dll	6.1.7600.16385	WIA Automation Layer
wiadefui.dll	6.1.7601.17514	WIA Scanner Default UI
wiadss.dll	6.1.7600.16385	WIA TWAIN compatibility layer
wiaextensionhost64.dll	6.1.7600.16385	WIA Extension Host for thunking APIs from 32-bit to 64-bit process
wiascanprofiles.dll	6.1.7600.16385	Microsoft Windows ScanProfiles
wiashext.dll	6.1.7600.16385	Imaging Devices Shell Folder UI
wiatrace.dll	6.1.7600.16385	WIA Tracing
wiavideo.dll	6.1.7601.17514	WIA Video
wimgapi.dll	6.1.7601.17514	Windows Imaging Library
win32spl.dll	6.1.7601.17514	Client Side Rendering Print Provider
winbio.dll	6.1.7600.16385	Windows Biometrics Client API
winbrand.dll	6.1.7600.16385	Windows Branding Resources
wincredprovider.dll	6.1.7600.16385	wincredprovider DLL
windowscodecs.dll	6.1.7601.17514	Microsoft Windows Codecs Library
windowscodecsext.dll	6.1.7600.16385	Microsoft Windows Codecs Extended Library
winfax.dll	6.1.7600.16385	Microsoft Fax API Support DLL
winhttp.dll	6.1.7601.17514	Windows HTTP Services
wininet.dll	8.0.7601.17514	Internet Extensions for Win32
winipsec.dll	6.1.7600.16385	Windows IPsec SPD Client DLL
winmm.dll	6.1.7601.17514	MCI API DLL
winnsi.dll	6.1.7600.16385	Network Store Information RPC interface
winrnr.dll	6.1.7600.16385	LDAP RnR Provider DLL
winrscmd.dll	6.1.7600.16385	remtsvc
winrsmgr.dll	6.1.7600.16385	WSMan Shell API
winrssrv.dll	6.1.7600.16385	winrssrv
winsatapi.dll	6.1.7601.17514	Windows System Assessment Tool API
winscard.dll	6.1.7601.17514	Microsoft Smart Card API
winshfhc.dll	6.1.7600.16385	File Risk Estimation
winsockhc.dll	6.1.7600.16385	Winsock Network Diagnostic Helper Class
winsrpc.dll	6.1.7600.16385	WINS RPC LIBRARY
winsta.dll	6.1.7601.17514	Winstation Library
winsync.dll	2007.94.7600.16385	Synchronization Framework
winsyncmetastore.dll	2007.94.7600.16385	Windows Synchronization Metadata Store
winsyncproviders.dll	2007.94.7600.16385	Windows Synchronization Provider Framework
wintrust.dll	6.1.7601.17514	Microsoft Trust Verification APIs
winusb.dll	6.1.7600.16385	Windows USB Driver User Library
wkscli.dll	6.1.7601.17514	Workstation Service Client DLL
wksprtps.dll	6.1.7600.16385	WorkspaceRuntime ProxyStub DLL
wlanapi.dll	6.1.7600.16385	Windows WLAN AutoConfig Client Side API DLL
wlancfg.dll	6.1.7600.16385	Wlan Netsh Helper DLL
wlanconn.dll	6.1.7600.16385	Dot11 Connection Flows
wlandlg.dll	6.1.7600.16385	Wireless Lan Dialog Wizards
wlangpui.dll	6.1.7601.17514	Wireless Network Policy Management Snap-in
wlanhlp.dll	6.1.7600.16385	Windows Wireless LAN 802.11 Client Side Helper API
wlaninst.dll	6.1.7600.16385	Windows NET Device Class Co-Installer for Wireless LAN
wlanmm.dll	6.1.7600.16385	Dot11 Media and AdHoc Managers
wlanmsm.dll	6.1.7601.17514	Windows Wireless LAN 802.11 MSM DLL
wlanpref.dll	6.1.7601.17514	Wireless Preferred Networks
wlansec.dll	6.1.7600.16385	Windows Wireless LAN 802.11 MSM Security Module DLL
wlanui.dll	6.1.7601.17514	Wireless Profile UI
wlanutil.dll	6.1.7600.16385	Windows Wireless LAN 802.11 Utility DLL
wldap32.dll	6.1.7601.17514	Win32 LDAP API DLL
wlgpclnt.dll	6.1.7600.16385	802.11 Group Policy Client
wls0wndh.dll	6.1.7600.16385	Session0 Viewer Window Hook DLL
wmadmod.dll	6.1.7601.17514	Windows Media Audio Decoder
wmadmoe.dll	6.1.7600.16385	Windows Media Audio 10 Encoder/Transcoder
wmasf.dll	12.0.7600.16385	Windows Media ASF DLL
wmcodecdspps.dll	6.1.7600.16385	Windows Media CodecDSP Proxy Stub Dll
wmdmlog.dll	12.0.7600.16385	Windows Media Device Manager Logger
wmdmps.dll	12.0.7600.16385	Windows Media Device Manager Proxy Stub
wmdrmdev.dll	12.0.7601.17514	Windows Media DRM for Network Devices Registration DLL
wmdrmnet.dll	12.0.7601.17514	Windows Media DRM for Network Devices DLL
wmdrmsdk.dll	11.0.7601.17514	Windows Media DRM SDK DLL
wmerror.dll	12.0.7600.16385	Windows Media Error Definitions (English)
wmi.dll	6.1.7600.16385	WMI DC and DP functionality
wmidx.dll	12.0.7600.16385	Windows Media Indexer DLL
wmiprop.dll	6.1.7600.16385	WDM Provider Dynamic Property Page CoInstaller
wmnetmgr.dll	12.0.7601.17514	Windows Media Network Plugin Manager DLL
wmp.dll	12.0.7601.17514	Windows Media Player
wmpcm.dll	12.0.7600.16385	Windows Media Player Compositing Mixer
wmpdui.dll	12.0.7600.16385	Windows Media Player UI Engine
wmpdxm.dll	12.0.7601.17514	Windows Media Player Extension
wmpeffects.dll	12.0.7601.17514	Windows Media Player Effects
wmpencen.dll	12.0.7601.17514	Windows Media Player Encoding Module
wmphoto.dll	6.1.7601.17514	Windows Media Photo Codec
wmploc.dll	12.0.7601.17514	Windows Media Player Resources
wmpmde.dll	12.0.7601.17514	WMPMDE DLL
wmpps.dll	12.0.7601.17514	Windows Media Player Proxy Stub Dll
wmpshell.dll	12.0.7601.17514	Windows Media Player Launcher
wmpsrcwp.dll	12.0.7601.17514	WMPSrcWp Module
wmsgapi.dll	6.1.7600.16385	WinLogon IPC Client
wmspdmod.dll	6.1.7601.17514	Windows Media Audio Voice Decoder
wmspdmoe.dll	6.1.7600.16385	Windows Media Audio Voice Encoder
wmvcore.dll	12.0.7601.17514	Windows Media Playback/Authoring DLL
wmvdecod.dll	6.1.7601.17514	Windows Media Video Decoder
wmvdspa.dll	6.1.7600.16385	Windows Media Video DSP Components - Advanced
wmvencod.dll	6.1.7600.16385	Windows Media Video 9 Encoder
wmvsdecd.dll	6.1.7601.17514	Windows Media Screen Decoder
wmvsencd.dll	6.1.7600.16385	Windows Media Screen Encoder
wmvxencd.dll	6.1.7600.16385	Windows Media Video Encoder
wow32.dll	6.1.7600.16385	Wow32
wpc.dll	1.0.0.1	WPC Settings Library
wpcao.dll	6.1.7600.16385	WPC Administrator Override
wpcsvc.dll	1.0.0.1	WPC Filtering Service
wpdshext.dll	6.1.7601.17514	Portable Devices Shell Extension
wpdshserviceobj.dll	6.1.7601.17514	Windows Portable Device Shell Service Object
wpdsp.dll	6.1.7601.17514	WMDM Service Provider for Windows Portable Devices
wpdwcn.dll	6.1.7601.17514	Windows Portable Device WCN Wizard
ws2_32.dll	6.1.7601.17514	Windows Socket 2.0 32-Bit DLL
ws2help.dll	6.1.7600.16385	Windows Socket 2.0 Helper for Windows NT
wscapi.dll	6.1.7601.17514	Windows Security Center API
wscinterop.dll	6.1.7600.16385	Windows Health Center WSC Interop
wscisvif.dll	6.1.7600.16385	Windows Security Center ISV API
wscmisetup.dll	6.1.7600.16385	Installers for Winsock Transport and Name Space Providers
wscproxystub.dll	6.1.7600.16385	Windows Security Center ISV Proxy Stub
wsdapi.dll	6.1.7601.17514	Web Services for Devices API DLL
wsdchngr.dll	6.1.7601.17514	WSD Challenge Component
wsecedit.dll	6.1.7600.16385	Security Configuration UI Module
wshbth.dll	6.1.7601.17514	Windows Sockets Helper DLL
wshcon.dll	5.8.7600.16385	Microsoft ® Windows Script Controller
wshelper.dll	6.1.7600.16385	Winsock Net shell helper DLL for winsock
wshext.dll	5.8.7600.16385	Microsoft ® Shell Extension for Windows Script Host
wship6.dll	6.1.7600.16385	Winsock2 Helper DLL (TL/IPv6)
wshirda.dll	6.1.7601.17514	Windows Sockets Helper DLL
wshqos.dll	6.1.7600.16385	QoS Winsock2 Helper DLL
wshrm.dll	6.1.7600.16385	Windows Sockets Helper DLL for PGM
wshtcpip.dll	6.1.7600.16385	Winsock2 Helper DLL (TL/IPv4)
wsmanmigrationplugin.dll	6.1.7600.16385	WinRM Migration Plugin
wsmauto.dll	6.1.7600.16385	WSMAN Automation
wsmplpxy.dll	6.1.7600.16385	wsmplpxy
wsmres.dll	6.1.7600.16385	WSMan Resource DLL
wsmsvc.dll	6.1.7601.17514	WSMan Service
wsmwmipl.dll	6.1.7600.16385	WSMAN WMI Provider
wsnmp32.dll	6.1.7601.17514	Microsoft WinSNMP v2.0 Manager API
wsock32.dll	6.1.7600.16385	Windows Socket 32-Bit DLL
wtsapi32.dll	6.1.7601.17514	Windows Remote Desktop Session Host Server SDK APIs
wuapi.dll	7.6.7600.320	Windows Update Client API
wudriver.dll	7.6.7600.320	Windows Update WUDriver Stub
wups.dll	7.6.7600.320	Windows Update client proxy stub
wuwebv.dll	7.6.7600.320	Windows Update Vista Web Control
wvc.dll	6.1.7601.17514	Windows Visual Components
wwanapi.dll	6.1.7600.16385	Mbnapi
wwapi.dll	8.1.2.0	WWAN API
wzcdlg.dll	6.1.7600.16385	Windows Connect Now - Flash Config Enrollee
xinput9_1_0.dll	6.1.7600.16385	XNA Common Controller
xmlfilter.dll	2008.0.7600.16385	XML Filter
xmllite.dll	1.3.1000.0	Microsoft XmlLite Library
xmlprovi.dll	6.1.7600.16385	Network Provisioning Service Client API
xolehlp.dll	2001.12.8530.16385	Microsoft Distributed Transaction Coordinator Helper APIs DLL
xpsfilt.dll	6.1.7600.16385	XML Paper Specification Document IFilter
xpsgdiconverter.dll	6.1.7601.17514	XPS to GDI Converter
xpsprint.dll	6.1.7601.17514	XPS Printing DLL
xpsrasterservice.dll	6.1.7601.17514	XPS Rasterization Service Component
xpsservices.dll	6.1.7601.17514	Xps Object Model in memory creation and deserialization
xpsshhdr.dll	6.1.7600.16385	Package Document Shell Extension Handler
xpssvcs.dll	6.1.7600.16385	Native Code Xps Services Library
xwizards.dll	6.1.7600.16385	Extensible Wizards Manager Module
xwreg.dll	6.1.7600.16385	Extensible Wizard Registration Manager Module
xwtpdui.dll	6.1.7600.16385	Extensible Wizard Type Plugin for DUI
xwtpw32.dll	6.1.7600.16385	Extensible Wizard Type Plugin for Win32
zipfldr.dll	6.1.7601.17514	Compressed (zipped) Folders

Certificates


[ Certificate Authorities / Microsoft Windows Hardware Compatibility ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	A0 69 FE 8F 9A 3F D1 11 8B 19
		Validity	10/1/1997 - 12/31/2002
		MD5 Hash	09C254BDE4EA50F26D1497F29C51AF6D
		SHA1 Hash	109F1CAED645BB78B3EA2B94C0697C740733031C

	Issuer Properties:
		Common Name	Microsoft Root Authority
		Organizational Unit	Copyright (c) 1997 Microsoft Corp.
		Organizational Unit	Microsoft Corporation

	Subject Properties:
		Common Name	Microsoft Windows Hardware Compatibility
		Organizational Unit	Copyright (c) 1997 Microsoft Corp.
		Organizational Unit	Microsoft Windows Hardware Compatibility Intermediate CA
		Organizational Unit	Microsoft Corporation

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Certificate Authorities / Root Agency ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	F4 35 5C AA D4 B8 CF 11 8A 64 00 AA 00 6C 37 06
		Validity	5/29/1996 - 1/1/2040
		MD5 Hash	C0A723F0DA35026B21EDB17597F1D470
		SHA1 Hash	FEE449EE0E3965A5246F000E87FDE2A065FD89D4

	Issuer Properties:
		Common Name	Root Agency

	Subject Properties:
		Common Name	Root Agency

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Certificate Authorities / UTN-USERFirst-Hardware ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	25 97 49 35 74 A2 D1 43 13 D7 C7 AA F1 AC 4B 48
		Validity	6/7/2005 - 5/30/2020
		MD5 Hash	73BE83E20B42A2693B500D700C1494D3
		SHA1 Hash	3D4B2A4C64317143F50258D7E6FD7D3C021A529E

	Issuer Properties:
		Common Name	AddTrust External CA Root
		Organization	AddTrust AB
		Organizational Unit	AddTrust External TTP Network
		Country	Sweden

	Subject Properties:
		Common Name	UTN-USERFirst-Hardware
		Organization	The USERTRUST Network
		Organizational Unit	http://www.usertrust.com
		Country	United States
		Locality Name	Salt Lake City
		State/Province	UT

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Certificate Authorities / www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	8F 07 93 3F 23 98 60 92 0F 2F D0 B4 BA EB FC 46
		Validity	4/17/1997 - 10/25/2016
		MD5 Hash	ACD80EA27BB72CE700DC22724A5F1E92
		SHA1 Hash	D559A586669B08F46A30A133F8A9ED3D038E2EA8

	Issuer Properties:
		Organization	VeriSign, Inc.
		Organizational Unit	Class 3 Public Primary Certification Authority
		Country	United States

	Subject Properties:
		Organization	VeriSign Trust Network
		Organizational Unit	VeriSign, Inc.
		Organizational Unit	VeriSign International Server CA - Class 3

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Baltimore CyberTrust Root ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	B9 00 00 02
		Validity	5/13/2000 - 5/13/2025
		MD5 Hash	ACB694A59C17E0D791529BB19706A6E4
		SHA1 Hash	D4DE20D05E66FC53FE1A50882C78DB2852CAE474

	Issuer Properties:
		Common Name	Baltimore CyberTrust Root
		Organization	Baltimore
		Organizational Unit	CyberTrust
		Country	Ireland

	Subject Properties:
		Common Name	Baltimore CyberTrust Root
		Organization	Baltimore
		Organizational Unit	CyberTrust
		Country	Ireland

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / CertPlus Class 2 Primary CA ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	23 44 A5 C3 5F D7 94 F6 69 E3 DA D8 F3 4B BD 85 00
		Validity	7/8/1999 - 7/7/2019
		MD5 Hash	882C8C52B8A23CF3F7BB03EAAEAC420B
		SHA1 Hash	74207441729CDD92EC7931D823108DC28192E2BB

	Issuer Properties:
		Common Name	Class 2 Primary CA
		Organization	Certplus
		Country	France

	Subject Properties:
		Common Name	Class 2 Primary CA
		Organization	Certplus
		Country	France

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / DigiCert ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	39 30 F0 1B FC 60 E5 8F FE 46 D8 17 E5 E0 E7 0C
		Validity	11/10/2006 - 11/10/2031
		MD5 Hash	87CE0B7B2A0E4900E158719B37A89372
		SHA1 Hash	0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

	Issuer Properties:
		Common Name	DigiCert Assured ID Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Subject Properties:
		Common Name	DigiCert Assured ID Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / DigiCert ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	4A C7 91 59 C9 6A 75 A1 B1 46 42 90 56 E0 3B 08
		Validity	11/10/2006 - 11/10/2031
		MD5 Hash	79E4A9840D7D3A96D7C04FE2434C892E
		SHA1 Hash	A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436

	Issuer Properties:
		Common Name	DigiCert Global Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Subject Properties:
		Common Name	DigiCert Global Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / DigiCert ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	77 25 46 AE F2 79 0B 8F 9B 40 0B 6A 26 5C AC 02
		Validity	11/10/2006 - 11/10/2031
		MD5 Hash	D474DE575C39B2D39C8583C5C065498A
		SHA1 Hash	5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25

	Issuer Properties:
		Common Name	DigiCert High Assurance EV Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Subject Properties:
		Common Name	DigiCert High Assurance EV Root CA
		Organization	DigiCert Inc
		Organizational Unit	www.digicert.com
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GeoTrust Global CA ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	56 34 02
		Validity	5/21/2002 - 5/21/2022
		MD5 Hash	F775AB29FB514EB7775EFF053C998EF5
		SHA1 Hash	DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212

	Issuer Properties:
		Common Name	GeoTrust Global CA
		Organization	GeoTrust Inc.
		Country	United States

	Subject Properties:
		Common Name	GeoTrust Global CA
		Organization	GeoTrust Inc.
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GeoTrust Primary Certification Authority - G3 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	1F 0F 18 C3 A9 27 F6 41 4B 79 B2 19 94 6E AC 15
		Validity	4/2/2008 - 12/2/2037
		MD5 Hash	B5E83436C910445848706D2E83D4B805
		SHA1 Hash	039EEDB80BE7A03C6953893B20D2D9323A4C2AFD

	Issuer Properties:
		Common Name	GeoTrust Primary Certification Authority - G3
		Organization	GeoTrust Inc.
		Organizational Unit	(c) 2008 GeoTrust Inc. - For authorized use only
		Country	United States

	Subject Properties:
		Common Name	GeoTrust Primary Certification Authority - G3
		Organization	GeoTrust Inc.
		Organizational Unit	(c) 2008 GeoTrust Inc. - For authorized use only
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GeoTrust ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	CF F4 DE 35
		Validity	8/22/1998 - 8/22/2018
		MD5 Hash	67CB9DC013248A829BB2171ED11BECD4
		SHA1 Hash	D23209AD23D314232174E40D7F9D62139786633A

	Issuer Properties:
		Organization	Equifax
		Organizational Unit	Equifax Secure Certificate Authority
		Country	United States

	Subject Properties:
		Organization	Equifax
		Organizational Unit	Equifax Secure Certificate Authority
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GlobalSign ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	94 C3 5A 4B 15 01 00 00 00 00 04
		Validity	9/1/1998 - 1/28/2028
		MD5 Hash	3E455215095192E1B75D379FB187298A
		SHA1 Hash	B1BC968BD4F49D622AA89A81F2150152A41D829C

	Issuer Properties:
		Common Name	GlobalSign Root CA
		Organization	GlobalSign nv-sa
		Organizational Unit	Root CA
		Country	Belgium

	Subject Properties:
		Common Name	GlobalSign Root CA
		Organization	GlobalSign nv-sa
		Organizational Unit	Root CA
		Country	Belgium

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Go Daddy Class 2 Certification Authority ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	00
		Validity	6/30/2004 - 6/30/2034
		MD5 Hash	91DE0625ABDAFD32170CBB25172A8467
		SHA1 Hash	2796BAE63F1801E277261BA0D77770028F20EEE4

	Issuer Properties:
		Organization	The Go Daddy Group, Inc.
		Organizational Unit	Go Daddy Class 2 Certification Authority
		Country	United States

	Subject Properties:
		Organization	The Go Daddy Group, Inc.
		Organizational Unit	Go Daddy Class 2 Certification Authority
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / GTE CyberTrust Global Root ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	A5 01
		Validity	8/13/1998 - 8/14/2018
		MD5 Hash	CA3DD368F1035CD032FAB82B59E85ADB
		SHA1 Hash	97817950D81C9670CC34D809CF794431367EF474

	Issuer Properties:
		Common Name	GTE CyberTrust Global Root
		Organization	GTE Corporation
		Organizational Unit	GTE CyberTrust Solutions, Inc.
		Country	United States

	Subject Properties:
		Common Name	GTE CyberTrust Global Root
		Organization	GTE Corporation
		Organizational Unit	GTE CyberTrust Solutions, Inc.
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Authenticode(tm) Root ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	01
		Validity	1/1/1995 - 1/1/2000
		MD5 Hash	DC6D6FAF897CDD17332FB5BA9035E9CE
		SHA1 Hash	7F88CD7223F3C813818C994614A89C99FA3B5247

	Issuer Properties:
		Common Name	Microsoft Authenticode(tm) Root Authority
		Organization	MSFT
		Country	United States

	Subject Properties:
		Common Name	Microsoft Authenticode(tm) Root Authority
		Organization	MSFT
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Root Authority ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	40 DF EC 63 F6 3E D1 11 88 3C 3C 8B 00 C1 00
		Validity	1/10/1997 - 12/31/2020
		MD5 Hash	2A954ECA79B2874573D92D90BAF99FB6
		SHA1 Hash	A43489159A520F0D93D032CCAF37E7FE20A8B419

	Issuer Properties:
		Common Name	Microsoft Root Authority
		Organizational Unit	Copyright (c) 1997 Microsoft Corp.
		Organizational Unit	Microsoft Corporation

	Subject Properties:
		Common Name	Microsoft Root Authority
		Organizational Unit	Copyright (c) 1997 Microsoft Corp.
		Organizational Unit	Microsoft Corporation

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Root Certificate Authority 2010 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	AA 39 43 6B 58 9B 9A 44 AC 44 BA BF 25 3A CC 28
		Validity	6/24/2010 - 6/24/2035
		MD5 Hash	A266BB7DCC38A562631361BBF61DD11B
		SHA1 Hash	3B1EFD3A66EA28B16697394703A72CA340A05BD5

	Issuer Properties:
		Common Name	Microsoft Root Certificate Authority 2010
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Subject Properties:
		Common Name	Microsoft Root Certificate Authority 2010
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Root Certificate Authority 2011 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	44 E1 42 6C D6 69 B5 43 96 B2 9F FC B5 C8 8B 3F
		Validity	3/23/2011 - 3/23/2036
		MD5 Hash	CE0490D5E56C34A5AE0BE98BE581185D
		SHA1 Hash	8F43288AD272F3103B6FB1428485EA3014C0BCFE

	Issuer Properties:
		Common Name	Microsoft Root Certificate Authority 2011
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Subject Properties:
		Common Name	Microsoft Root Certificate Authority 2011
		Organization	Microsoft Corporation
		Country	United States
		Locality Name	Redmond
		State/Province	Washington

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Root Certificate Authority ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	65 2E 13 07 F4 58 73 4C AD A5 A0 4A A1 16 AD 79
		Validity	5/10/2001 - 5/10/2021
		MD5 Hash	E1C07EA0AABBD4B77B84C228117808A7
		SHA1 Hash	CDD4EEAE6000AC7F40C3802C171E30148030C072

	Issuer Properties:
		Common Name	Microsoft Root Certificate Authority

	Subject Properties:
		Common Name	Microsoft Root Certificate Authority

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Microsoft Timestamp Root ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	01
		Validity	5/13/1997 - 12/31/1999
		MD5 Hash	556EBEF54C1D7C0360C43418BC9649C1
		SHA1 Hash	245C97DF7514E7CF2DF8BE72AE957B9E04741E85

	Issuer Properties:
		Organization	Microsoft Trust Network
		Organizational Unit	Microsoft Corporation
		Organizational Unit	Microsoft Time Stamping Service Root

	Subject Properties:
		Organization	Microsoft Trust Network
		Organizational Unit	Microsoft Corporation
		Organizational Unit	Microsoft Time Stamping Service Root

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Starfield Class 2 Certification Authority ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	00
		Validity	6/30/2004 - 6/30/2034
		MD5 Hash	324A4BBBC863699BBE749AC6DD1D4624
		SHA1 Hash	AD7E1C28B064EF8F6003402014C3D0E3370EB58A

	Issuer Properties:
		Organization	Starfield Technologies, Inc.
		Organizational Unit	Starfield Class 2 Certification Authority
		Country	United States

	Subject Properties:
		Organization	Starfield Technologies, Inc.
		Organizational Unit	Starfield Class 2 Certification Authority
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / thawte Primary Root CA - G3 ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA256 RSA (1.2.840.113549.1.1.11)
		Serial Number	FB 90 F7 2F 4B D6 9A B4 B4 EA A7 46 B7 97 01 60
		Validity	4/2/2008 - 12/2/2037
		MD5 Hash	FB1B5D438A94CD44C676F2434B47E731
		SHA1 Hash	F18B538D1BE903B6A6F056435B171589CAF36BF2

	Issuer Properties:
		Common Name	thawte Primary Root CA - G3
		Organization	thawte, Inc.
		Organizational Unit	Certification Services Division
		Organizational Unit	(c) 2008 thawte, Inc. - For authorized use only
		Country	United States

	Subject Properties:
		Common Name	thawte Primary Root CA - G3
		Organization	thawte, Inc.
		Organizational Unit	Certification Services Division
		Organizational Unit	(c) 2008 thawte, Inc. - For authorized use only
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / Thawte Timestamping CA ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	00
		Validity	1/1/1997 - 1/1/2021
		MD5 Hash	7F667A71D3EB6978209A51149D83DA20
		SHA1 Hash	BE36A4562FB2EE05DBB3D32323ADF445084ED656

	Issuer Properties:
		Common Name	Thawte Timestamping CA
		Organization	Thawte
		Organizational Unit	Thawte Certification
		Country	South Africa
		Locality Name	Durbanville
		State/Province	Western Cape

	Subject Properties:
		Common Name	Thawte Timestamping CA
		Organization	Thawte
		Organizational Unit	Thawte Certification
		Country	South Africa
		Locality Name	Durbanville
		State/Province	Western Cape

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / USERTrust ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	01
		Validity	5/30/2000 - 5/30/2020
		MD5 Hash	1D3554048578B03F42424DBF20730A3F
		SHA1 Hash	02FAF3E291435468607857694DF5E45B68851868

	Issuer Properties:
		Common Name	AddTrust External CA Root
		Organization	AddTrust AB
		Organizational Unit	AddTrust External TTP Network
		Country	Sweden

	Subject Properties:
		Common Name	AddTrust External CA Root
		Organization	AddTrust AB
		Organizational Unit	AddTrust External TTP Network
		Country	Sweden

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / VeriSign Class 3 Public Primary CA ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	MD2 RSA (1.2.840.113549.1.1.2)
		Serial Number	BF BA CC 03 7B CA 38 B6 34 29 D9 10 1D E4 BA 70
		Validity	1/29/1996 - 8/2/2028
		MD5 Hash	10FC635DF6263E0DF325BE5F79CD6767
		SHA1 Hash	742C3192E607E424EB4549542BE1BBC53E6174E2

	Issuer Properties:
		Organization	VeriSign, Inc.
		Organizational Unit	Class 3 Public Primary Certification Authority
		Country	United States

	Subject Properties:
		Organization	VeriSign, Inc.
		Organizational Unit	Class 3 Public Primary Certification Authority
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / VeriSign Time Stamping CA ]

	Certificate Properties:
		Version	V1
		Signature Algorithm	MD5 RSA (1.2.840.113549.1.1.4)
		Serial Number	A3 DC 5D 15 5F 73 5D A5 1C 59 82 8C 38 D2 19 4A
		Validity	5/12/1997 - 1/8/2004
		MD5 Hash	EBB04F1D3A2E372F1DDA6E27D6B680FA
		SHA1 Hash	18F7C1FCC3090203FD5BAA2F861A754976C8DD25

	Issuer Properties:
		Organization	VeriSign Trust Network
		Organizational Unit	VeriSign, Inc.
		Organizational Unit	VeriSign Time Stamping Service Root
		Organizational Unit	NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.

	Subject Properties:
		Organization	VeriSign Trust Network
		Organizational Unit	VeriSign, Inc.
		Organizational Unit	VeriSign Time Stamping Service Root
		Organizational Unit	NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

[ Root Certificates / VeriSign ]

	Certificate Properties:
		Version	V3
		Signature Algorithm	SHA1 RSA (1.2.840.113549.1.1.5)
		Serial Number	4A 3B 6B CC CD 58 21 4A BB E8 7D 26 9E D1 DA 18
		Validity	11/8/2006 - 7/17/2036
		MD5 Hash	CB17E431673EE209FE455793F30AFA1C
		SHA1 Hash	4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5

	Issuer Properties:
		Common Name	VeriSign Class 3 Public Primary Certification Authority - G5
		Organization	VeriSign, Inc.
		Organizational Unit	VeriSign Trust Network
		Organizational Unit	(c) 2006 VeriSign, Inc. - For authorized use only
		Country	United States

	Subject Properties:
		Common Name	VeriSign Class 3 Public Primary Certification Authority - G5
		Organization	VeriSign, Inc.
		Organizational Unit	VeriSign Trust Network
		Organizational Unit	(c) 2006 VeriSign, Inc. - For authorized use only
		Country	United States

	Public Key Properties:
		Public Key Algorithm	RSA (1.2.840.113549.1.1.1)

UpTime


Current Session:
	Last Shutdown Time	10/9/2015 11:26:25 AM
	Last Boot Time	10/10/2015 1:05:37 PM
	Current Time	10/10/2015 1:51:55 PM
	UpTime	2779 sec (0 days, 0 hours, 46 min, 18 sec)

UpTime Statistics:
	First Boot Time	10/7/2015 4:17:33 AM
	First Shutdown Time	10/7/2015 4:17:07 AM
	Total UpTime	23030 sec (0 days, 6 hours, 23 min, 49 sec)
	Total DownTime	270656 sec (3 days, 3 hours, 10 min, 56 sec)
	Longest UpTime	14313 sec (0 days, 3 hours, 58 min, 33 sec)
	Longest DownTime	92352 sec (1 days, 1 hours, 39 min, 12 sec)
	Total Reboots	20
	System Availability	7.84%

Bluescreen Statistics:
	Total Bluescreens	0

Information:
	Information	The above statistics are based on System Event Log entries


Share Name	Type	Remark	Local Path
ADMIN$	Folder	Remote Admin	C:\Windows
C$	Folder	Default share	C:\
E$	Folder	Default share	E:\
F$	Folder	Default share	F:\
IPC$	IPC	Remote IPC

Account Security


Account Security Properties:
	Computer Role	Primary
	Domain Name	huytv-PC
	Primary Domain Controller	Not Specified
	Forced Logoff Time	Disabled
	Min / Max Password Age	0 / 42 days
	Minimum Password Length	0 chars
	Password History Length	Disabled
	Lockout Threshold	Disabled
	Lockout Duration	30 min
	Lockout Observation Window	30 min

Logon


User	Full Name	Logon Server	Logon Domain
huytv		HUYTV-PC	huytv-PC
huytv		HUYTV-PC	huytv-PC

Users


[ Administrator ]

	User Properties:
		User Name	Administrator
		Full Name	Administrator
		Comment	Built-in account for administering the computer/domain
		Member Of Groups	Administrators
		Logon Count	6
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	Yes
		Locked Out User	No
		Home Folder Required	No
		Password Required	Yes
		Read-Only Password	No
		Password Never Expires	Yes

[ Guest ]

	User Properties:
		User Name	Guest
		Full Name	Guest
		Comment	Built-in account for guest access to the computer/domain
		Member Of Groups	Guests
		Logon Count	0
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	Yes
		Locked Out User	No
		Home Folder Required	No
		Password Required	No
		Read-Only Password	Yes
		Password Never Expires	Yes

[ huytv ]

	User Properties:
		User Name	huytv
		Full Name	huytv
		Member Of Groups	Administrators
		Logon Count	20
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	No
		Locked Out User	No
		Home Folder Required	No
		Password Required	No
		Read-Only Password	No
		Password Never Expires	Yes

Local Groups


[ Administrators ]

	Local Group Properties:
		Comment	Administrators have complete and unrestricted access to the computer/domain

	Group Members:
		Administrator
		huytv

[ Backup Operators ]

	Local Group Properties:
		Comment	Backup Operators can override security restrictions for the sole purpose of backing up or restoring files

[ Cryptographic Operators ]

	Local Group Properties:
		Comment	Members are authorized to perform cryptographic operations.

[ Distributed COM Users ]

	Local Group Properties:
		Comment	Members are allowed to launch, activate and use Distributed COM objects on this machine.

[ Event Log Readers ]

	Local Group Properties:
		Comment	Members of this group can read event logs from local machine

[ Guests ]

	Local Group Properties:
		Comment	Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted

	Group Members:
		Guest

[ IIS_IUSRS ]

	Local Group Properties:
		Comment	Built-in group used by Internet Information Services.

	Group Members:
		IUSR

[ Network Configuration Operators ]

	Local Group Properties:
		Comment	Members in this group can have some administrative privileges to manage configuration of networking features

[ Performance Log Users ]

	Local Group Properties:
		Comment	Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer

[ Performance Monitor Users ]

	Local Group Properties:
		Comment	Members of this group can access performance counter data locally and remotely

[ Power Users ]

	Local Group Properties:
		Comment	Power Users are included for backwards compatibility and possess limited administrative powers

[ Remote Desktop Users ]

	Local Group Properties:
		Comment	Members in this group are granted the right to logon remotely

[ Replicator ]

	Local Group Properties:
		Comment	Supports file replication in a domain

[ Users ]

	Local Group Properties:
		Comment	Users are prevented from making accidental or intentional system-wide changes and can run most applications

	Group Members:
		Authenticated Users
		INTERACTIVE

Global Groups


[ None ]

	Global Group Properties:
		Comment	Ordinary users

	Group Members:
		Administrator
		Guest
		huytv

Windows Video


[ NVIDIA GeForce GT 520M ]

	Video Adapter Properties:
		Device Description	NVIDIA GeForce GT 520M
		Adapter String	GeForce GT 520M
		BIOS String	Version 75.19.11.0.14
		Chip Type	GeForce GT 520M
		DAC Type	Integrated RAMDAC
		Driver Date	5/11/2015
		Driver Version	9.18.13.5286 - nVIDIA ForceWare 352.86
		Driver Provider	NVIDIA
		Memory Size	1 GB

	Installed Drivers:
		nvd3dumx	9.18.13.5286
		nvwgf2umx	9.18.13.5286
		nvwgf2umx	9.18.13.5286
		nvd3dum	9.18.13.5286 - nVIDIA ForceWare 352.86
		nvwgf2um	9.18.13.5286
		nvwgf2um	9.18.13.5286

	Video Adapter Manufacturer:
		Company Name	NVIDIA Corporation
		Product Information	http://www.nvidia.com/page/products.html
		Driver Download	http://www.nvidia.com/content/drivers/drivers.asp
		Driver Update	http://www.aida64.com/driver-updates

[ NVIDIA GeForce GT 520M ]

	Video Adapter Properties:
		Device Description	NVIDIA GeForce GT 520M
		Adapter String	GeForce GT 520M
		BIOS String	Version 75.19.11.0.14
		Chip Type	GeForce GT 520M
		DAC Type	Integrated RAMDAC
		Driver Date	5/11/2015
		Driver Version	9.18.13.5286 - nVIDIA ForceWare 352.86
		Driver Provider	NVIDIA
		Memory Size	1 GB

	Installed Drivers:
		nvd3dumx	9.18.13.5286
		nvwgf2umx	9.18.13.5286
		nvwgf2umx	9.18.13.5286
		nvd3dum	9.18.13.5286 - nVIDIA ForceWare 352.86
		nvwgf2um	9.18.13.5286
		nvwgf2um	9.18.13.5286

	Video Adapter Manufacturer:
		Company Name	NVIDIA Corporation
		Product Information	http://www.nvidia.com/page/products.html
		Driver Download	http://www.nvidia.com/content/drivers/drivers.asp
		Driver Update	http://www.aida64.com/driver-updates

PCI / AGP Video


		Device Description	Device Type
		nVIDIA GeForce GT 520M	Video Adapter
		nVIDIA GeForce GT 520M	3D Accelerator

GPU


[ PCI Express 2.0 x16: nVIDIA GeForce GT 520M (Asus) ]

	Graphics Processor Properties:
		Video Adapter	nVIDIA GeForce GT 520M (Asus)
		GPU Code Name	GF119M
		PCI Device	10DE-1050 / 1043-1742 (Rev A1)
		Process Technology	40 nm
		Die Size	79 mm2
		Bus Type	PCI Express 2.0 x16 @ 2.0 x16
		Memory Size	1 GB
		GPU Clock (Geometric Domain)	740 MHz
		GPU Clock (Shader Domain)	1480 MHz
		RAMDAC Clock	400 MHz
		Pixel Pipelines	4
		Texture Mapping Units	8
		Unified Shaders	48 (v5.0)
		DirectX Hardware Support	DirectX v11
		WDDM Version	WDDM 1.1

	Memory Bus Properties:
		Bus Type	DDR3
		Bus Width	64-bit
		Real Clock	800 MHz (DDR)
		Effective Clock	1600 MHz
		Bandwidth	12.5 GB/s

	Architecture:
		Architecture	nVIDIA Fermi
		Streaming Multiprocessors (SM)	1
		L1 Cache / Local Data Share	64 KB per multiprocessor
		L1 Texture Cache	12 KB per multiprocessor
		L2 Cache	64 KB

	Theoretical Peak Performance:
		Pixel Fillrate	2960 MPixel/s @ 740 MHz
		Texel Fillrate	5920 MTexel/s @ 740 MHz
		Single-Precision FLOPS	142.1 GFLOPS @ 1480 MHz
		Double-Precision FLOPS	11.8 GFLOPS @ 1480 MHz
		24-bit Integer IOPS	47.4 GIOPS @ 1480 MHz
		32-bit Integer IOPS	47.4 GIOPS @ 1480 MHz

	Utilization:
		GPU	1%
		Memory Controller	4%
		Video Engine	0%
		Dedicated Memory	46 MB
		Dynamic Memory	13 MB

	nVIDIA ForceWare Clocks:
		2D	GPU: 270 MHz, Shader: 540 MHz, Memory: 405 MHz
		3D	GPU: 740 MHz, Shader: 1480 MHz, Memory: 800 MHz

	Graphics Processor Manufacturer:
		Company Name	NVIDIA Corporation
		Product Information	http://www.nvidia.com/page/products.html
		Driver Download	http://www.nvidia.com/content/drivers/drivers.asp
		Driver Update	http://www.aida64.com/driver-updates

	nVIDIA GPU Registers:
		nv-000000	0D9100A1
		nv-0010F0	00000000
		nv-001218	00000000
		nv-001538	80000200
		nv-001540	00000000
		nv-0015F4	00000000
		nv-0015F8	00000000
		nv-0015FC	00000000
		nv-001600	00000000
		nv-001704	8003FFC1
		nv-001714	C003FFC2
		nv-001850	00000000
		nv-004000	BADF1100
		nv-004004	BADF1100
		nv-004008	BADF1100
		nv-00400C	BADF1100
		nv-004018	BADF1100
		nv-00401C	BADF1100
		nv-004020	BADF1100
		nv-004024	BADF1100
		nv-004028	BADF1100
		nv-00402C	BADF1100
		nv-004120	BADF1100
		nv-004124	BADF1100
		nv-004128	BADF1100
		nv-004200	BADF1100
		nv-004220	BADF1100
		nv-00C040	BADF1100
		nv-00E114	0000021C
		nv-00E118	0000021C
		nv-00E11C	00000001
		nv-00E120	03000000
		nv-00E728	00000000
		nv-00E820	01030005
		nv-00E8A0	00000000
		nv-020008	C0083717
		nv-020014	05DE03A4
		nv-020400	00000033
		nv-022430	00000001
		nv-022434	00000001
		nv-022438	00000001
		nv-02243C	00000001
		nv-022440	00000004
		nv-022540	00000000
		nv-022544	00000000
		nv-022548	00000000
		nv-022550	00000000
		nv-022554	00000000
		nv-088000	105010DE
		nv-08A000	0E0810DE
		nv-100000	BADF1100
		nv-100200	BADF1100
		nv-10020C	BADF1100
		nv-100214	BADF1100
		nv-100474	BADF1100
		nv-100714	00000404
		nv-100914	BADF1000
		nv-101000	9F588094
		nv-10100C	86013010
		nv-10F20C	00000400
		nv-10F290	0B388027
		nv-10F294	4CB2C40B
		nv-10F590	00000801
		nv-121C70	00000001
		nv-121C74	00000001
		nv-121C78	00000001
		nv-13C78C	BADF1100
		nv-17E924	E3000EFF
		nv-300000	5F27DD80
		nv-310000	5F27DD80
		nv-419E9C	00000330
		nv-700000	DAB2B35D
		nv-7E0000	EB75AA55

[ nVIDIA SLI ]

	nVIDIA SLI:
		SLI Status	Disabled

Monitor


[ CMI BT140GW01V9 ]

	Monitor Properties:
		Monitor Name	CMI BT140GW01V9
		Monitor ID	CMI001B
		Manufacturer	CMI
		Model	BT140GW01V9
		Monitor Type	14" LCD (WXGA)
		Manufacture Date	2010
		Serial Number	None
		Max. Visible Display Size	309 mm x 174 mm (14.0")
		Picture Aspect Ratio	16:9
		Maximum Resolution	1366 x 768
		Gamma	2.20
		DPMS Mode Support	None

	Supported Video Modes:
		1366 x 768	Pixel Clock: 71.00 MHz

[ Dell UltraSharp U2412M (Analog) ]

	Monitor Properties:
		Monitor Name	Dell UltraSharp U2412M (Analog)
		Monitor ID	DELA079
		Model	DELL U2412M
		Monitor Type	24" LCD (WUXGA)
		Manufacture Date	Week 44 / 2014
		Serial Number	9W5YH4AU140S
		Max. Visible Display Size	518 mm x 324 mm (24.1")
		Picture Aspect Ratio	16:10
		Brightness	300 cd/m2
		Contrast Ratio	1000:1
		Viewing Angles	178/178°
		Input Connectors	DSub, DVI-D, DisplayPort
		Horizontal Frequency	30 - 83 kHz
		Vertical Frequency	50 - 61 Hz
		Maximum Pixel Clock	170 MHz
		Maximum Resolution	1920 x 1200
		Gamma	2.20
		DPMS Mode Support	Standby, Suspend, Active-Off

	Supported Video Modes:
		640 x 480	60 Hz
		720 x 400	70 Hz
		800 x 600	60 Hz
		1024 x 768	60 Hz
		1280 x 960	60 Hz
		1280 x 1024	60 Hz
		1600 x 1200	60 Hz
		1680 x 1050	60 Hz
		1920 x 1080	60 Hz
		1920 x 1200	Pixel Clock: 154.00 MHz

	Monitor Manufacturer:
		Company Name	Dell Computer Corporation
		Product Information	http://accessories.us.dell.com/sna/category.aspx?c=us&category_id=4009&cs=19&l=en&s=dhs
		Driver Download	http://support.dell.com/support/topics/global.aspx/support/product_support/en/monitor_download?c=us&cs=04&l=en&s=bsd
		Driver Update	http://www.aida64.com/driver-updates

Desktop


Desktop Properties:
	Device Technology	Raster Display
	Resolution	1280 x 768
	Color Depth	32-bit
	Color Planes	1
	Font Resolution	96 dpi
	Pixel Width / Height	36 / 36
	Pixel Diagonal	51
	Vertical Refresh Rate	60 Hz
	Desktop Wallpaper	C:\Users\huytv\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

Desktop Effects:
	Combo-Box Animation	Enabled
	Drop Shadow Effect	Enabled
	Flat Menu Effect	Enabled
	Font Smoothing	Enabled
	ClearType	Enabled
	Full Window Dragging	Enabled
	Gradient Window Title Bars	Enabled
	Hide Menu Access Keys	Enabled
	Hot Tracking Effect	Enabled
	Icon Title Wrapping	Enabled
	List-Box Smooth Scrolling	Enabled
	Menu Animation	Enabled
	Menu Fade Effect	Enabled
	Minimize/Restore Animation	Enabled
	Mouse Cursor Shadow	Enabled
	Selection Fade Effect	Enabled
	ShowSounds Accessibility Feature	Disabled
	ToolTip Animation	Enabled
	ToolTip Fade Effect	Enabled
	Windows Aero	Disabled
	Windows Plus! Extension	Disabled

Multi-Monitor


Device ID	Primary	Upper Left Corner	Bottom Right Corner
\\.\DISPLAY1	Yes	(0,0)	(1280,768)

Video Modes


Resolution	Color Depth	Refresh Rate
640 x 480	8-bit	60 Hz
640 x 480	16-bit	60 Hz
640 x 480	32-bit	60 Hz
720 x 480	8-bit	60 Hz
720 x 480	8-bit	60 Hz
720 x 480	8-bit	60 Hz
720 x 480	16-bit	60 Hz
720 x 480	16-bit	60 Hz
720 x 480	16-bit	60 Hz
720 x 480	32-bit	60 Hz
720 x 480	32-bit	60 Hz
720 x 480	32-bit	60 Hz
720 x 576	8-bit	60 Hz
720 x 576	8-bit	60 Hz
720 x 576	8-bit	60 Hz
720 x 576	16-bit	60 Hz
720 x 576	16-bit	60 Hz
720 x 576	16-bit	60 Hz
720 x 576	32-bit	60 Hz
720 x 576	32-bit	60 Hz
720 x 576	32-bit	60 Hz
800 x 600	8-bit	60 Hz
800 x 600	16-bit	60 Hz
800 x 600	32-bit	60 Hz
1024 x 768	8-bit	60 Hz
1024 x 768	16-bit	60 Hz
1024 x 768	32-bit	60 Hz
1280 x 720	8-bit	60 Hz
1280 x 720	8-bit	60 Hz
1280 x 720	8-bit	60 Hz
1280 x 720	16-bit	60 Hz
1280 x 720	16-bit	60 Hz
1280 x 720	16-bit	60 Hz
1280 x 720	32-bit	60 Hz
1280 x 720	32-bit	60 Hz
1280 x 720	32-bit	60 Hz
1280 x 768	8-bit	60 Hz
1280 x 768	8-bit	60 Hz
1280 x 768	8-bit	60 Hz
1280 x 768	16-bit	60 Hz
1280 x 768	16-bit	60 Hz
1280 x 768	16-bit	60 Hz
1280 x 768	32-bit	60 Hz
1280 x 768	32-bit	60 Hz
1280 x 768	32-bit	60 Hz
1360 x 768	8-bit	60 Hz
1360 x 768	8-bit	60 Hz
1360 x 768	8-bit	60 Hz
1360 x 768	16-bit	60 Hz
1360 x 768	16-bit	60 Hz
1360 x 768	16-bit	60 Hz
1360 x 768	32-bit	60 Hz
1360 x 768	32-bit	60 Hz
1360 x 768	32-bit	60 Hz
1366 x 768	8-bit	60 Hz
1366 x 768	8-bit	60 Hz
1366 x 768	8-bit	60 Hz
1366 x 768	16-bit	60 Hz
1366 x 768	16-bit	60 Hz
1366 x 768	16-bit	60 Hz
1366 x 768	32-bit	60 Hz
1366 x 768	32-bit	60 Hz
1366 x 768	32-bit	60 Hz

OpenGL


OpenGL Properties:
	Vendor	NVIDIA Corporation
	Renderer	GeForce GT 520M/PCIe/SSE2
	Version	4.5.0 NVIDIA 352.86
	Shading Language Version	4.50 NVIDIA
	OpenGL DLL	6.1.7600.16385(win7_rtm.090713-1255)
	Multitexture Texture Units	4
	Occlusion Query Counter Bits	32
	Sub-Pixel Precision	8-bit
	Max Viewport Size	16384 x 16384
	Max Cube Map Texture Size	16384 x 16384
	Max Rectangle Texture Size	16384 x 16384
	Max 3D Texture Size	2048 x 2048 x 2048
	Max Anisotropy	16
	Max Clipping Planes	8
	Max Display-List Nesting Level	64
	Max Draw Buffers	8
	Max Evaluator Order	8
	Max General Register Combiners	8
	Max Light Sources	8
	Max Pixel Map Table Size	65536
	Min / Max Program Texel Offset	-8 / 7
	Max Texture Array Layers	2048
	Max Texture LOD Bias	15
	Max Vertex Array Range Element Size	1048575

OpenGL Compliancy:
	OpenGL 1.1	Yes (100%)
	OpenGL 1.2	Yes (100%)
	OpenGL 1.3	Yes (100%)
	OpenGL 1.4	Yes (100%)
	OpenGL 1.5	Yes (100%)
	OpenGL 2.0	Yes (100%)
	OpenGL 2.1	Yes (100%)
	OpenGL 3.0	Yes (100%)
	OpenGL 3.1	Yes (100%)
	OpenGL 3.2	Yes (100%)
	OpenGL 3.3	Yes (100%)
	OpenGL 4.0	Yes (100%)
	OpenGL 4.1	Yes (100%)
	OpenGL 4.2	Yes (100%)
	OpenGL 4.3	Yes (100%)
	OpenGL 4.4	Yes (100%)
	OpenGL 4.5	Yes (100%)

Max Stack Depth:
	Attribute Stack	16
	Client Attribute Stack	16
	Modelview Matrix Stack	32
	Name Stack	128
	Projection Matrix Stack	4
	Texture Matrix Stack	10

Draw Range Elements:
	Max Index Count	1048576
	Max Vertex Count	1048576

Extended Lighting Parameters:
	Max Shininess	128
	Max Spot Exponent	128

Transform Feedback:
	Max Interleaved Components	128
	Max Separate Attributes	4
	Max Separate Components	4

Framebuffer Object:
	Max Color Attachments	8
	Max Render Buffer Size	16384 x 16384

Imaging:
	Max Color Matrix Stack Depth	2
	Max Convolution Width / Height	11 / 11

Vertex Shader:
	Max Uniform Vertex Components	4096
	Max Varying Floats	124
	Max Vertex Texture Image Units	32
	Max Combined Texture Image Units	192

Geometry Shader:
	Max Geometry Texture Units	32
	Max Varying Components	124
	Max Geometry Varying Components	124
	Max Vertex Varying Components	124
	Max Geometry Uniform Components	2048
	Max Geometry Output Vertices	1024
	Max Geometry Total Output Components	1024

Fragment Shader:
	Max Uniform Fragment Components	2048

Vertex Program:
	Max Local Parameters	1024
	Max Environment Parameters	256
	Max Program Matrices	8
	Max Program Matrix Stack Depth	1
	Max Tracking Matrices	8
	Max Tracking Matrix Stack Depth	1
	Max Vertex Attributes	16
	Max Instructions	16384
	Max Native Instructions	16384
	Max Temporaries	4096
	Max Native Temporaries	4096
	Max Parameters	1024
	Max Native Parameters	1024
	Max Attributes	16
	Max Native Attributes	16
	Max Address Registers	2
	Max Native Address Registers	2

Fragment Program:
	Max Local Parameters	512
	Max Environment Parameters	256
	Max Texture Coordinates	8
	Max Texture Image Units	32
	Max Instructions	16384
	Max Native Instructions	16384
	Max Temporaries	4096
	Max Native Temporaries	4096
	Max Parameters	1024
	Max Native Parameters	1024
	Max Attributes	16
	Max Native Attributes	16
	Max Address Registers	1
	Max Native Address Registers	1
	Max ALU Instructions	16384
	Max Native ALU Instructions	16384
	Max Texture Instructions	16384
	Max Native Texture Instructions	16384
	Max Texture Indirections	16384
	Max Native Texture Indirections	16384
	Max Execution Instructions	16777216
	Max Call Stack Depth	32
	Max If Statement Depth	64
	Max Loop Depth	64
	Max Loop Count	16777216

OpenGL Extensions:
	Total / Supported Extensions	1008 / 337
	GL_3DFX_multisample	Not Supported
	GL_3DFX_tbuffer	Not Supported
	GL_3DFX_texture_compression_FXT1	Not Supported
	GL_3DL_direct_texture_access2	Not Supported
	GL_3Dlabs_multisample_transparency_id	Not Supported
	GL_3Dlabs_multisample_transparency_range	Not Supported
	GL_AMD_blend_minmax_factor	Not Supported
	GL_AMD_compressed_3DC_texture	Not Supported
	GL_AMD_compressed_ATC_texture	Not Supported
	GL_AMD_conservative_depth	Not Supported
	GL_AMD_debug_output	Not Supported
	GL_AMD_depth_clamp_separate	Not Supported
	GL_AMD_draw_buffers_blend	Not Supported
	GL_AMD_framebuffer_sample_positions	Not Supported
	GL_AMD_gcn_shader	Not Supported
	GL_AMD_gpu_shader_half_float	Not Supported
	GL_AMD_gpu_shader_half_float2	Not Supported
	GL_AMD_gpu_shader_int64	Not Supported
	GL_AMD_interleaved_elements	Not Supported
	GL_AMD_multi_draw_indirect	Supported
	GL_AMD_name_gen_delete	Not Supported
	GL_AMD_occlusion_query_event	Not Supported
	GL_AMD_performance_monitor	Not Supported
	GL_AMD_pinned_memory	Not Supported
	GL_AMD_program_binary_Z400	Not Supported
	GL_AMD_query_buffer_object	Not Supported
	GL_AMD_sample_positions	Not Supported
	GL_AMD_seamless_cubemap_per_texture	Not Supported
	GL_AMD_shader_atomic_counter_ops	Not Supported
	GL_AMD_shader_stencil_export	Not Supported
	GL_AMD_shader_stencil_value_export	Not Supported
	GL_AMD_shader_trace	Not Supported
	GL_AMD_shader_trinary_minmax	Not Supported
	GL_AMD_sparse_texture	Not Supported
	GL_AMD_sparse_texture_pool	Not Supported
	GL_AMD_stencil_operation_extended	Not Supported
	GL_AMD_texture_compression_dxt6	Not Supported
	GL_AMD_texture_compression_dxt7	Not Supported
	GL_AMD_texture_cube_map_array	Not Supported
	GL_AMD_texture_texture4	Not Supported
	GL_AMD_texture_tile_pool	Not Supported
	GL_AMD_transform_feedback3_lines_triangles	Not Supported
	GL_AMD_transform_feedback4	Not Supported
	GL_AMD_vertex_shader_layer	Not Supported
	GL_AMD_vertex_shader_tessellator	Not Supported
	GL_AMD_vertex_shader_viewport_index	Not Supported
	GL_AMDX_debug_output	Not Supported
	GL_AMDX_name_gen_delete	Not Supported
	GL_AMDX_random_access_target	Not Supported
	GL_AMDX_vertex_shader_tessellator	Not Supported
	GL_ANDROID_extension_pack_es31a	Not Supported
	GL_ANGLE_depth_texture	Not Supported
	GL_ANGLE_framebuffer_blit	Not Supported
	GL_ANGLE_framebuffer_multisample	Not Supported
	GL_ANGLE_instanced_arrays	Not Supported
	GL_ANGLE_pack_reverse_row_order	Not Supported
	GL_ANGLE_program_binary	Not Supported
	GL_ANGLE_texture_compression_dxt1	Not Supported
	GL_ANGLE_texture_compression_dxt3	Not Supported
	GL_ANGLE_texture_compression_dxt5	Not Supported
	GL_ANGLE_texture_usage	Not Supported
	GL_ANGLE_translated_shader_source	Not Supported
	GL_APPLE_aux_depth_stencil	Not Supported
	GL_APPLE_client_storage	Not Supported
	GL_APPLE_copy_texture_levels	Not Supported
	GL_APPLE_element_array	Not Supported
	GL_APPLE_fence	Not Supported
	GL_APPLE_float_pixels	Not Supported
	GL_APPLE_flush_buffer_range	Not Supported
	GL_APPLE_flush_render	Not Supported
	GL_APPLE_framebuffer_multisample	Not Supported
	GL_APPLE_object_purgeable	Not Supported
	GL_APPLE_packed_pixel	Not Supported
	GL_APPLE_packed_pixels	Not Supported
	GL_APPLE_pixel_buffer	Not Supported
	GL_APPLE_rgb_422	Not Supported
	GL_APPLE_row_bytes	Not Supported
	GL_APPLE_specular_vector	Not Supported
	GL_APPLE_sync	Not Supported
	GL_APPLE_texture_2D_limited_npot	Not Supported
	GL_APPLE_texture_format_BGRA8888	Not Supported
	GL_APPLE_texture_max_level	Not Supported
	GL_APPLE_texture_range	Not Supported
	GL_APPLE_transform_hint	Not Supported
	GL_APPLE_vertex_array_object	Not Supported
	GL_APPLE_vertex_array_range	Not Supported
	GL_APPLE_vertex_point_size	Not Supported
	GL_APPLE_vertex_program_evaluators	Not Supported
	GL_APPLE_ycbcr_422	Not Supported
	GL_ARB_arrays_of_arrays	Supported
	GL_ARB_base_instance	Supported
	GL_ARB_bindless_texture	Not Supported
	GL_ARB_blend_func_extended	Supported
	GL_ARB_buffer_storage	Supported
	GL_ARB_cl_event	Not Supported
	GL_ARB_clear_buffer_object	Supported
	GL_ARB_clear_texture	Supported
	GL_ARB_clip_control	Supported
	GL_ARB_color_buffer_float	Supported
	GL_ARB_compatibility	Supported
	GL_ARB_compressed_texture_pixel_storage	Supported
	GL_ARB_compute_shader	Supported
	GL_ARB_compute_variable_group_size	Supported
	GL_ARB_conditional_render_inverted	Supported
	GL_ARB_conservative_depth	Supported
	GL_ARB_context_flush_control	Not Supported
	GL_ARB_copy_buffer	Supported
	GL_ARB_copy_image	Supported
	GL_ARB_cull_distance	Supported
	GL_ARB_debug_group	Not Supported
	GL_ARB_debug_label	Not Supported
	GL_ARB_debug_output	Supported
	GL_ARB_debug_output2	Not Supported
	GL_ARB_depth_buffer_float	Supported
	GL_ARB_depth_clamp	Supported
	GL_ARB_depth_texture	Supported
	GL_ARB_derivative_control	Supported
	GL_ARB_direct_state_access	Supported
	GL_ARB_draw_buffers	Supported
	GL_ARB_draw_buffers_blend	Supported
	GL_ARB_draw_elements_base_vertex	Supported
	GL_ARB_draw_indirect	Supported
	GL_ARB_draw_instanced	Supported
	GL_ARB_enhanced_layouts	Supported
	GL_ARB_ES2_compatibility	Supported
	GL_ARB_ES3_1_compatibility	Supported
	GL_ARB_ES3_compatibility	Supported
	GL_ARB_explicit_attrib_location	Supported
	GL_ARB_explicit_uniform_location	Supported
	GL_ARB_fragment_coord_conventions	Supported
	GL_ARB_fragment_layer_viewport	Supported
	GL_ARB_fragment_program	Supported
	GL_ARB_fragment_program_shadow	Supported
	GL_ARB_fragment_shader	Supported
	GL_ARB_fragment_shader_interlock	Not Supported
	GL_ARB_framebuffer_no_attachments	Supported
	GL_ARB_framebuffer_object	Supported
	GL_ARB_framebuffer_sRGB	Supported
	GL_ARB_geometry_shader4	Supported
	GL_ARB_get_program_binary	Supported
	GL_ARB_get_texture_sub_image	Supported
	GL_ARB_gpu_shader_fp64	Supported
	GL_ARB_gpu_shader5	Supported
	GL_ARB_half_float_pixel	Supported
	GL_ARB_half_float_vertex	Supported
	GL_ARB_imaging	Supported
	GL_ARB_indirect_parameters	Supported
	GL_ARB_instanced_arrays	Supported
	GL_ARB_internalformat_query	Supported
	GL_ARB_internalformat_query2	Supported
	GL_ARB_invalidate_subdata	Supported
	GL_ARB_make_current_read	Not Supported
	GL_ARB_map_buffer_alignment	Supported
	GL_ARB_map_buffer_range	Supported
	GL_ARB_matrix_palette	Not Supported
	GL_ARB_multi_bind	Supported
	GL_ARB_multi_draw_indirect	Supported
	GL_ARB_multisample	Supported
	GL_ARB_multitexture	Supported
	GL_ARB_occlusion_query	Supported
	GL_ARB_occlusion_query2	Supported
	GL_ARB_pipeline_statistics_query	Supported
	GL_ARB_pixel_buffer_object	Supported
	GL_ARB_point_parameters	Supported
	GL_ARB_point_sprite	Supported
	GL_ARB_program_interface_query	Supported
	GL_ARB_provoking_vertex	Supported
	GL_ARB_query_buffer_object	Supported
	GL_ARB_robust_buffer_access_behavior	Supported
	GL_ARB_robustness	Supported
	GL_ARB_robustness_isolation	Not Supported
	GL_ARB_sample_shading	Supported
	GL_ARB_sampler_objects	Supported
	GL_ARB_seamless_cube_map	Supported
	GL_ARB_seamless_cubemap_per_texture	Not Supported
	GL_ARB_separate_shader_objects	Supported
	GL_ARB_shader_atomic_counters	Supported
	GL_ARB_shader_bit_encoding	Supported
	GL_ARB_shader_draw_parameters	Supported
	GL_ARB_shader_group_vote	Supported
	GL_ARB_shader_image_load_store	Supported
	GL_ARB_shader_image_size	Supported
	GL_ARB_shader_objects	Supported
	GL_ARB_shader_precision	Supported
	GL_ARB_shader_stencil_export	Not Supported
	GL_ARB_shader_storage_buffer_object	Supported
	GL_ARB_shader_subroutine	Supported
	GL_ARB_shader_texture_image_samples	Supported
	GL_ARB_shader_texture_lod	Supported
	GL_ARB_shading_language_100	Supported
	GL_ARB_shading_language_120	Not Supported
	GL_ARB_shading_language_420pack	Supported
	GL_ARB_shading_language_include	Supported
	GL_ARB_shading_language_packing	Supported
	GL_ARB_shadow	Supported
	GL_ARB_shadow_ambient	Not Supported
	GL_ARB_sparse_buffer	Supported
	GL_ARB_sparse_texture	Supported
	GL_ARB_stencil_texturing	Supported
	GL_ARB_swap_buffers	Not Supported
	GL_ARB_sync	Supported
	GL_ARB_tessellation_shader	Supported
	GL_ARB_texture_barrier	Supported
	GL_ARB_texture_border_clamp	Supported
	GL_ARB_texture_buffer_object	Supported
	GL_ARB_texture_buffer_object_rgb32	Supported
	GL_ARB_texture_buffer_range	Supported
	GL_ARB_texture_compression	Supported
	GL_ARB_texture_compression_bptc	Supported
	GL_ARB_texture_compression_rgtc	Supported
	GL_ARB_texture_compression_rtgc	Not Supported
	GL_ARB_texture_cube_map	Supported
	GL_ARB_texture_cube_map_array	Supported
	GL_ARB_texture_env_add	Supported
	GL_ARB_texture_env_combine	Supported
	GL_ARB_texture_env_crossbar	Supported
	GL_ARB_texture_env_dot3	Supported
	GL_ARB_texture_float	Supported
	GL_ARB_texture_gather	Supported
	GL_ARB_texture_mirror_clamp_to_edge	Supported
	GL_ARB_texture_mirrored_repeat	Supported
	GL_ARB_texture_multisample	Supported
	GL_ARB_texture_non_power_of_two	Supported
	GL_ARB_texture_query_levels	Supported
	GL_ARB_texture_query_lod	Supported
	GL_ARB_texture_rectangle	Supported
	GL_ARB_texture_rg	Supported
	GL_ARB_texture_rgb10_a2ui	Supported
	GL_ARB_texture_snorm	Not Supported
	GL_ARB_texture_stencil8	Supported
	GL_ARB_texture_storage	Supported
	GL_ARB_texture_storage_multisample	Supported
	GL_ARB_texture_swizzle	Supported
	GL_ARB_texture_view	Supported
	GL_ARB_timer_query	Supported
	GL_ARB_transform_feedback_instanced	Supported
	GL_ARB_transform_feedback_overflow_query	Supported
	GL_ARB_transform_feedback2	Supported
	GL_ARB_transform_feedback3	Supported
	GL_ARB_transpose_matrix	Supported
	GL_ARB_uber_buffers	Not Supported
	GL_ARB_uber_mem_image	Not Supported
	GL_ARB_uber_vertex_array	Not Supported
	GL_ARB_uniform_buffer_object	Supported
	GL_ARB_vertex_array_bgra	Supported
	GL_ARB_vertex_array_object	Supported
	GL_ARB_vertex_attrib_64bit	Supported
	GL_ARB_vertex_attrib_binding	Supported
	GL_ARB_vertex_blend	Not Supported
	GL_ARB_vertex_buffer_object	Supported
	GL_ARB_vertex_program	Supported
	GL_ARB_vertex_shader	Supported
	GL_ARB_vertex_type_10f_11f_11f_rev	Supported
	GL_ARB_vertex_type_2_10_10_10_rev	Supported
	GL_ARB_viewport_array	Supported
	GL_ARB_window_pos	Supported
	GL_ARM_mali_program_binary	Not Supported
	GL_ARM_mali_shader_binary	Not Supported
	GL_ARM_rgba8	Not Supported
	GL_ARM_shader_framebuffer_fetch	Not Supported
	GL_ARM_shader_framebuffer_fetch_depth_stencil	Not Supported
	GL_ATI_array_rev_comps_in_4_bytes	Not Supported
	GL_ATI_blend_equation_separate	Not Supported
	GL_ATI_blend_weighted_minmax	Not Supported
	GL_ATI_draw_buffers	Supported
	GL_ATI_element_array	Not Supported
	GL_ATI_envmap_bumpmap	Not Supported
	GL_ATI_fragment_shader	Not Supported
	GL_ATI_lock_texture	Not Supported
	GL_ATI_map_object_buffer	Not Supported
	GL_ATI_meminfo	Not Supported
	GL_ATI_pixel_format_float	Not Supported
	GL_ATI_pn_triangles	Not Supported
	GL_ATI_point_cull_mode	Not Supported
	GL_ATI_separate_stencil	Not Supported
	GL_ATI_shader_texture_lod	Not Supported
	GL_ATI_text_fragment_shader	Not Supported
	GL_ATI_texture_compression_3dc	Not Supported
	GL_ATI_texture_env_combine3	Not Supported
	GL_ATI_texture_float	Supported
	GL_ATI_texture_mirror_once	Supported
	GL_ATI_vertex_array_object	Not Supported
	GL_ATI_vertex_attrib_array_object	Not Supported
	GL_ATI_vertex_blend	Not Supported
	GL_ATI_vertex_shader	Not Supported
	GL_ATI_vertex_streams	Not Supported
	GL_ATIX_pn_triangles	Not Supported
	GL_ATIX_texture_env_combine3	Not Supported
	GL_ATIX_texture_env_route	Not Supported
	GL_ATIX_vertex_shader_output_point_size	Not Supported
	GL_Autodesk_facet_normal	Not Supported
	GL_Autodesk_valid_back_buffer_hint	Not Supported
	GL_CR_bounding_box	Not Supported
	GL_CR_cursor_position	Not Supported
	GL_CR_head_spu_name	Not Supported
	GL_CR_performance_info	Not Supported
	GL_CR_print_string	Not Supported
	GL_CR_readback_barrier_size	Not Supported
	GL_CR_saveframe	Not Supported
	GL_CR_server_id_sharing	Not Supported
	GL_CR_server_matrix	Not Supported
	GL_CR_state_parameter	Not Supported
	GL_CR_synchronization	Not Supported
	GL_CR_tile_info	Not Supported
	GL_CR_tilesort_info	Not Supported
	GL_CR_window_size	Not Supported
	GL_DIMD_YUV	Not Supported
	GL_DMP_shader_binary	Not Supported
	GL_EXT_422_pixels	Not Supported
	GL_EXT_abgr	Supported
	GL_EXT_bgra	Supported
	GL_EXT_bindable_uniform	Supported
	GL_EXT_blend_color	Supported
	GL_EXT_blend_equation_separate	Supported
	GL_EXT_blend_func_separate	Supported
	GL_EXT_blend_logic_op	Not Supported
	GL_EXT_blend_minmax	Supported
	GL_EXT_blend_subtract	Supported
	GL_EXT_Cg_shader	Supported
	GL_EXT_clip_control	Not Supported
	GL_EXT_clip_volume_hint	Not Supported
	GL_EXT_cmyka	Not Supported
	GL_EXT_color_buffer_float	Not Supported
	GL_EXT_color_buffer_half_float	Not Supported
	GL_EXT_color_matrix	Not Supported
	GL_EXT_color_subtable	Not Supported
	GL_EXT_color_table	Not Supported
	GL_EXT_compiled_vertex_array	Supported
	GL_EXT_convolution	Not Supported
	GL_EXT_convolution_border_modes	Not Supported
	GL_EXT_coordinate_frame	Not Supported
	GL_EXT_copy_buffer	Not Supported
	GL_EXT_copy_image	Not Supported
	GL_EXT_copy_texture	Not Supported
	GL_EXT_cull_vertex	Not Supported
	GL_EXT_debug_label	Not Supported
	GL_EXT_debug_marker	Not Supported
	GL_EXT_depth_bounds_test	Supported
	GL_EXT_depth_buffer_float	Not Supported
	GL_EXT_direct_state_access	Supported
	GL_EXT_discard_framebuffer	Not Supported
	GL_EXT_disjoint_timer_query	Not Supported
	GL_EXT_draw_buffers	Not Supported
	GL_EXT_draw_buffers_indexed	Not Supported
	GL_EXT_draw_buffers2	Supported
	GL_EXT_draw_indirect	Not Supported
	GL_EXT_draw_instanced	Supported
	GL_EXT_draw_range_elements	Supported
	GL_EXT_fog_coord	Supported
	GL_EXT_fog_function	Not Supported
	GL_EXT_fog_offset	Not Supported
	GL_EXT_frag_depth	Not Supported
	GL_EXT_fragment_lighting	Not Supported
	GL_EXT_framebuffer_blit	Supported
	GL_EXT_framebuffer_multisample	Supported
	GL_EXT_framebuffer_multisample_blit_scaled	Supported
	GL_EXT_framebuffer_object	Supported
	GL_EXT_framebuffer_sRGB	Supported
	GL_EXT_generate_mipmap	Not Supported
	GL_EXT_geometry_point_size	Not Supported
	GL_EXT_geometry_shader	Not Supported
	GL_EXT_geometry_shader4	Supported
	GL_EXT_glx_stereo_tree	Not Supported
	GL_EXT_gpu_program_parameters	Supported
	GL_EXT_gpu_shader_fp64	Not Supported
	GL_EXT_gpu_shader4	Supported
	GL_EXT_gpu_shader5	Not Supported
	GL_EXT_histogram	Not Supported
	GL_EXT_import_sync_object	Supported
	GL_EXT_index_array_formats	Not Supported
	GL_EXT_index_func	Not Supported
	GL_EXT_index_material	Not Supported
	GL_EXT_index_texture	Not Supported
	GL_EXT_instanced_arrays	Not Supported
	GL_EXT_interlace	Not Supported
	GL_EXT_light_texture	Not Supported
	GL_EXT_map_buffer_range	Not Supported
	GL_EXT_misc_attribute	Not Supported
	GL_EXT_multi_draw_arrays	Supported
	GL_EXT_multisample	Not Supported
	GL_EXT_multisampled_render_to_texture	Not Supported
	GL_EXT_multiview_draw_buffers	Not Supported
	GL_EXT_occlusion_query_boolean	Not Supported
	GL_EXT_packed_depth_stencil	Supported
	GL_EXT_packed_float	Supported
	GL_EXT_packed_pixels	Supported
	GL_EXT_packed_pixels_12	Not Supported
	GL_EXT_paletted_texture	Not Supported
	GL_EXT_pixel_buffer_object	Supported
	GL_EXT_pixel_format	Not Supported
	GL_EXT_pixel_texture	Not Supported
	GL_EXT_pixel_transform	Not Supported
	GL_EXT_pixel_transform_color_table	Not Supported
	GL_EXT_point_parameters	Supported
	GL_EXT_polygon_offset	Not Supported
	GL_EXT_polygon_offset_clamp	Supported
	GL_EXT_post_depth_coverage	Not Supported
	GL_EXT_primitive_bounding_box	Not Supported
	GL_EXT_provoking_vertex	Supported
	GL_EXT_pvrtc_sRGB	Not Supported
	GL_EXT_raster_multisample	Not Supported
	GL_EXT_read_format_bgra	Not Supported
	GL_EXT_rescale_normal	Supported
	GL_EXT_robustness	Not Supported
	GL_EXT_scene_marker	Not Supported
	GL_EXT_secondary_color	Supported
	GL_EXT_separate_shader_objects	Supported
	GL_EXT_separate_specular_color	Supported
	GL_EXT_shader_atomic_counters	Not Supported
	GL_EXT_shader_framebuffer_fetch	Not Supported
	GL_EXT_shader_image_load_formatted	Not Supported
	GL_EXT_shader_image_load_store	Supported
	GL_EXT_shader_implicit_conversions	Not Supported
	GL_EXT_shader_integer_mix	Supported
	GL_EXT_shader_io_blocks	Not Supported
	GL_EXT_shader_pixel_local_storage	Not Supported
	GL_EXT_shader_subroutine	Not Supported
	GL_EXT_shader_texture_lod	Not Supported
	GL_EXT_shadow_funcs	Supported
	GL_EXT_shadow_samplers	Not Supported
	GL_EXT_shared_texture_palette	Not Supported
	GL_EXT_sparse_texture2	Not Supported
	GL_EXT_sRGB	Not Supported
	GL_EXT_sRGB_write_control	Not Supported
	GL_EXT_static_vertex_array	Not Supported
	GL_EXT_stencil_clear_tag	Not Supported
	GL_EXT_stencil_two_side	Supported
	GL_EXT_stencil_wrap	Supported
	GL_EXT_subtexture	Not Supported
	GL_EXT_swap_control	Not Supported
	GL_EXT_tessellation_point_size	Not Supported
	GL_EXT_tessellation_shader	Not Supported
	GL_EXT_texgen_reflection	Not Supported
	GL_EXT_texture	Not Supported
	GL_EXT_texture_array	Supported
	GL_EXT_texture_border_clamp	Not Supported
	GL_EXT_texture_buffer	Not Supported
	GL_EXT_texture_buffer_object	Supported
	GL_EXT_texture_buffer_object_rgb32	Not Supported
	GL_EXT_texture_color_table	Not Supported
	GL_EXT_texture_compression_bptc	Not Supported
	GL_EXT_texture_compression_dxt1	Supported
	GL_EXT_texture_compression_latc	Supported
	GL_EXT_texture_compression_rgtc	Supported
	GL_EXT_texture_compression_s3tc	Supported
	GL_EXT_texture_cube_map	Supported
	GL_EXT_texture_cube_map_array	Not Supported
	GL_EXT_texture_edge_clamp	Supported
	GL_EXT_texture_env	Not Supported
	GL_EXT_texture_env_add	Supported
	GL_EXT_texture_env_combine	Supported
	GL_EXT_texture_env_dot3	Supported
	GL_EXT_texture_filter_anisotropic	Supported
	GL_EXT_texture_filter_minmax	Not Supported
	GL_EXT_texture_format_BGRA8888	Not Supported
	GL_EXT_texture_integer	Supported
	GL_EXT_texture_lod	Supported
	GL_EXT_texture_lod_bias	Supported
	GL_EXT_texture_mirror_clamp	Supported
	GL_EXT_texture_object	Supported
	GL_EXT_texture_perturb_normal	Not Supported
	GL_EXT_texture_rectangle	Not Supported
	GL_EXT_texture_rg	Not Supported
	GL_EXT_texture_shared_exponent	Supported
	GL_EXT_texture_snorm	Not Supported
	GL_EXT_texture_sRGB	Supported
	GL_EXT_texture_sRGB_decode	Supported
	GL_EXT_texture_storage	Supported
	GL_EXT_texture_swizzle	Supported
	GL_EXT_texture_type_2_10_10_10_REV	Not Supported
	GL_EXT_texture_view	Not Supported
	GL_EXT_texture3D	Supported
	GL_EXT_texture4D	Not Supported
	GL_EXT_timer_query	Supported
	GL_EXT_transform_feedback	Not Supported
	GL_EXT_transform_feedback2	Supported
	GL_EXT_transform_feedback3	Not Supported
	GL_EXT_unpack_subimage	Not Supported
	GL_EXT_vertex_array	Supported
	GL_EXT_vertex_array_bgra	Supported
	GL_EXT_vertex_array_set	Not Supported
	GL_EXT_vertex_array_setXXX	Not Supported
	GL_EXT_vertex_attrib_64bit	Supported
	GL_EXT_vertex_shader	Not Supported
	GL_EXT_vertex_weighting	Not Supported
	GL_EXT_x11_sync_object	Not Supported
	GL_EXTX_framebuffer_mixed_formats	Supported
	GL_EXTX_packed_depth_stencil	Not Supported
	GL_FGL_lock_texture	Not Supported
	GL_FJ_shader_binary_GCCSO	Not Supported
	GL_GL2_geometry_shader	Not Supported
	GL_GREMEDY_frame_terminator	Not Supported
	GL_GREMEDY_string_marker	Not Supported
	GL_HP_convolution_border_modes	Not Supported
	GL_HP_image_transform	Not Supported
	GL_HP_occlusion_test	Not Supported
	GL_HP_texture_lighting	Not Supported
	GL_I3D_argb	Not Supported
	GL_I3D_color_clamp	Not Supported
	GL_I3D_interlace_read	Not Supported
	GL_IBM_clip_check	Not Supported
	GL_IBM_cull_vertex	Not Supported
	GL_IBM_load_named_matrix	Not Supported
	GL_IBM_multi_draw_arrays	Not Supported
	GL_IBM_multimode_draw_arrays	Not Supported
	GL_IBM_occlusion_cull	Not Supported
	GL_IBM_pixel_filter_hint	Not Supported
	GL_IBM_rasterpos_clip	Supported
	GL_IBM_rescale_normal	Not Supported
	GL_IBM_static_data	Not Supported
	GL_IBM_texture_clamp_nodraw	Not Supported
	GL_IBM_texture_mirrored_repeat	Supported
	GL_IBM_vertex_array_lists	Not Supported
	GL_IBM_YCbCr	Not Supported
	GL_IMG_multisampled_render_to_texture	Not Supported
	GL_IMG_program_binary	Not Supported
	GL_IMG_read_format	Not Supported
	GL_IMG_sgx_binary	Not Supported
	GL_IMG_shader_binary	Not Supported
	GL_IMG_texture_compression_pvrtc	Not Supported
	GL_IMG_texture_compression_pvrtc2	Not Supported
	GL_IMG_texture_env_enhanced_fixed_function	Not Supported
	GL_IMG_texture_format_BGRA8888	Not Supported
	GL_IMG_user_clip_plane	Not Supported
	GL_IMG_vertex_program	Not Supported
	GL_INGR_blend_func_separate	Not Supported
	GL_INGR_color_clamp	Not Supported
	GL_INGR_interlace_read	Not Supported
	GL_INGR_multiple_palette	Not Supported
	GL_INTEL_compute_shader_lane_shift	Not Supported
	GL_INTEL_conservative_rasterization	Not Supported
	GL_INTEL_fragment_shader_ordering	Not Supported
	GL_INTEL_fragment_shader_span_sharing	Not Supported
	GL_INTEL_image_serialize	Not Supported
	GL_INTEL_map_texture	Not Supported
	GL_INTEL_multi_rate_fragment_shader	Not Supported
	GL_INTEL_parallel_arrays	Not Supported
	GL_INTEL_performance_queries	Not Supported
	GL_INTEL_performance_query	Not Supported
	GL_INTEL_texture_scissor	Not Supported
	GL_KHR_blend_equation_advanced	Supported
	GL_KHR_blend_equation_advanced_coherent	Not Supported
	GL_KHR_context_flush_control	Supported
	GL_KHR_debug	Supported
	GL_KHR_robust_buffer_access_behavior	Supported
	GL_KHR_robustness	Supported
	GL_KHR_texture_compression_astc_hdr	Not Supported
	GL_KHR_texture_compression_astc_ldr	Not Supported
	GL_KTX_buffer_region	Supported
	GL_MESA_pack_invert	Not Supported
	GL_MESA_program_debug	Not Supported
	GL_MESA_resize_buffers	Not Supported
	GL_MESA_texture_array	Not Supported
	GL_MESA_texture_signed_rgba	Not Supported
	GL_MESA_window_pos	Not Supported
	GL_MESA_ycbcr_texture	Not Supported
	GL_MESAX_texture_float	Not Supported
	GL_MESAX_texture_stack	Not Supported
	GL_MTX_fragment_shader	Not Supported
	GL_MTX_precision_dpi	Not Supported
	GL_NV_3dvision_settings	Not Supported
	GL_NV_alpha_test	Not Supported
	GL_NV_bgr	Not Supported
	GL_NV_bindless_multi_draw_indirect	Supported
	GL_NV_bindless_multi_draw_indirect_count	Supported
	GL_NV_bindless_texture	Not Supported
	GL_NV_blend_equation_advanced	Supported
	GL_NV_blend_equation_advanced_coherent	Not Supported
	GL_NV_blend_minmax	Not Supported
	GL_NV_blend_square	Supported
	GL_NV_centroid_sample	Not Supported
	GL_NV_command_list	Supported
	GL_NV_complex_primitives	Not Supported
	GL_NV_compute_program5	Supported
	GL_NV_conditional_render	Supported
	GL_NV_conservative_raster	Not Supported
	GL_NV_copy_buffer	Not Supported
	GL_NV_copy_depth_to_color	Supported
	GL_NV_copy_image	Supported
	GL_NV_coverage_sample	Not Supported
	GL_NV_deep_texture3D	Not Supported
	GL_NV_depth_buffer_float	Supported
	GL_NV_depth_clamp	Supported
	GL_NV_depth_nonlinear	Not Supported
	GL_NV_depth_range_unclamped	Not Supported
	GL_NV_draw_buffers	Not Supported
	GL_NV_draw_instanced	Not Supported
	GL_NV_draw_texture	Supported
	GL_NV_EGL_stream_consumer_external	Not Supported
	GL_NV_ES1_1_compatibility	Supported
	GL_NV_ES3_1_compatibility	Supported
	GL_NV_evaluators	Not Supported
	GL_NV_explicit_attrib_location	Not Supported
	GL_NV_explicit_multisample	Supported
	GL_NV_fbo_color_attachments	Not Supported
	GL_NV_fence	Supported
	GL_NV_fill_rectangle	Not Supported
	GL_NV_float_buffer	Supported
	GL_NV_fog_distance	Supported
	GL_NV_fragdepth	Not Supported
	GL_NV_fragment_coverage_to_color	Not Supported
	GL_NV_fragment_program	Supported
	GL_NV_fragment_program_option	Supported
	GL_NV_fragment_program2	Supported
	GL_NV_fragment_program4	Not Supported
	GL_NV_fragment_shader_interlock	Not Supported
	GL_NV_framebuffer_blit	Not Supported
	GL_NV_framebuffer_mixed_samples	Not Supported
	GL_NV_framebuffer_multisample	Not Supported
	GL_NV_framebuffer_multisample_coverage	Supported
	GL_NV_framebuffer_multisample_ex	Not Supported
	GL_NV_generate_mipmap_sRGB	Not Supported
	GL_NV_geometry_program4	Not Supported
	GL_NV_geometry_shader_passthrough	Not Supported
	GL_NV_geometry_shader4	Supported
	GL_NV_gpu_program_fp64	Supported
	GL_NV_gpu_program4	Supported
	GL_NV_gpu_program4_1	Supported
	GL_NV_gpu_program5	Supported
	GL_NV_gpu_program5_mem_extended	Supported
	GL_NV_gpu_shader5	Supported
	GL_NV_half_float	Supported
	GL_NV_instanced_arrays	Not Supported
	GL_NV_internalformat_sample_query	Supported
	GL_NV_light_max_exponent	Supported
	GL_NV_multisample_coverage	Supported
	GL_NV_multisample_filter_hint	Supported
	GL_NV_non_square_matrices	Not Supported
	GL_NV_occlusion_query	Supported
	GL_NV_pack_subimage	Not Supported
	GL_NV_packed_depth_stencil	Supported
	GL_NV_packed_float	Not Supported
	GL_NV_packed_float_linear	Not Supported
	GL_NV_parameter_buffer_object	Supported
	GL_NV_parameter_buffer_object2	Supported
	GL_NV_path_rendering	Supported
	GL_NV_path_rendering_shared_edge	Not Supported
	GL_NV_pixel_buffer_object	Not Supported
	GL_NV_pixel_data_range	Supported
	GL_NV_platform_binary	Not Supported
	GL_NV_point_sprite	Supported
	GL_NV_present_video	Not Supported
	GL_NV_primitive_restart	Supported
	GL_NV_read_buffer	Not Supported
	GL_NV_read_buffer_front	Not Supported
	GL_NV_read_depth	Not Supported
	GL_NV_read_depth_stencil	Not Supported
	GL_NV_read_stencil	Not Supported
	GL_NV_register_combiners	Supported
	GL_NV_register_combiners2	Supported
	GL_NV_sample_locations	Not Supported
	GL_NV_sample_mask_override_coverage	Not Supported
	GL_NV_shader_atomic_counters	Supported
	GL_NV_shader_atomic_float	Supported
	GL_NV_shader_atomic_fp16_vector	Not Supported
	GL_NV_shader_atomic_int64	Not Supported
	GL_NV_shader_buffer_load	Supported
	GL_NV_shader_buffer_store	Not Supported
	GL_NV_shader_storage_buffer_object	Supported
	GL_NV_shader_thread_group	Supported
	GL_NV_shader_thread_shuffle	Not Supported
	GL_NV_shadow_samplers_array	Not Supported
	GL_NV_shadow_samplers_cube	Not Supported
	GL_NV_sRGB_formats	Not Supported
	GL_NV_tessellation_program5	Not Supported
	GL_NV_texgen_emboss	Not Supported
	GL_NV_texgen_reflection	Supported
	GL_NV_texture_array	Not Supported
	GL_NV_texture_barrier	Supported
	GL_NV_texture_border_clamp	Not Supported
	GL_NV_texture_compression_latc	Not Supported
	GL_NV_texture_compression_s3tc	Not Supported
	GL_NV_texture_compression_s3tc_update	Not Supported
	GL_NV_texture_compression_vtc	Supported
	GL_NV_texture_env_combine4	Supported
	GL_NV_texture_expand_normal	Not Supported
	GL_NV_texture_lod_clamp	Not Supported
	GL_NV_texture_multisample	Supported
	GL_NV_texture_npot_2D_mipmap	Not Supported
	GL_NV_texture_rectangle	Supported
	GL_NV_texture_shader	Supported
	GL_NV_texture_shader2	Supported
	GL_NV_texture_shader3	Supported
	GL_NV_timer_query	Not Supported
	GL_NV_transform_feedback	Supported
	GL_NV_transform_feedback2	Supported
	GL_NV_uniform_buffer_unified_memory	Supported
	GL_NV_vdpau_interop	Not Supported
	GL_NV_vertex_array_range	Supported
	GL_NV_vertex_array_range2	Supported
	GL_NV_vertex_attrib_64bit	Not Supported
	GL_NV_vertex_attrib_integer_64bit	Supported
	GL_NV_vertex_buffer_unified_memory	Supported
	GL_NV_vertex_program	Supported
	GL_NV_vertex_program1_1	Supported
	GL_NV_vertex_program2	Supported
	GL_NV_vertex_program2_option	Supported
	GL_NV_vertex_program3	Supported
	GL_NV_vertex_program4	Not Supported
	GL_NV_video_capture	Not Supported
	GL_NV_viewport_array2	Not Supported
	GL_NVX_conditional_render	Supported
	GL_NVX_flush_hold	Not Supported
	GL_NVX_gpu_memory_info	Supported
	GL_NVX_instanced_arrays	Not Supported
	GL_NVX_nvenc_interop	Not Supported
	GL_NVX_shader_thread_group	Not Supported
	GL_NVX_shader_thread_shuffle	Not Supported
	GL_NVX_shared_sync_object	Not Supported
	GL_NVX_sysmem_buffer	Not Supported
	GL_NVX_ycrcb	Not Supported
	GL_OES_blend_equation_separate	Not Supported
	GL_OES_blend_func_separate	Not Supported
	GL_OES_blend_subtract	Not Supported
	GL_OES_byte_coordinates	Not Supported
	GL_OES_compressed_EAC_R11_signed_texture	Not Supported
	GL_OES_compressed_EAC_R11_unsigned_texture	Not Supported
	GL_OES_compressed_EAC_RG11_signed_texture	Not Supported
	GL_OES_compressed_EAC_RG11_unsigned_texture	Not Supported
	GL_OES_compressed_ETC1_RGB8_texture	Not Supported
	GL_OES_compressed_ETC2_punchthroughA_RGBA8_texture	Not Supported
	GL_OES_compressed_ETC2_punchthroughA_sRGB8_alpha_texture	Not Supported
	GL_OES_compressed_ETC2_RGB8_texture	Not Supported
	GL_OES_compressed_ETC2_RGBA8_texture	Not Supported
	GL_OES_compressed_ETC2_sRGB8_alpha8_texture	Not Supported
	GL_OES_compressed_ETC2_sRGB8_texture	Not Supported
	GL_OES_compressed_paletted_texture	Not Supported
	GL_OES_conditional_query	Not Supported
	GL_OES_depth_texture	Not Supported
	GL_OES_depth_texture_cube_map	Not Supported
	GL_OES_depth24	Not Supported
	GL_OES_depth32	Not Supported
	GL_OES_draw_texture	Not Supported
	GL_OES_EGL_image	Not Supported
	GL_OES_EGL_image_external	Not Supported
	GL_OES_EGL_sync	Not Supported
	GL_OES_element_index_uint	Not Supported
	GL_OES_extended_matrix_palette	Not Supported
	GL_OES_fbo_render_mipmap	Not Supported
	GL_OES_fixed_point	Not Supported
	GL_OES_fragment_precision_high	Not Supported
	GL_OES_framebuffer_object	Not Supported
	GL_OES_get_program_binary	Not Supported
	GL_OES_mapbuffer	Not Supported
	GL_OES_matrix_get	Not Supported
	GL_OES_matrix_palette	Not Supported
	GL_OES_packed_depth_stencil	Not Supported
	GL_OES_point_size_array	Not Supported
	GL_OES_point_sprite	Not Supported
	GL_OES_query_matrix	Not Supported
	GL_OES_read_format	Not Supported
	GL_OES_required_internalformat	Not Supported
	GL_OES_rgb8_rgba8	Not Supported
	GL_OES_sample_shading	Not Supported
	GL_OES_sample_variables	Not Supported
	GL_OES_shader_image_atomic	Not Supported
	GL_OES_shader_multisample_interpolation	Not Supported
	GL_OES_single_precision	Not Supported
	GL_OES_standard_derivatives	Not Supported
	GL_OES_stencil_wrap	Not Supported
	GL_OES_stencil1	Not Supported
	GL_OES_stencil4	Not Supported
	GL_OES_stencil8	Not Supported
	GL_OES_surfaceless_context	Not Supported
	GL_OES_texture_3D	Not Supported
	GL_OES_texture_compression_astc	Not Supported
	GL_OES_texture_cube_map	Not Supported
	GL_OES_texture_env_crossbar	Not Supported
	GL_OES_texture_float	Not Supported
	GL_OES_texture_float_linear	Not Supported
	GL_OES_texture_half_float	Not Supported
	GL_OES_texture_half_float_linear	Not Supported
	GL_OES_texture_mirrored_repeat	Not Supported
	GL_OES_texture_npot	Not Supported
	GL_OES_texture_stencil8	Not Supported
	GL_OES_texture_storage_multisample_2d_array	Not Supported
	GL_OES_vertex_array_object	Not Supported
	GL_OES_vertex_half_float	Not Supported
	GL_OES_vertex_type_10_10_10_2	Not Supported
	GL_OML_interlace	Not Supported
	GL_OML_resample	Not Supported
	GL_OML_subsample	Not Supported
	GL_PGI_misc_hints	Not Supported
	GL_PGI_vertex_hints	Not Supported
	GL_QCOM_alpha_test	Not Supported
	GL_QCOM_binning_control	Not Supported
	GL_QCOM_driver_control	Not Supported
	GL_QCOM_extended_get	Not Supported
	GL_QCOM_extended_get2	Not Supported
	GL_QCOM_perfmon_global_mode	Not Supported
	GL_QCOM_tiled_rendering	Not Supported
	GL_QCOM_writeonly_rendering	Not Supported
	GL_REND_screen_coordinates	Not Supported
	GL_S3_performance_analyzer	Not Supported
	GL_S3_s3tc	Supported
	GL_SGI_color_matrix	Not Supported
	GL_SGI_color_table	Not Supported
	GL_SGI_compiled_vertex_array	Not Supported
	GL_SGI_cull_vertex	Not Supported
	GL_SGI_index_array_formats	Not Supported
	GL_SGI_index_func	Not Supported
	GL_SGI_index_material	Not Supported
	GL_SGI_index_texture	Not Supported
	GL_SGI_make_current_read	Not Supported
	GL_SGI_texture_add_env	Not Supported
	GL_SGI_texture_color_table	Not Supported
	GL_SGI_texture_edge_clamp	Not Supported
	GL_SGI_texture_lod	Not Supported
	GL_SGIS_color_range	Not Supported
	GL_SGIS_detail_texture	Not Supported
	GL_SGIS_fog_function	Not Supported
	GL_SGIS_generate_mipmap	Supported
	GL_SGIS_multisample	Not Supported
	GL_SGIS_multitexture	Not Supported
	GL_SGIS_pixel_texture	Not Supported
	GL_SGIS_point_line_texgen	Not Supported
	GL_SGIS_sharpen_texture	Not Supported
	GL_SGIS_texture_border_clamp	Not Supported
	GL_SGIS_texture_color_mask	Not Supported
	GL_SGIS_texture_edge_clamp	Not Supported
	GL_SGIS_texture_filter4	Not Supported
	GL_SGIS_texture_lod	Supported
	GL_SGIS_texture_select	Not Supported
	GL_SGIS_texture4D	Not Supported
	GL_SGIX_async	Not Supported
	GL_SGIX_async_histogram	Not Supported
	GL_SGIX_async_pixel	Not Supported
	GL_SGIX_blend_alpha_minmax	Not Supported
	GL_SGIX_clipmap	Not Supported
	GL_SGIX_convolution_accuracy	Not Supported
	GL_SGIX_depth_pass_instrument	Not Supported
	GL_SGIX_depth_texture	Supported
	GL_SGIX_flush_raster	Not Supported
	GL_SGIX_fog_offset	Not Supported
	GL_SGIX_fog_texture	Not Supported
	GL_SGIX_fragment_specular_lighting	Not Supported
	GL_SGIX_framezoom	Not Supported
	GL_SGIX_instruments	Not Supported
	GL_SGIX_interlace	Not Supported
	GL_SGIX_ir_instrument1	Not Supported
	GL_SGIX_list_priority	Not Supported
	GL_SGIX_pbuffer	Not Supported
	GL_SGIX_pixel_texture	Not Supported
	GL_SGIX_pixel_texture_bits	Not Supported
	GL_SGIX_reference_plane	Not Supported
	GL_SGIX_resample	Not Supported
	GL_SGIX_shadow	Supported
	GL_SGIX_shadow_ambient	Not Supported
	GL_SGIX_sprite	Not Supported
	GL_SGIX_subsample	Not Supported
	GL_SGIX_tag_sample_buffer	Not Supported
	GL_SGIX_texture_add_env	Not Supported
	GL_SGIX_texture_coordinate_clamp	Not Supported
	GL_SGIX_texture_lod_bias	Not Supported
	GL_SGIX_texture_multi_buffer	Not Supported
	GL_SGIX_texture_range	Not Supported
	GL_SGIX_texture_scale_bias	Not Supported
	GL_SGIX_vertex_preclip	Not Supported
	GL_SGIX_vertex_preclip_hint	Not Supported
	GL_SGIX_ycrcb	Not Supported
	GL_SGIX_ycrcb_subsample	Not Supported
	GL_SUN_convolution_border_modes	Not Supported
	GL_SUN_global_alpha	Not Supported
	GL_SUN_mesh_array	Not Supported
	GL_SUN_multi_draw_arrays	Not Supported
	GL_SUN_read_video_pixels	Not Supported
	GL_SUN_slice_accum	Supported
	GL_SUN_triangle_list	Not Supported
	GL_SUN_vertex	Not Supported
	GL_SUNX_constant_data	Not Supported
	GL_VIV_shader_binary	Not Supported
	GL_WGL_ARB_extensions_string	Not Supported
	GL_WGL_EXT_extensions_string	Not Supported
	GL_WGL_EXT_swap_control	Not Supported
	GL_WIN_phong_shading	Not Supported
	GL_WIN_specular_fog	Not Supported
	GL_WIN_swap_hint	Supported
	GLU_EXT_nurbs_tessellator	Not Supported
	GLU_EXT_object_space_tess	Not Supported
	GLU_SGI_filter4_parameters	Not Supported
	GLX_AMD_gpu_association	Not Supported
	GLX_ARB_create_context	Not Supported
	GLX_ARB_create_context_profile	Not Supported
	GLX_ARB_create_context_robustness	Not Supported
	GLX_ARB_fbconfig_float	Not Supported
	GLX_ARB_framebuffer_sRGB	Not Supported
	GLX_ARB_get_proc_address	Not Supported
	GLX_ARB_multisample	Not Supported
	GLX_ARB_robustness_application_isolation	Not Supported
	GLX_ARB_robustness_share_group_isolation	Not Supported
	GLX_ARB_vertex_buffer_object	Not Supported
	GLX_EXT_buffer_age	Not Supported
	GLX_EXT_create_context_es_profile	Not Supported
	GLX_EXT_create_context_es2_profile	Not Supported
	GLX_EXT_fbconfig_packed_float	Not Supported
	GLX_EXT_framebuffer_sRGB	Not Supported
	GLX_EXT_import_context	Not Supported
	GLX_EXT_scene_marker	Not Supported
	GLX_EXT_swap_control	Not Supported
	GLX_EXT_swap_control_tear	Not Supported
	GLX_EXT_texture_from_pixmap	Not Supported
	GLX_EXT_visual_info	Not Supported
	GLX_EXT_visual_rating	Not Supported
	GLX_INTEL_swap_event	Not Supported
	GLX_MESA_agp_offset	Not Supported
	GLX_MESA_copy_sub_buffer	Not Supported
	GLX_MESA_multithread_makecurrent	Not Supported
	GLX_MESA_pixmap_colormap	Not Supported
	GLX_MESA_query_renderer	Not Supported
	GLX_MESA_release_buffers	Not Supported
	GLX_MESA_set_3dfx_mode	Not Supported
	GLX_MESA_swap_control	Not Supported
	GLX_NV_copy_image	Not Supported
	GLX_NV_delay_before_swap	Not Supported
	GLX_NV_float_buffer	Not Supported
	GLX_NV_multisample_coverage	Not Supported
	GLX_NV_present_video	Not Supported
	GLX_NV_swap_group	Not Supported
	GLX_NV_video_capture	Not Supported
	GLX_NV_video_out	Not Supported
	GLX_NV_video_output	Not Supported
	GLX_OML_interlace	Not Supported
	GLX_OML_swap_method	Not Supported
	GLX_OML_sync_control	Not Supported
	GLX_SGI_cushion	Not Supported
	GLX_SGI_make_current_read	Not Supported
	GLX_SGI_swap_control	Not Supported
	GLX_SGI_video_sync	Not Supported
	GLX_SGIS_blended_overlay	Not Supported
	GLX_SGIS_color_range	Not Supported
	GLX_SGIS_multisample	Not Supported
	GLX_SGIX_dm_buffer	Not Supported
	GLX_SGIX_fbconfig	Not Supported
	GLX_SGIX_hyperpipe	Not Supported
	GLX_SGIX_pbuffer	Not Supported
	GLX_SGIX_swap_barrier	Not Supported
	GLX_SGIX_swap_group	Not Supported
	GLX_SGIX_video_resize	Not Supported
	GLX_SGIX_video_source	Not Supported
	GLX_SGIX_visual_select_group	Not Supported
	GLX_SUN_get_transparent_index	Not Supported
	GLX_SUN_video_resize	Not Supported
	WGL_3DFX_gamma_control	Not Supported
	WGL_3DFX_multisample	Not Supported
	WGL_3DL_stereo_control	Not Supported
	WGL_AMD_gpu_association	Not Supported
	WGL_AMDX_gpu_association	Not Supported
	WGL_ARB_buffer_region	Supported
	WGL_ARB_context_flush_control	Supported
	WGL_ARB_create_context	Supported
	WGL_ARB_create_context_profile	Supported
	WGL_ARB_create_context_robustness	Supported
	WGL_ARB_extensions_string	Supported
	WGL_ARB_framebuffer_sRGB	Not Supported
	WGL_ARB_make_current_read	Supported
	WGL_ARB_multisample	Supported
	WGL_ARB_pbuffer	Supported
	WGL_ARB_pixel_format	Supported
	WGL_ARB_pixel_format_float	Supported
	WGL_ARB_render_texture	Supported
	WGL_ARB_robustness_application_isolation	Not Supported
	WGL_ARB_robustness_share_group_isolation	Not Supported
	WGL_ATI_pbuffer_memory_hint	Not Supported
	WGL_ATI_pixel_format_float	Supported
	WGL_ATI_render_texture_rectangle	Not Supported
	WGL_EXT_buffer_region	Not Supported
	WGL_EXT_create_context_es_profile	Supported
	WGL_EXT_create_context_es2_profile	Supported
	WGL_EXT_depth_float	Not Supported
	WGL_EXT_display_color_table	Not Supported
	WGL_EXT_extensions_string	Supported
	WGL_EXT_framebuffer_sRGB	Supported
	WGL_EXT_framebuffer_sRGBWGL_ARB_create_context	Not Supported
	WGL_EXT_gamma_control	Not Supported
	WGL_EXT_make_current_read	Not Supported
	WGL_EXT_multisample	Not Supported
	WGL_EXT_pbuffer	Not Supported
	WGL_EXT_pixel_format	Not Supported
	WGL_EXT_pixel_format_packed_float	Supported
	WGL_EXT_render_texture	Not Supported
	WGL_EXT_swap_control	Supported
	WGL_EXT_swap_control_tear	Supported
	WGL_EXT_swap_interval	Not Supported
	WGL_I3D_digital_video_control	Not Supported
	WGL_I3D_gamma	Not Supported
	WGL_I3D_genlock	Not Supported
	WGL_I3D_image_buffer	Not Supported
	WGL_I3D_swap_frame_lock	Not Supported
	WGL_I3D_swap_frame_usage	Not Supported
	WGL_MTX_video_preview	Not Supported
	WGL_NV_copy_image	Supported
	WGL_NV_delay_before_swap	Supported
	WGL_NV_DX_interop	Supported
	WGL_NV_DX_interop2	Supported
	WGL_NV_float_buffer	Supported
	WGL_NV_gpu_affinity	Not Supported
	WGL_NV_multisample_coverage	Supported
	WGL_NV_present_video	Not Supported
	WGL_NV_render_depth_texture	Supported
	WGL_NV_render_texture_rectangle	Supported
	WGL_NV_swap_group	Not Supported
	WGL_NV_texture_rectangle	Not Supported
	WGL_NV_vertex_array_range	Not Supported
	WGL_NV_video_capture	Not Supported
	WGL_NV_video_output	Not Supported
	WGL_NVX_DX_interop	Supported
	WGL_OML_sync_control	Not Supported
	WGL_S3_cl_sharingWGL_ARB_create_context_profile	Not Supported

Supported Compressed Texture Formats:
	RGB DXT1	Supported
	RGBA DXT1	Not Supported
	RGBA DXT3	Supported
	RGBA DXT5	Supported
	RGB FXT1	Not Supported
	RGBA FXT1	Not Supported
	3Dc	Not Supported

Video Adapter Manufacturer:
	Company Name	NVIDIA Corporation
	Product Information	http://www.nvidia.com/page/products.html
	Driver Download	http://www.nvidia.com/content/drivers/drivers.asp
	Driver Update	http://www.aida64.com/driver-updates

GPGPU


[ CUDA: nVIDIA GeForce GT 520M (GF119) ]

	Device Properties:
		Device Name	GeForce GT 520M
		GPU Code Name	GF119
		PCI Domain / Bus / Device	0 / 1 / 0
		Clock Rate	1480 MHz
		Asynchronous Engines	1
		Multiprocessors / Cores	1 / 48
		L2 Cache	64 KB
		Max Threads Per Multiprocessor	1536
		Max Threads Per Block	1024
		Max Registers Per Block	32768
		Max 32-bit Registers Per Multiprocessor	32768
		Max Instructions Per Kernel	512 million
		Warp Size	32 threads
		Max Block Size	1024 x 1024 x 64
		Max Grid Size	65535 x 65535 x 65535
		Max 1D Texture Width	65536
		Max 2D Texture Size	65536 x 65535
		Max 3D Texture Size	2048 x 2048 x 2048
		Max 1D Linear Texture Width	134217728
		Max 2D Linear Texture Size	65000 x 65000
		Max 2D Linear Texture Pitch	1048544 bytes
		Max 1D Layered Texture Width	16384
		Max 1D Layered Texture Layers	2048
		Max Mipmapped 1D Texture Width	16384
		Max Mipmapped 2D Texture Size	16384 x 16384
		Max Cubemap Texture Size	16384 x 16384
		Max Cubemap Layered Texture Size	16384 x 16384
		Max Cubemap Layered Texture Layers	2046
		Max Texture Array Size	16384 x 16384
		Max Texture Array Slices	2048
		Max 1D Surface Width	65536
		Max 2D Surface Size	65536 x 32768
		Max 3D Surface Size	65536 x 32768 x 2048
		Max 1D Layered Surface Width	65536
		Max 1D Layered Surface Layers	2048
		Max 2D Layered Surface Size	65536 x 32768
		Max 2D Layered Surface Layers	2048
		Compute Mode	Default: Multiple contexts allowed per device
		Compute Capability	2.1
		CUDA DLL	nvcuda.dll (8.17.13.5286 - nVIDIA ForceWare 352.86)

	Memory Properties:
		Memory Clock	800 MHz
		Global Memory Bus Width	64-bit
		Total Memory	1 GB
		Total Constant Memory	64 KB
		Max Shared Memory Per Block	48 KB
		Max Shared Memory Per Multiprocessor	48 KB
		Max Memory Pitch	2147483647 bytes
		Texture Alignment	512 bytes
		Texture Pitch Alignment	32 bytes
		Surface Alignment	512 bytes

	Device Features:
		32-bit Floating-Point Atomic Addition	Supported
		32-bit Integer Atomic Operations	Supported
		64-bit Integer Atomic Operations	Supported
		Caching Globals in L1 Cache	Supported
		Caching Locals in L1 Cache	Supported
		Concurrent Kernel Execution	Supported
		Concurrent Memory Copy & Execute	Supported
		Double-Precision Floating-Point	Supported
		ECC	Disabled
		Funnel Shift	Not Supported
		Host Memory Mapping	Supported
		Integrated Device	No
		Managed Memory	Not Supported
		Multi-GPU Board	No
		Stream Priorities	Not Supported
		Surface Functions	Supported
		TCC Driver	No
		Warp Vote Functions	Supported
		__ballot()	Supported
		__syncthreads_and()	Supported
		__syncthreads_count()	Supported
		__syncthreads_or()	Supported
		__threadfence_system()	Supported

	Device Manufacturer:
		Company Name	NVIDIA Corporation
		Product Information	http://www.nvidia.com/page/products.html
		Driver Download	http://www.nvidia.com/content/drivers/drivers.asp
		Driver Update	http://www.aida64.com/driver-updates

[ Direct3D: NVIDIA GeForce GT 520M (GF119) ]

	Device Properties:
		Device Name	NVIDIA GeForce GT 520M
		GPU Code Name	GF119
		PCI Device	10DE-1050 / 1043-1742 (Rev A1)
		Dedicated Memory	979 MB
		Driver Name	nvd3dum.dll
		Driver Version	9.18.13.5286 - nVIDIA ForceWare 352.86
		Shader Model	SM 5.0
		Max Threads	1024
		Multiple UAV Access	8 UAVs
		Thread Dispatch	3D
		Thread Local Storage	32 KB

	Device Features:
		10-bit Precision Floating-Point	Not Supported
		16-bit Precision Floating-Point	Not Supported
		Append/Consume Buffers	Supported
		Atomic Operations	Supported
		Double-Precision Floating-Point	Supported
		Gather4	Supported
		Indirect Compute Dispatch	Supported
		Map On Default Buffers	Not Supported

	Device Manufacturer:
		Company Name	NVIDIA Corporation
		Product Information	http://www.nvidia.com/page/products.html
		Driver Download	http://www.nvidia.com/content/drivers/drivers.asp
		Driver Update	http://www.aida64.com/driver-updates

Fonts


Font Family	Type	Style	Character Set	Char. Size	Char. Weight
@Batang	Roman	Regular	Baltic	16 x 32	40 %
@Batang	Roman	Regular	Central European	16 x 32	40 %
@Batang	Roman	Regular	Cyrillic	16 x 32	40 %
@Batang	Roman	Regular	Greek	16 x 32	40 %
@Batang	Roman	Regular	Hangul	16 x 32	40 %
@Batang	Roman	Regular	Turkish	16 x 32	40 %
@Batang	Roman	Regular	Western	16 x 32	40 %
@BatangChe	Modern	Regular	Baltic	16 x 32	40 %
@BatangChe	Modern	Regular	Central European	16 x 32	40 %
@BatangChe	Modern	Regular	Cyrillic	16 x 32	40 %
@BatangChe	Modern	Regular	Greek	16 x 32	40 %
@BatangChe	Modern	Regular	Hangul	16 x 32	40 %
@BatangChe	Modern	Regular	Turkish	16 x 32	40 %
@BatangChe	Modern	Regular	Western	16 x 32	40 %
@DFKai-SB	Script	Regular	CHINESE_BIG5	16 x 32	40 %
@DFKai-SB	Script	Regular	Western	16 x 32	40 %
@Dotum	Swiss	Regular	Baltic	16 x 32	40 %
@Dotum	Swiss	Regular	Central European	16 x 32	40 %
@Dotum	Swiss	Regular	Cyrillic	16 x 32	40 %
@Dotum	Swiss	Regular	Greek	16 x 32	40 %
@Dotum	Swiss	Regular	Hangul	16 x 32	40 %
@Dotum	Swiss	Regular	Turkish	16 x 32	40 %
@Dotum	Swiss	Regular	Western	16 x 32	40 %
@DotumChe	Modern	Regular	Baltic	16 x 32	40 %
@DotumChe	Modern	Regular	Central European	16 x 32	40 %
@DotumChe	Modern	Regular	Cyrillic	16 x 32	40 %
@DotumChe	Modern	Regular	Greek	16 x 32	40 %
@DotumChe	Modern	Regular	Hangul	16 x 32	40 %
@DotumChe	Modern	Regular	Turkish	16 x 32	40 %
@DotumChe	Modern	Regular	Western	16 x 32	40 %
@FangSong	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
@FangSong	Modern	Regular	Western	16 x 32	40 %
@Gulim	Swiss	Regular	Baltic	16 x 32	40 %
@Gulim	Swiss	Regular	Central European	16 x 32	40 %
@Gulim	Swiss	Regular	Cyrillic	16 x 32	40 %
@Gulim	Swiss	Regular	Greek	16 x 32	40 %
@Gulim	Swiss	Regular	Hangul	16 x 32	40 %
@Gulim	Swiss	Regular	Turkish	16 x 32	40 %
@Gulim	Swiss	Regular	Western	16 x 32	40 %
@GulimChe	Modern	Regular	Baltic	16 x 32	40 %
@GulimChe	Modern	Regular	Central European	16 x 32	40 %
@GulimChe	Modern	Regular	Cyrillic	16 x 32	40 %
@GulimChe	Modern	Regular	Greek	16 x 32	40 %
@GulimChe	Modern	Regular	Hangul	16 x 32	40 %
@GulimChe	Modern	Regular	Turkish	16 x 32	40 %
@GulimChe	Modern	Regular	Western	16 x 32	40 %
@Gungsuh	Roman	Regular	Baltic	16 x 32	40 %
@Gungsuh	Roman	Regular	Central European	16 x 32	40 %
@Gungsuh	Roman	Regular	Cyrillic	16 x 32	40 %
@Gungsuh	Roman	Regular	Greek	16 x 32	40 %
@Gungsuh	Roman	Regular	Hangul	16 x 32	40 %
@Gungsuh	Roman	Regular	Turkish	16 x 32	40 %
@Gungsuh	Roman	Regular	Western	16 x 32	40 %
@GungsuhChe	Modern	Regular	Baltic	16 x 32	40 %
@GungsuhChe	Modern	Regular	Central European	16 x 32	40 %
@GungsuhChe	Modern	Regular	Cyrillic	16 x 32	40 %
@GungsuhChe	Modern	Regular	Greek	16 x 32	40 %
@GungsuhChe	Modern	Regular	Hangul	16 x 32	40 %
@GungsuhChe	Modern	Regular	Turkish	16 x 32	40 %
@GungsuhChe	Modern	Regular	Western	16 x 32	40 %
@KaiTi	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
@KaiTi	Modern	Regular	Western	16 x 32	40 %
@Malgun Gothic	Swiss	Regular	Hangul	15 x 43	40 %
@Malgun Gothic	Swiss	Regular	Western	15 x 43	40 %
@Meiryo UI	Swiss	Regular	Baltic	17 x 41	40 %
@Meiryo UI	Swiss	Regular	Central European	17 x 41	40 %
@Meiryo UI	Swiss	Regular	Cyrillic	17 x 41	40 %
@Meiryo UI	Swiss	Regular	Greek	17 x 41	40 %
@Meiryo UI	Swiss	Regular	Japanese	17 x 41	40 %
@Meiryo UI	Swiss	Regular	Turkish	17 x 41	40 %
@Meiryo UI	Swiss	Regular	Western	17 x 41	40 %
@Meiryo	Swiss	Regular	Baltic	31 x 48	40 %
@Meiryo	Swiss	Regular	Central European	31 x 48	40 %
@Meiryo	Swiss	Regular	Cyrillic	31 x 48	40 %
@Meiryo	Swiss	Regular	Greek	31 x 48	40 %
@Meiryo	Swiss	Regular	Japanese	31 x 48	40 %
@Meiryo	Swiss	Regular	Turkish	31 x 48	40 %
@Meiryo	Swiss	Regular	Western	31 x 48	40 %
@Microsoft JhengHei	Swiss	Regular	CHINESE_BIG5	15 x 43	40 %
@Microsoft JhengHei	Swiss	Regular	Greek	15 x 43	40 %
@Microsoft JhengHei	Swiss	Regular	Western	15 x 43	40 %
@Microsoft YaHei	Swiss	Regular	Central European	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	CHINESE_GB2312	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	Cyrillic	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	Greek	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	Turkish	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	Western	15 x 42	40 %
@MingLiU_HKSCS	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
@MingLiU_HKSCS	Roman	Regular	Western	16 x 32	40 %
@MingLiU_HKSCS-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
@MingLiU_HKSCS-ExtB	Roman	Regular	Western	16 x 32	40 %
@MingLiU	Modern	Regular	CHINESE_BIG5	16 x 32	40 %
@MingLiU	Modern	Regular	Western	16 x 32	40 %
@MingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
@MingLiU-ExtB	Roman	Regular	Western	16 x 32	40 %
@MS Gothic	Modern	Regular	Baltic	16 x 32	40 %
@MS Gothic	Modern	Regular	Central European	16 x 32	40 %
@MS Gothic	Modern	Regular	Cyrillic	16 x 32	40 %
@MS Gothic	Modern	Regular	Greek	16 x 32	40 %
@MS Gothic	Modern	Regular	Japanese	16 x 32	40 %
@MS Gothic	Modern	Regular	Turkish	16 x 32	40 %
@MS Gothic	Modern	Regular	Western	16 x 32	40 %
@MS Mincho	Modern	Regular	Baltic	16 x 32	40 %
@MS Mincho	Modern	Regular	Central European	16 x 32	40 %
@MS Mincho	Modern	Regular	Cyrillic	16 x 32	40 %
@MS Mincho	Modern	Regular	Greek	16 x 32	40 %
@MS Mincho	Modern	Regular	Japanese	16 x 32	40 %
@MS Mincho	Modern	Regular	Turkish	16 x 32	40 %
@MS Mincho	Modern	Regular	Western	16 x 32	40 %
@MS PGothic	Swiss	Regular	Baltic	13 x 32	40 %
@MS PGothic	Swiss	Regular	Central European	13 x 32	40 %
@MS PGothic	Swiss	Regular	Cyrillic	13 x 32	40 %
@MS PGothic	Swiss	Regular	Greek	13 x 32	40 %
@MS PGothic	Swiss	Regular	Japanese	13 x 32	40 %
@MS PGothic	Swiss	Regular	Turkish	13 x 32	40 %
@MS PGothic	Swiss	Regular	Western	13 x 32	40 %
@MS PMincho	Roman	Regular	Baltic	13 x 32	40 %
@MS PMincho	Roman	Regular	Central European	13 x 32	40 %
@MS PMincho	Roman	Regular	Cyrillic	13 x 32	40 %
@MS PMincho	Roman	Regular	Greek	13 x 32	40 %
@MS PMincho	Roman	Regular	Japanese	13 x 32	40 %
@MS PMincho	Roman	Regular	Turkish	13 x 32	40 %
@MS PMincho	Roman	Regular	Western	13 x 32	40 %
@MS UI Gothic	Swiss	Regular	Baltic	13 x 32	40 %
@MS UI Gothic	Swiss	Regular	Central European	13 x 32	40 %
@MS UI Gothic	Swiss	Regular	Cyrillic	13 x 32	40 %
@MS UI Gothic	Swiss	Regular	Greek	13 x 32	40 %
@MS UI Gothic	Swiss	Regular	Japanese	13 x 32	40 %
@MS UI Gothic	Swiss	Regular	Turkish	13 x 32	40 %
@MS UI Gothic	Swiss	Regular	Western	13 x 32	40 %
@NSimSun	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
@NSimSun	Modern	Regular	Western	16 x 32	40 %
@PMingLiU	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
@PMingLiU	Roman	Regular	Western	16 x 32	40 %
@PMingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
@PMingLiU-ExtB	Roman	Regular	Western	16 x 32	40 %
@SimHei	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
@SimHei	Modern	Regular	Western	16 x 32	40 %
@SimSun	Special	Regular	CHINESE_GB2312	16 x 32	40 %
@SimSun	Special	Regular	Western	16 x 32	40 %
@SimSun-ExtB	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
@SimSun-ExtB	Modern	Regular	Western	16 x 32	40 %
Aharoni	Special	Bold	Hebrew	15 x 32	70 %
Andalus	Roman	Regular	Arabic	15 x 49	40 %
Andalus	Roman	Regular	Western	15 x 49	40 %
Angsana New	Roman	Regular	Thai	8 x 43	40 %
Angsana New	Roman	Regular	Western	8 x 43	40 %
AngsanaUPC	Roman	Regular	Thai	8 x 43	40 %
AngsanaUPC	Roman	Regular	Western	8 x 43	40 %
Aparajita	Swiss	Regular	Western	16 x 38	40 %
Arabic Typesetting	Script	Regular	Arabic	9 x 36	40 %
Arabic Typesetting	Script	Regular	Baltic	9 x 36	40 %
Arabic Typesetting	Script	Regular	Central European	9 x 36	40 %
Arabic Typesetting	Script	Regular	Turkish	9 x 36	40 %
Arabic Typesetting	Script	Regular	Western	9 x 36	40 %
Arial Black	Swiss	Regular	Baltic	18 x 45	90 %
Arial Black	Swiss	Regular	Central European	18 x 45	90 %
Arial Black	Swiss	Regular	Cyrillic	18 x 45	90 %
Arial Black	Swiss	Regular	Greek	18 x 45	90 %
Arial Black	Swiss	Regular	Turkish	18 x 45	90 %
Arial Black	Swiss	Regular	Western	18 x 45	90 %
Arial	Swiss	Regular	Arabic	14 x 36	40 %
Arial	Swiss	Regular	Baltic	14 x 36	40 %
Arial	Swiss	Regular	Central European	14 x 36	40 %
Arial	Swiss	Regular	Cyrillic	14 x 36	40 %
Arial	Swiss	Regular	Greek	14 x 36	40 %
Arial	Swiss	Regular	Hebrew	14 x 36	40 %
Arial	Swiss	Regular	Turkish	14 x 36	40 %
Arial	Swiss	Regular	Vietnamese	14 x 36	40 %
Arial	Swiss	Regular	Western	14 x 36	40 %
Batang	Roman	Regular	Baltic	16 x 32	40 %
Batang	Roman	Regular	Central European	16 x 32	40 %
Batang	Roman	Regular	Cyrillic	16 x 32	40 %
Batang	Roman	Regular	Greek	16 x 32	40 %
Batang	Roman	Regular	Hangul	16 x 32	40 %
Batang	Roman	Regular	Turkish	16 x 32	40 %
Batang	Roman	Regular	Western	16 x 32	40 %
BatangChe	Modern	Regular	Baltic	16 x 32	40 %
BatangChe	Modern	Regular	Central European	16 x 32	40 %
BatangChe	Modern	Regular	Cyrillic	16 x 32	40 %
BatangChe	Modern	Regular	Greek	16 x 32	40 %
BatangChe	Modern	Regular	Hangul	16 x 32	40 %
BatangChe	Modern	Regular	Turkish	16 x 32	40 %
BatangChe	Modern	Regular	Western	16 x 32	40 %
Browallia New	Swiss	Regular	Thai	9 x 40	40 %
Browallia New	Swiss	Regular	Western	9 x 40	40 %
BrowalliaUPC	Swiss	Regular	Thai	9 x 40	40 %
BrowalliaUPC	Swiss	Regular	Western	9 x 40	40 %
Calibri	Swiss	Regular	Baltic	17 x 39	40 %
Calibri	Swiss	Regular	Central European	17 x 39	40 %
Calibri	Swiss	Regular	Cyrillic	17 x 39	40 %
Calibri	Swiss	Regular	Greek	17 x 39	40 %
Calibri	Swiss	Regular	Turkish	17 x 39	40 %
Calibri	Swiss	Regular	Vietnamese	17 x 39	40 %
Calibri	Swiss	Regular	Western	17 x 39	40 %
Cambria Math	Roman	Regular	Baltic	20 x 179	40 %
Cambria Math	Roman	Regular	Central European	20 x 179	40 %
Cambria Math	Roman	Regular	Cyrillic	20 x 179	40 %
Cambria Math	Roman	Regular	Greek	20 x 179	40 %
Cambria Math	Roman	Regular	Turkish	20 x 179	40 %
Cambria Math	Roman	Regular	Vietnamese	20 x 179	40 %
Cambria Math	Roman	Regular	Western	20 x 179	40 %
Cambria	Roman	Regular	Baltic	20 x 38	40 %
Cambria	Roman	Regular	Central European	20 x 38	40 %
Cambria	Roman	Regular	Cyrillic	20 x 38	40 %
Cambria	Roman	Regular	Greek	20 x 38	40 %
Cambria	Roman	Regular	Turkish	20 x 38	40 %
Cambria	Roman	Regular	Vietnamese	20 x 38	40 %
Cambria	Roman	Regular	Western	20 x 38	40 %
Candara	Swiss	Regular	Baltic	17 x 39	40 %
Candara	Swiss	Regular	Central European	17 x 39	40 %
Candara	Swiss	Regular	Cyrillic	17 x 39	40 %
Candara	Swiss	Regular	Greek	17 x 39	40 %
Candara	Swiss	Regular	Turkish	17 x 39	40 %
Candara	Swiss	Regular	Vietnamese	17 x 39	40 %
Candara	Swiss	Regular	Western	17 x 39	40 %
Comic Sans MS	Script	Regular	Baltic	15 x 45	40 %
Comic Sans MS	Script	Regular	Central European	15 x 45	40 %
Comic Sans MS	Script	Regular	Cyrillic	15 x 45	40 %
Comic Sans MS	Script	Regular	Greek	15 x 45	40 %
Comic Sans MS	Script	Regular	Turkish	15 x 45	40 %
Comic Sans MS	Script	Regular	Western	15 x 45	40 %
Consolas	Modern	Regular	Baltic	18 x 37	40 %
Consolas	Modern	Regular	Central European	18 x 37	40 %
Consolas	Modern	Regular	Cyrillic	18 x 37	40 %
Consolas	Modern	Regular	Greek	18 x 37	40 %
Consolas	Modern	Regular	Turkish	18 x 37	40 %
Consolas	Modern	Regular	Vietnamese	18 x 37	40 %
Consolas	Modern	Regular	Western	18 x 37	40 %
Constantia	Roman	Regular	Baltic	17 x 39	40 %
Constantia	Roman	Regular	Central European	17 x 39	40 %
Constantia	Roman	Regular	Cyrillic	17 x 39	40 %
Constantia	Roman	Regular	Greek	17 x 39	40 %
Constantia	Roman	Regular	Turkish	17 x 39	40 %
Constantia	Roman	Regular	Vietnamese	17 x 39	40 %
Constantia	Roman	Regular	Western	17 x 39	40 %
Corbel	Swiss	Regular	Baltic	17 x 39	40 %
Corbel	Swiss	Regular	Central European	17 x 39	40 %
Corbel	Swiss	Regular	Cyrillic	17 x 39	40 %
Corbel	Swiss	Regular	Greek	17 x 39	40 %
Corbel	Swiss	Regular	Turkish	17 x 39	40 %
Corbel	Swiss	Regular	Vietnamese	17 x 39	40 %
Corbel	Swiss	Regular	Western	17 x 39	40 %
Cordia New	Swiss	Regular	Thai	9 x 44	40 %
Cordia New	Swiss	Regular	Western	9 x 44	40 %
CordiaUPC	Swiss	Regular	Thai	9 x 44	40 %
CordiaUPC	Swiss	Regular	Western	9 x 44	40 %
Courier New	Modern	Regular	Arabic	19 x 36	40 %
Courier New	Modern	Regular	Baltic	19 x 36	40 %
Courier New	Modern	Regular	Central European	19 x 36	40 %
Courier New	Modern	Regular	Cyrillic	19 x 36	40 %
Courier New	Modern	Regular	Greek	19 x 36	40 %
Courier New	Modern	Regular	Hebrew	19 x 36	40 %
Courier New	Modern	Regular	Turkish	19 x 36	40 %
Courier New	Modern	Regular	Vietnamese	19 x 36	40 %
Courier New	Modern	Regular	Western	19 x 36	40 %
Courier	Modern		Western	8 x 13	40 %
DaunPenh	Special	Regular	Western	12 x 43	40 %
David	Swiss	Regular	Hebrew	13 x 31	40 %
DFKai-SB	Script	Regular	CHINESE_BIG5	16 x 32	40 %
DFKai-SB	Script	Regular	Western	16 x 32	40 %
DilleniaUPC	Roman	Regular	Thai	9 x 42	40 %
DilleniaUPC	Roman	Regular	Western	9 x 42	40 %
DokChampa	Swiss	Regular	Thai	19 x 62	40 %
DokChampa	Swiss	Regular	Western	19 x 62	40 %
Dotum	Swiss	Regular	Baltic	16 x 32	40 %
Dotum	Swiss	Regular	Central European	16 x 32	40 %
Dotum	Swiss	Regular	Cyrillic	16 x 32	40 %
Dotum	Swiss	Regular	Greek	16 x 32	40 %
Dotum	Swiss	Regular	Hangul	16 x 32	40 %
Dotum	Swiss	Regular	Turkish	16 x 32	40 %
Dotum	Swiss	Regular	Western	16 x 32	40 %
DotumChe	Modern	Regular	Baltic	16 x 32	40 %
DotumChe	Modern	Regular	Central European	16 x 32	40 %
DotumChe	Modern	Regular	Cyrillic	16 x 32	40 %
DotumChe	Modern	Regular	Greek	16 x 32	40 %
DotumChe	Modern	Regular	Hangul	16 x 32	40 %
DotumChe	Modern	Regular	Turkish	16 x 32	40 %
DotumChe	Modern	Regular	Western	16 x 32	40 %
Ebrima	Special	Regular	Baltic	19 x 43	40 %
Ebrima	Special	Regular	Central European	19 x 43	40 %
Ebrima	Special	Regular	Turkish	19 x 43	40 %
Ebrima	Special	Regular	Western	19 x 43	40 %
Estrangelo Edessa	Script	Regular	Western	16 x 36	40 %
EucrosiaUPC	Roman	Regular	Thai	9 x 39	40 %
EucrosiaUPC	Roman	Regular	Western	9 x 39	40 %
Euphemia	Swiss	Regular	Western	22 x 42	40 %
FangSong	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
FangSong	Modern	Regular	Western	16 x 32	40 %
Fixedsys	Modern		Western	8 x 15	40 %
Franklin Gothic Medium	Swiss	Regular	Baltic	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Central European	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Cyrillic	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Greek	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Turkish	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Western	14 x 36	40 %
FrankRuehl	Swiss	Regular	Hebrew	13 x 30	40 %
FreesiaUPC	Swiss	Regular	Thai	9 x 38	40 %
FreesiaUPC	Swiss	Regular	Western	9 x 38	40 %
Gabriola	Decorative	Regular	Baltic	16 x 59	40 %
Gabriola	Decorative	Regular	Central European	16 x 59	40 %
Gabriola	Decorative	Regular	Cyrillic	16 x 59	40 %
Gabriola	Decorative	Regular	Greek	16 x 59	40 %
Gabriola	Decorative	Regular	Turkish	16 x 59	40 %
Gabriola	Decorative	Regular	Western	16 x 59	40 %
Gautami	Swiss	Regular	Western	18 x 56	40 %
Georgia	Roman	Regular	Baltic	14 x 36	40 %
Georgia	Roman	Regular	Central European	14 x 36	40 %
Georgia	Roman	Regular	Cyrillic	14 x 36	40 %
Georgia	Roman	Regular	Greek	14 x 36	40 %
Georgia	Roman	Regular	Turkish	14 x 36	40 %
Georgia	Roman	Regular	Western	14 x 36	40 %
Gisha	Swiss	Regular	Hebrew	16 x 38	40 %
Gisha	Swiss	Regular	Western	16 x 38	40 %
Gulim	Swiss	Regular	Baltic	16 x 32	40 %
Gulim	Swiss	Regular	Central European	16 x 32	40 %
Gulim	Swiss	Regular	Cyrillic	16 x 32	40 %
Gulim	Swiss	Regular	Greek	16 x 32	40 %
Gulim	Swiss	Regular	Hangul	16 x 32	40 %
Gulim	Swiss	Regular	Turkish	16 x 32	40 %
Gulim	Swiss	Regular	Western	16 x 32	40 %
GulimChe	Modern	Regular	Baltic	16 x 32	40 %
GulimChe	Modern	Regular	Central European	16 x 32	40 %
GulimChe	Modern	Regular	Cyrillic	16 x 32	40 %
GulimChe	Modern	Regular	Greek	16 x 32	40 %
GulimChe	Modern	Regular	Hangul	16 x 32	40 %
GulimChe	Modern	Regular	Turkish	16 x 32	40 %
GulimChe	Modern	Regular	Western	16 x 32	40 %
Gungsuh	Roman	Regular	Baltic	16 x 32	40 %
Gungsuh	Roman	Regular	Central European	16 x 32	40 %
Gungsuh	Roman	Regular	Cyrillic	16 x 32	40 %
Gungsuh	Roman	Regular	Greek	16 x 32	40 %
Gungsuh	Roman	Regular	Hangul	16 x 32	40 %
Gungsuh	Roman	Regular	Turkish	16 x 32	40 %
Gungsuh	Roman	Regular	Western	16 x 32	40 %
GungsuhChe	Modern	Regular	Baltic	16 x 32	40 %
GungsuhChe	Modern	Regular	Central European	16 x 32	40 %
GungsuhChe	Modern	Regular	Cyrillic	16 x 32	40 %
GungsuhChe	Modern	Regular	Greek	16 x 32	40 %
GungsuhChe	Modern	Regular	Hangul	16 x 32	40 %
GungsuhChe	Modern	Regular	Turkish	16 x 32	40 %
GungsuhChe	Modern	Regular	Western	16 x 32	40 %
Impact	Swiss	Regular	Baltic	13 x 39	40 %
Impact	Swiss	Regular	Central European	13 x 39	40 %
Impact	Swiss	Regular	Cyrillic	13 x 39	40 %
Impact	Swiss	Regular	Greek	13 x 39	40 %
Impact	Swiss	Regular	Turkish	13 x 39	40 %
Impact	Swiss	Regular	Western	13 x 39	40 %
IrisUPC	Swiss	Regular	Thai	9 x 40	40 %
IrisUPC	Swiss	Regular	Western	9 x 40	40 %
Iskoola Pota	Swiss	Regular	Western	22 x 36	40 %
JasmineUPC	Roman	Regular	Thai	9 x 34	40 %
JasmineUPC	Roman	Regular	Western	9 x 34	40 %
KaiTi	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
KaiTi	Modern	Regular	Western	16 x 32	40 %
Kalinga	Swiss	Regular	Western	19 x 48	40 %
Kartika	Roman	Regular	Western	27 x 46	40 %
Khmer UI	Swiss	Regular	Western	21 x 36	40 %
KodchiangUPC	Roman	Regular	Thai	9 x 31	40 %
KodchiangUPC	Roman	Regular	Western	9 x 31	40 %
Kokila	Swiss	Regular	Western	13 x 37	40 %
Lao UI	Swiss	Regular	Western	18 x 43	40 %
Latha	Swiss	Regular	Western	23 x 44	40 %
Leelawadee	Swiss	Regular	Thai	17 x 38	40 %
Leelawadee	Swiss	Regular	Western	17 x 38	40 %
Levenim MT	Special	Regular	Hebrew	16 x 42	40 %
LilyUPC	Swiss	Regular	Thai	9 x 30	40 %
LilyUPC	Swiss	Regular	Western	9 x 30	40 %
Lucida Console	Modern	Regular	Central European	19 x 32	40 %
Lucida Console	Modern	Regular	Cyrillic	19 x 32	40 %
Lucida Console	Modern	Regular	Greek	19 x 32	40 %
Lucida Console	Modern	Regular	Turkish	19 x 32	40 %
Lucida Console	Modern	Regular	Western	19 x 32	40 %
Lucida Sans Unicode	Swiss	Regular	Baltic	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Central European	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Cyrillic	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Greek	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Hebrew	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Turkish	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Western	16 x 49	40 %
Malgun Gothic	Swiss	Regular	Hangul	15 x 43	40 %
Malgun Gothic	Swiss	Regular	Western	15 x 43	40 %
Mangal	Roman	Regular	Western	19 x 54	40 %
Marlett	Special	Regular	Symbol	31 x 32	50 %
Meiryo UI	Swiss	Regular	Baltic	17 x 41	40 %
Meiryo UI	Swiss	Regular	Central European	17 x 41	40 %
Meiryo UI	Swiss	Regular	Cyrillic	17 x 41	40 %
Meiryo UI	Swiss	Regular	Greek	17 x 41	40 %
Meiryo UI	Swiss	Regular	Japanese	17 x 41	40 %
Meiryo UI	Swiss	Regular	Turkish	17 x 41	40 %
Meiryo UI	Swiss	Regular	Western	17 x 41	40 %
Meiryo	Swiss	Regular	Baltic	31 x 48	40 %
Meiryo	Swiss	Regular	Central European	31 x 48	40 %
Meiryo	Swiss	Regular	Cyrillic	31 x 48	40 %
Meiryo	Swiss	Regular	Greek	31 x 48	40 %
Meiryo	Swiss	Regular	Japanese	31 x 48	40 %
Meiryo	Swiss	Regular	Turkish	31 x 48	40 %
Meiryo	Swiss	Regular	Western	31 x 48	40 %
Microsoft Himalaya	Special	Regular	Western	13 x 32	40 %
Microsoft JhengHei	Swiss	Regular	CHINESE_BIG5	15 x 43	40 %
Microsoft JhengHei	Swiss	Regular	Greek	15 x 43	40 %
Microsoft JhengHei	Swiss	Regular	Western	15 x 43	40 %
Microsoft New Tai Lue	Swiss	Regular	Western	19 x 42	40 %
Microsoft PhagsPa	Swiss	Regular	Western	24 x 41	40 %
Microsoft Sans Serif	Swiss	Regular	Arabic	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Baltic	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Central European	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Cyrillic	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Greek	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Hebrew	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Thai	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Turkish	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Vietnamese	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Western	14 x 36	40 %
Microsoft Tai Le	Swiss	Regular	Western	19 x 41	40 %
Microsoft Uighur	Special	Regular	Arabic	13 x 32	40 %
Microsoft Uighur	Special	Regular	Western	13 x 32	40 %
Microsoft YaHei	Swiss	Regular	Central European	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	CHINESE_GB2312	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	Cyrillic	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	Greek	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	Turkish	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	Western	15 x 42	40 %
Microsoft Yi Baiti	Script	Regular	Western	21 x 32	40 %
MingLiU_HKSCS	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
MingLiU_HKSCS	Roman	Regular	Western	16 x 32	40 %
MingLiU_HKSCS-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
MingLiU_HKSCS-ExtB	Roman	Regular	Western	16 x 32	40 %
MingLiU	Modern	Regular	CHINESE_BIG5	16 x 32	40 %
MingLiU	Modern	Regular	Western	16 x 32	40 %
MingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
MingLiU-ExtB	Roman	Regular	Western	16 x 32	40 %
Miriam Fixed	Modern	Regular	Hebrew	19 x 32	40 %
Miriam	Swiss	Regular	Hebrew	13 x 32	40 %
Modern	Modern		OEM/DOS	19 x 37	40 %
Mongolian Baiti	Script	Regular	Western	14 x 34	40 %
MoolBoran	Swiss	Regular	Western	13 x 43	40 %
MS Gothic	Modern	Regular	Baltic	16 x 32	40 %
MS Gothic	Modern	Regular	Central European	16 x 32	40 %
MS Gothic	Modern	Regular	Cyrillic	16 x 32	40 %
MS Gothic	Modern	Regular	Greek	16 x 32	40 %
MS Gothic	Modern	Regular	Japanese	16 x 32	40 %
MS Gothic	Modern	Regular	Turkish	16 x 32	40 %
MS Gothic	Modern	Regular	Western	16 x 32	40 %
MS Mincho	Modern	Regular	Baltic	16 x 32	40 %
MS Mincho	Modern	Regular	Central European	16 x 32	40 %
MS Mincho	Modern	Regular	Cyrillic	16 x 32	40 %
MS Mincho	Modern	Regular	Greek	16 x 32	40 %
MS Mincho	Modern	Regular	Japanese	16 x 32	40 %
MS Mincho	Modern	Regular	Turkish	16 x 32	40 %
MS Mincho	Modern	Regular	Western	16 x 32	40 %
MS PGothic	Swiss	Regular	Baltic	13 x 32	40 %
MS PGothic	Swiss	Regular	Central European	13 x 32	40 %
MS PGothic	Swiss	Regular	Cyrillic	13 x 32	40 %
MS PGothic	Swiss	Regular	Greek	13 x 32	40 %
MS PGothic	Swiss	Regular	Japanese	13 x 32	40 %
MS PGothic	Swiss	Regular	Turkish	13 x 32	40 %
MS PGothic	Swiss	Regular	Western	13 x 32	40 %
MS PMincho	Roman	Regular	Baltic	13 x 32	40 %
MS PMincho	Roman	Regular	Central European	13 x 32	40 %
MS PMincho	Roman	Regular	Cyrillic	13 x 32	40 %
MS PMincho	Roman	Regular	Greek	13 x 32	40 %
MS PMincho	Roman	Regular	Japanese	13 x 32	40 %
MS PMincho	Roman	Regular	Turkish	13 x 32	40 %
MS PMincho	Roman	Regular	Western	13 x 32	40 %
MS Sans Serif	Swiss		Western	5 x 13	40 %
MS Serif	Roman		Western	5 x 13	40 %
MS UI Gothic	Swiss	Regular	Baltic	13 x 32	40 %
MS UI Gothic	Swiss	Regular	Central European	13 x 32	40 %
MS UI Gothic	Swiss	Regular	Cyrillic	13 x 32	40 %
MS UI Gothic	Swiss	Regular	Greek	13 x 32	40 %
MS UI Gothic	Swiss	Regular	Japanese	13 x 32	40 %
MS UI Gothic	Swiss	Regular	Turkish	13 x 32	40 %
MS UI Gothic	Swiss	Regular	Western	13 x 32	40 %
MV Boli	Special	Regular	Western	18 x 52	40 %
Narkisim	Swiss	Regular	Hebrew	12 x 32	40 %
NSimSun	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
NSimSun	Modern	Regular	Western	16 x 32	40 %
Nyala	Special	Regular	Baltic	18 x 33	40 %
Nyala	Special	Regular	Central European	18 x 33	40 %
Nyala	Special	Regular	Turkish	18 x 33	40 %
Nyala	Special	Regular	Western	18 x 33	40 %
Palatino Linotype	Roman	Regular	Baltic	14 x 43	40 %
Palatino Linotype	Roman	Regular	Central European	14 x 43	40 %
Palatino Linotype	Roman	Regular	Cyrillic	14 x 43	40 %
Palatino Linotype	Roman	Regular	Greek	14 x 43	40 %
Palatino Linotype	Roman	Regular	Turkish	14 x 43	40 %
Palatino Linotype	Roman	Regular	Vietnamese	14 x 43	40 %
Palatino Linotype	Roman	Regular	Western	14 x 43	40 %
Plantagenet Cherokee	Roman	Regular	Western	14 x 41	40 %
PMingLiU	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
PMingLiU	Roman	Regular	Western	16 x 32	40 %
PMingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
PMingLiU-ExtB	Roman	Regular	Western	16 x 32	40 %
Raavi	Swiss	Regular	Western	13 x 53	40 %
Rod	Modern	Regular	Hebrew	19 x 31	40 %
Roman	Roman		OEM/DOS	22 x 37	40 %
Sakkal Majalla	Special	Regular	Arabic	16 x 45	40 %
Sakkal Majalla	Special	Regular	Baltic	16 x 45	40 %
Sakkal Majalla	Special	Regular	Central European	16 x 45	40 %
Sakkal Majalla	Special	Regular	Turkish	16 x 45	40 %
Sakkal Majalla	Special	Regular	Western	16 x 45	40 %
Script	Script		OEM/DOS	16 x 36	40 %
Segoe Print	Special	Regular	Baltic	21 x 56	40 %
Segoe Print	Special	Regular	Central European	21 x 56	40 %
Segoe Print	Special	Regular	Cyrillic	21 x 56	40 %
Segoe Print	Special	Regular	Greek	21 x 56	40 %
Segoe Print	Special	Regular	Turkish	21 x 56	40 %
Segoe Print	Special	Regular	Western	21 x 56	40 %
Segoe Script	Swiss	Regular	Baltic	22 x 51	40 %
Segoe Script	Swiss	Regular	Central European	22 x 51	40 %
Segoe Script	Swiss	Regular	Cyrillic	22 x 51	40 %
Segoe Script	Swiss	Regular	Greek	22 x 51	40 %
Segoe Script	Swiss	Regular	Turkish	22 x 51	40 %
Segoe Script	Swiss	Regular	Western	22 x 51	40 %
Segoe UI Light	Swiss	Regular	Baltic	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Central European	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Cyrillic	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Greek	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Turkish	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Vietnamese	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Western	17 x 43	30 %
Segoe UI Semibold	Swiss	Regular	Baltic	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Central European	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Cyrillic	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Greek	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Turkish	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Vietnamese	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Western	18 x 43	60 %
Segoe UI Symbol	Swiss	Regular	Western	23 x 43	40 %
Segoe UI	Swiss	Regular	Arabic	17 x 43	40 %
Segoe UI	Swiss	Regular	Baltic	17 x 43	40 %
Segoe UI	Swiss	Regular	Central European	17 x 43	40 %
Segoe UI	Swiss	Regular	Cyrillic	17 x 43	40 %
Segoe UI	Swiss	Regular	Greek	17 x 43	40 %
Segoe UI	Swiss	Regular	Turkish	17 x 43	40 %
Segoe UI	Swiss	Regular	Vietnamese	17 x 43	40 %
Segoe UI	Swiss	Regular	Western	17 x 43	40 %
Shonar Bangla	Swiss	Regular	Western	16 x 41	40 %
Shruti	Swiss	Regular	Western	14 x 54	40 %
SimHei	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
SimHei	Modern	Regular	Western	16 x 32	40 %
Simplified Arabic Fixed	Modern	Regular	Arabic	19 x 35	40 %
Simplified Arabic Fixed	Modern	Regular	Western	19 x 35	40 %
Simplified Arabic	Roman	Regular	Arabic	13 x 53	40 %
Simplified Arabic	Roman	Regular	Western	13 x 53	40 %
SimSun	Special	Regular	CHINESE_GB2312	16 x 32	40 %
SimSun	Special	Regular	Western	16 x 32	40 %
SimSun-ExtB	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
SimSun-ExtB	Modern	Regular	Western	16 x 32	40 %
Small Fonts	Swiss		Western	1 x 3	40 %
Sylfaen	Roman	Regular	Baltic	13 x 42	40 %
Sylfaen	Roman	Regular	Central European	13 x 42	40 %
Sylfaen	Roman	Regular	Cyrillic	13 x 42	40 %
Sylfaen	Roman	Regular	Greek	13 x 42	40 %
Sylfaen	Roman	Regular	Turkish	13 x 42	40 %
Sylfaen	Roman	Regular	Western	13 x 42	40 %
Symbol	Roman	Regular	Symbol	19 x 39	40 %
System	Swiss		Western	7 x 16	70 %
Tahoma	Swiss	Regular	Arabic	14 x 39	40 %
Tahoma	Swiss	Regular	Baltic	14 x 39	40 %
Tahoma	Swiss	Regular	Central European	14 x 39	40 %
Tahoma	Swiss	Regular	Cyrillic	14 x 39	40 %
Tahoma	Swiss	Regular	Greek	14 x 39	40 %
Tahoma	Swiss	Regular	Hebrew	14 x 39	40 %
Tahoma	Swiss	Regular	Thai	14 x 39	40 %
Tahoma	Swiss	Regular	Turkish	14 x 39	40 %
Tahoma	Swiss	Regular	Vietnamese	14 x 39	40 %
Tahoma	Swiss	Regular	Western	14 x 39	40 %
Terminal	Modern		OEM/DOS	8 x 12	40 %
Times New Roman	Roman	Regular	Arabic	13 x 35	40 %
Times New Roman	Roman	Regular	Baltic	13 x 35	40 %
Times New Roman	Roman	Regular	Central European	13 x 35	40 %
Times New Roman	Roman	Regular	Cyrillic	13 x 35	40 %
Times New Roman	Roman	Regular	Greek	13 x 35	40 %
Times New Roman	Roman	Regular	Hebrew	13 x 35	40 %
Times New Roman	Roman	Regular	Turkish	13 x 35	40 %
Times New Roman	Roman	Regular	Vietnamese	13 x 35	40 %
Times New Roman	Roman	Regular	Western	13 x 35	40 %
Traditional Arabic	Roman	Regular	Arabic	15 x 48	40 %
Traditional Arabic	Roman	Regular	Western	15 x 48	40 %
Trebuchet MS	Swiss	Regular	Baltic	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Central European	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Cyrillic	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Greek	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Turkish	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Western	15 x 37	40 %
Tunga	Swiss	Regular	Western	18 x 53	40 %
Utsaah	Swiss	Regular	Western	13 x 36	40 %
Vani	Swiss	Regular	Western	23 x 54	40 %
Verdana	Swiss	Regular	Baltic	16 x 39	40 %
Verdana	Swiss	Regular	Central European	16 x 39	40 %
Verdana	Swiss	Regular	Cyrillic	16 x 39	40 %
Verdana	Swiss	Regular	Greek	16 x 39	40 %
Verdana	Swiss	Regular	Turkish	16 x 39	40 %
Verdana	Swiss	Regular	Vietnamese	16 x 39	40 %
Verdana	Swiss	Regular	Western	16 x 39	40 %
Vijaya	Swiss	Regular	Western	19 x 32	40 %
Vrinda	Swiss	Regular	Western	20 x 44	40 %
Webdings	Roman	Regular	Symbol	31 x 32	40 %
Wingdings	Special	Regular	Symbol	28 x 36	40 %

Windows Audio


Device	Identifier	Device Description
midi-out.0	0001 001B	Microsoft GS Wavetable Synth
mixer.0	0001 FFFF	Speakers (High Definition Audio
mixer.1	0001 FFFF	Microphone (High Definition Aud
mixer.2	0001 FFFF	Microphone (High Definition Aud
wave-in.0	0001 FFFF	Microphone (High Definition Aud
wave-in.1	0001 FFFF	Microphone (High Definition Aud
wave-out.0	0001 FFFF	Speakers (High Definition Audio

PCI / PnP Audio


		Device Description	Type
		nVIDIA HDMI/DP @ nVIDIA GF119 - High Definition Audio Controller	PCI
		Realtek ALC269 @ Intel Cougar Point PCH - High Definition Audio Controller [B-3]	PCI

HD Audio


[ Intel Cougar Point PCH - High Definition Audio Controller [B-3] ]

	Device Properties:
		Device Description	Intel Cougar Point PCH - High Definition Audio Controller [B-3]
		Device Description (Windows)	High Definition Audio Controller
		Bus Type	PCI
		Bus / Device / Function	0 / 27 / 0
		Device ID	8086-1C20
		Subsystem ID	1043-1AD3
		Revision	05
		Hardware ID	PCI\VEN_8086&DEV_1C20&SUBSYS_1AD31043&REV_05

	Device Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ Realtek ALC269 ]

	Device Properties:
		Device Description	Realtek ALC269
		Device Description (Windows)	High Definition Audio Device
		Device Type	Audio
		Bus Type	HDAUDIO
		Device ID	10EC-0269
		Subsystem ID	1043-1AD3
		Revision	1001
		Hardware ID	HDAUDIO\FUNC_01&VEN_10EC&DEV_0269&SUBSYS_10431AD3&REV_1001

	Device Manufacturer:
		Company Name	Realtek Semiconductor Corp.
		Product Information	http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=8&PFid=14&Level=3&Conn=2
		Driver Download	http://www.realtek.com.tw/downloads
		Driver Update	http://www.aida64.com/driver-updates

[ nVIDIA GF119 - High Definition Audio Controller ]

	Device Properties:
		Device Description	nVIDIA GF119 - High Definition Audio Controller
		Device Description (Windows)	High Definition Audio Controller
		Bus Type	PCI
		Bus / Device / Function	1 / 0 / 1
		Device ID	10DE-0E08
		Subsystem ID	0000-0000
		Revision	A1
		Hardware ID	PCI\VEN_10DE&DEV_0E08&SUBSYS_00000000&REV_A1

	Device Manufacturer:
		Company Name	NVIDIA Corporation
		Product Information	http://www.nvidia.com/page/mobo.html
		Driver Download	http://www.nvidia.com/content/drivers/drivers.asp
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ nVIDIA HDMI/DP ]

	Device Properties:
		Device Description	nVIDIA HDMI/DP
		Device Description (Windows)	NVIDIA High Definition Audio
		Device Type	Audio
		Bus Type	HDAUDIO
		Device ID	10DE-001C
		Subsystem ID	0000-0000
		Revision	1001
		Hardware ID	HDAUDIO\FUNC_01&VEN_10DE&DEV_001C&SUBSYS_00000000&REV_1001

	Device Manufacturer:
		Company Name	NVIDIA Corporation
		Product Information	http://www.nvidia.com/page/mobo.html
		Driver Download	http://www.nvidia.com/content/drivers/drivers.asp
		Driver Update	http://www.aida64.com/driver-updates

Audio Codecs


[ Fraunhofer IIS MPEG Layer-3 Codec (decode only) ]

	ACM Driver Properties:
		Driver Description	Fraunhofer IIS MPEG Layer-3 Codec (decode only)
		Copyright Notice	Copyright © 1996-1999 Fraunhofer Institut Integrierte Schaltungen IIS
		Driver Features	decoder only version
		Driver Version	1.09

[ Microsoft ADPCM CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft ADPCM CODEC
		Copyright Notice	Copyright (C) 1992-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses Microsoft ADPCM audio data.
		Driver Version	4.00

[ Microsoft CCITT G.711 A-Law and u-Law CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft CCITT G.711 A-Law and u-Law CODEC
		Copyright Notice	Copyright (c) 1993-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses CCITT G.711 A-Law and u-Law audio data.
		Driver Version	4.00

[ Microsoft GSM 6.10 Audio CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft GSM 6.10 Audio CODEC
		Copyright Notice	Copyright (C) 1993-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses audio data conforming to the ETSI-GSM (European Telecommunications Standards Institute-Groupe Special Mobile) recommendation 6.10.
		Driver Version	4.00

[ Microsoft IMA ADPCM CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft IMA ADPCM CODEC
		Copyright Notice	Copyright (C) 1992-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses IMA ADPCM audio data.
		Driver Version	4.00

[ Microsoft PCM Converter ]

	ACM Driver Properties:
		Driver Description	Microsoft PCM Converter
		Copyright Notice	Copyright (C) 1992-1996 Microsoft Corporation
		Driver Features	Converts frequency and bits per sample of PCM audio data.
		Driver Version	5.00

Video Codecs


Driver	Version	Description
iccvid.dll	1.10.0.11	Cinepak® Codec
iyuv_32.dll	6.1.7600.16385 (win7_rtm.090713-1255)	Intel Indeo(R) Video YUV Codec
msrle32.dll	6.1.7600.16385 (win7_rtm.090713-1255)	Microsoft RLE Compressor
msvidc32.dll	6.1.7600.16385 (win7_rtm.090713-1255)	Microsoft Video 1 Compressor
msyuv.dll	6.1.7601.17514 (win7sp1_rtm.101119-1850)	Microsoft UYVY Video Decompressor
tsbyuv.dll	6.1.7601.17514 (win7sp1_rtm.101119-1850)	Toshiba Video Codec

MCI


[ AVIVideo ]

	MCI Device Properties:
		Device	AVIVideo
		Name	Video for Windows
		Description	Video For Windows MCI driver
		Type	Digital Video Device
		Driver	mciavi32.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Play In Reverse	Yes
		Can Record	No
		Can Save Data	No
		Can Freeze Data	No
		Can Lock Data	No
		Can Stretch Frame	Yes
		Can Stretch Input	No
		Can Test	Yes
		Audio Capable	Yes
		Video Capable	Yes
		Still Image Capable	No

[ CDAudio ]

	MCI Device Properties:
		Device	CDAudio
		Name	CD Audio
		Description	MCI driver for cdaudio devices
		Type	CD Audio Device
		Driver	mcicda.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	No
		File Based Device	No
		Can Eject	Yes
		Can Play	Yes
		Can Record	No
		Can Save Data	No
		Audio Capable	Yes
		Video Capable	No

[ MPEGVideo ]

	MCI Device Properties:
		Device	MPEGVideo
		Name	DirectShow
		Description	DirectShow MCI Driver
		Type	Digital Video Device
		Driver	mciqtz32.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Play In Reverse	No
		Can Record	No
		Can Save Data	No
		Can Freeze Data	No
		Can Lock Data	No
		Can Stretch Frame	Yes
		Can Stretch Input	No
		Can Test	Yes
		Audio Capable	Yes
		Video Capable	Yes
		Still Image Capable	No

[ Sequencer ]

	MCI Device Properties:
		Device	Sequencer
		Name	MIDI Sequencer
		Description	MCI driver for MIDI sequencer
		Type	Sequencer Device
		Driver	mciseq.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Record	No
		Can Save Data	No
		Audio Capable	Yes
		Video Capable	No

[ WaveAudio ]

	MCI Device Properties:
		Device	WaveAudio
		Name	Sound
		Description	MCI driver for waveform audio
		Type	Waveform Audio Device
		Driver	mciwave.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Record	Yes
		Can Save Data	Yes
		Audio Capable	Yes
		Video Capable	No

SAPI


SAPI Properties:
	SAPI4 Version	-
	SAPI5 Version	5.3.13120.0

Voice (SAPI5):
	Name	Microsoft Anna - English (United States)
	Description	Microsoft Anna - English (United States)
	Voice Name	M1033DSK
	Voice Path	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk
	Age	Adult
	Gender	Female
	Language	English (United States)
	Vendor	Microsoft
	Version	2.0
	DLL File	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll (x86)
	CLSID	{F51C7B23-6566-424C-94CF-2C4F83EE96FF}
	Frontend	{55DFB4F7-4175-4B3B-B247-D9B399ADB119}

Speech Recognizer (SAPI5):
	Name	Microsoft Speech Recognizer 8.0 for Windows (English - UK)
	Description	Microsoft Speech Recognizer 8.0 for Windows (English - UK)
	FE Config Data File	C:\Windows\Speech\Engines\SR\en-GB\c2057dsk.fe
	Language	English (United Kingdom)
	Speaking Style	Discrete;Continuous
	Supported Locales	English (United Kingdom); English (Australia); English (New Zealand); English (Ireland); English (South Africa); English (Jamaica); English (Caribbean); English (Belize); English (Trinidad and Tobago); English (Zimbabwe); English (India); English (Malaysia); English (Singapore); English
	Vendor	Microsoft
	Version	8.0
	DLL File	C:\Windows\System32\Speech\Engines\SR\spsreng.dll (x64)
	CLSID	{DAC9F469-0C67-4643-9258-87EC128C5941}
	RecoExtension	{4F4DB904-CA35-4A3A-90AF-C9D8BE7532AC}

Speech Recognizer (SAPI5):
	Name	Microsoft Speech Recognizer 8.0 for Windows (English - US)
	Description	Microsoft Speech Recognizer 8.0 for Windows (English - US)
	FE Config Data File	C:\Windows\Speech\Engines\SR\en-US\c1033dsk.fe
	Language	English (United States); English
	Speaking Style	Discrete;Continuous
	Supported Locales	English (United States); English (Canada); English (Republic of the Philippines); English
	Vendor	Microsoft
	Version	8.0
	DLL File	C:\Windows\System32\Speech\Engines\SR\spsreng.dll (x64)
	CLSID	{DAC9F469-0C67-4643-9258-87EC128C5941}
	RecoExtension	{4F4DB904-CA35-4A3A-90AF-C9D8BE7532AC}

Windows Storage


[ INTEL SSDSC2BW120A4 ]

	Device Properties:
		Driver Description	INTEL SSDSC2BW120A4
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	disk.inf
		INF Section	disk_install.NT

	SSD Physical Info:
		Manufacturer	Intel
		SSD Family	530
		Family Code Name	Dale Crest
		Form Factor	2.5"
		Formatted Capacity	120 GB
		Controller Type	SandForce SF-2281
		Flash Memory Type	Intel 20nm MLC NAND
		Physical Dimensions	100.45 x 69.85 x 7 mm
		Max. Weight	78 g
		Max. Sequential Read Speed	540 MB/s
		Max. Sequential Write Speed	480 MB/s
		Max. Random 4 KB Read	24000 IOPS
		Max. Random 4 KB Write	80000 IOPS
		Interface	SATA-III
		Interface Data Rate	600 MB/s
		Buffer Size	0

	Device Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/design/flash/nand/productinformation.htm

[ NORELSYS 106X USB Device ]

	Device Properties:
		Driver Description	NORELSYS 106X USB Device
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	disk.inf
		INF Section	disk_install.NT

[ HL-DT-ST DVDRAM GT51N ]

	Device Properties:
		Driver Description	HL-DT-ST DVDRAM GT51N
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	cdrom.inf
		INF Section	cdrom_install

	Device Manufacturer:
		Company Name	LG Electronics
		Product Information	http://www.lg.com/us/data-storage
		Firmware Download	http://www.lg.com/us/support

[ Intel(R) Mobile Express Chipset SATA AHCI Controller ]

	Device Properties:
		Driver Description	Intel(R) Mobile Express Chipset SATA AHCI Controller
		Driver Date	2/1/2012
		Driver Version	11.1.0.1006
		Driver Provider	Intel
		INF File	oem10.inf
		INF Section	iaStor_Install

	Device Resources:
		IRQ	19
		Memory	DFA06000-DFA067FF
		Port	E020-E03F
		Port	E040-E043
		Port	E050-E057
		Port	E060-E063
		Port	E070-E077

Logical Drives


Drive	Drive Type	File System	Total Size	Used Space	Free Space	% Free	Volume Serial
C:	Local Disk	NTFS	37249 MB	24572 MB	12676 MB	34 %	3AB1-FF25
D:	Optical Drive
E: (MINI1)	Local Disk	FAT32	8176 MB	1768 MB	6408 MB	78 %	B6B4-1EE4
F: (DATA)	Local Disk	NTFS	256282 MB	65025 MB	191256 MB	75 %	821E-D843

Physical Drives


[ Drive #1 - INTEL SSDSC2BW120A4 (111 GB) ]

	Partition	Partition Type	Drive	Start Offset	Partition Length
	#1	EFI System		0 MB	200 MB
	#2	Unknown (GUID: {48465300-0000-11AA-AA11-00306543ECAC})		200 MB	76768 MB
	#3	MS Reserved		76969 MB	127 MB
	#4	Basic Data	C:	77096 MB	37249 MB

[ Drive #2 - NORELSYS106X (465 GB) ]

	Partition	Partition Type	Drive	Start Offset	Partition Length
	#1	EFI System		1 MB	300 MB
	#2	Unknown (GUID: {48465300-0000-11AA-AA11-00306543ECAC})		301 MB	98304 MB
	#3	Unknown (GUID: {426F6F74-0000-11AA-AA11-00306543ECAC})		98605 MB	619 MB
	#4	MS Reserved		99225 MB	128 MB
	#5	Unknown (GUID: {48465300-0000-11AA-AA11-00306543ECAC})		99353 MB	104921 MB
	#6	Unknown (GUID: {48465300-0000-11AA-AA11-00306543ECAC})		204274 MB	8064 MB
	#7	Basic Data	E: (MINI1)	212466 MB	8192 MB
	#8	Basic Data	F: (DATA)	220658 MB	256282 MB

Optical Drives


[ D:\ HL-DT-ST DVDRAM GT51N ]

	Optical Drive Properties:
		Device Description	HL-DT-ST DVDRAM GT51N
		Serial Number	KZCC6GF5440
		Firmware Revision	AS00
		Firmware Date	8/19/2011
		Buffer Size	1 MB
		Region Code	None
		Remaining User Changes	5
		Remaining Vendor Changes	4

	Supported Disk Types:
		BD-ROM	Not Supported
		BD-R	Not Supported
		BD-RE	Not Supported
		HD DVD-ROM	Not Supported
		HD DVD-R Dual Layer	Not Supported
		HD DVD-RW Dual Layer	Not Supported
		HD DVD-R	Not Supported
		HD DVD-RW	Not Supported
		HD DVD-RAM	Not Supported
		DVD-ROM	Read
		DVD+R9 Dual Layer	Read + Write
		DVD+RW9 Dual Layer	Not Supported
		DVD+R	Read + Write
		DVD+RW	Read + Write
		DVD-R9 Dual Layer	Read + Write
		DVD-RW9 Dual Layer	Not Supported
		DVD-R	Read + Write
		DVD-RW	Read + Write
		DVD-RAM	Read + Write
		CD-ROM	Read
		CD-R	Read + Write
		CD-RW	Read + Write

	Optical Drive Features:
		AACS	Not Supported
		BD CPS	Not Supported
		Buffer Underrun Protection	Supported
		C2 Error Pointers	Supported
		CD+G	Not Supported
		CD-Text	Supported
		DVD-Download Disc Recording	Not Supported
		Hybrid Disc	Not Supported
		JustLink	Not Supported
		CPRM	Supported
		CSS	Supported
		LabelFlash	Not Supported
		Layer-Jump Recording	Supported
		LightScribe	Not Supported
		Mount Rainier	Not Supported
		OSSC	Not Supported
		Qflix Recording	Not Supported
		SecurDisc	Not Supported
		SMART	Not Supported
		VCPS	Not Supported

ASPI


Host	ID	LUN	Device Type	Vendor	Model	Rev	Extra Information
00	00	00	Disk Drive	INTEL SS	DSC2BW120A4
00	01	00	Optical Drive	HL-DT-ST	DVDRAM GT51N
00	07	00	Host Adapter	iaStor

ATA


[ INTEL SSDSC2BW120A4 (CVDA5151005P1207GN) ]

	ATA Device Properties:
		Model ID	INTEL SSDSC2BW120A4
		Serial Number	CVDA5151005P1207GN
		Revision	DC32
		World Wide Name	5-5CD2E4-04BFCE73B
		Device Type	SATA-III
		Parameters	232581 cylinders, 16 heads, 63 sectors per track, 512 bytes per sector
		LBA Sectors	234441648
		Physical / Logical Sector Size	512 bytes / 512 bytes
		Multiple Sectors	16
		Max. PIO Transfer Mode	PIO 4
		Max. MWDMA Transfer Mode	MWDMA 2
		Max. UDMA Transfer Mode	UDMA 6
		Active UDMA Transfer Mode	UDMA 6
		Unformatted Capacity	114473 MB
		Rotational Speed	SSD
		ATA Standard	ACS-2

	ATA Device Features:
		48-bit LBA	Supported, Enabled
		Automatic Acoustic Management (AAM)	Not Supported
		Device Configuration Overlay (DCO)	Not Supported
		DMA Setup Auto-Activate	Supported, Enabled
		Free-Fall Control	Not Supported
		General Purpose Logging (GPL)	Supported, Enabled
		Hardware Feature Control	Not Supported
		Host Protected Area (HPA)	Supported, Enabled
		HPA Security Extensions	Not Supported
		Hybrid Information Feature	Not Supported
		In-Order Data Delivery	Not Supported
		Native Command Queuing (NCQ)	Supported
		NCQ Autosense	Not Supported
		NCQ Priority Information	Not Supported
		NCQ Queue Management Command	Not Supported
		NCQ Streaming	Not Supported
		Phy Event Counters	Supported
		Read Look-Ahead	Supported, Enabled
		Release Interrupt	Not Supported
		Security Mode	Supported, Disabled
		Sense Data Reporting (SDR)	Not Supported
		Service Interrupt	Not Supported
		SMART	Supported, Enabled
		SMART Error Logging	Supported, Enabled
		SMART Self-Test	Supported, Enabled
		Software Settings Preservation (SSP)	Supported, Disabled
		Streaming	Not Supported
		Tagged Command Queuing (TCQ)	Not Supported
		Write Cache	Supported, Enabled
		Write-Read-Verify	Not Supported

	SSD Features:
		Data Set Management	Supported
		Deterministic Read After TRIM	Supported
		TRIM Command	Supported

	Power Management Features:
		Advanced Power Management	Supported, Enabled
		Automatic Partial to Slumber Transitions (APST)	Disabled
		Device Initiated Interface Power Management (DIPM)	Supported, Enabled
		Device Sleep (DEVSLP)	Supported
		Extended Power Conditions (EPC)	Not Supported
		Host Initiated Interface Power Management (HIPM)	Supported
		IDLE IMMEDIATE With UNLOAD FEATURE	Supported, Enabled
		Link Power State Device Sleep	Supported, Disabled
		Power Management	Supported, Enabled
		Power-Up In Standby (PUIS)	Supported, Disabled

	ATA Commands:
		DEVICE RESET	Not Supported
		DOWNLOAD MICROCODE	Supported, Enabled
		FLUSH CACHE	Supported, Enabled
		FLUSH CACHE EXT	Supported, Enabled
		NOP	Supported, Enabled
		READ BUFFER	Supported, Enabled
		WRITE BUFFER	Supported, Enabled

	SSD Physical Info:
		Manufacturer	Intel
		SSD Family	530
		Family Code Name	Dale Crest
		Form Factor	2.5"
		Formatted Capacity	120 GB
		Controller Type	SandForce SF-2281
		Flash Memory Type	Intel 20nm MLC NAND
		Physical Dimensions	100.45 x 69.85 x 7 mm
		Max. Weight	78 g
		Max. Sequential Read Speed	540 MB/s
		Max. Sequential Write Speed	480 MB/s
		Max. Random 4 KB Read	24000 IOPS
		Max. Random 4 KB Write	80000 IOPS
		Interface	SATA-III
		Interface Data Rate	600 MB/s
		Buffer Size	0

	Device Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/design/flash/nand/productinformation.htm
		Driver Update	http://www.aida64.com/driver-updates

[ HGST HTS545050A7E380 (TE951649KSEMWS) ]

	ATA Device Properties:
		Model ID	HGST HTS545050A7E380
		Serial Number	TE951649KSEMWS
		Revision	GG2OACD0
		World Wide Name	5-000CCA-73AF4EE41
		Device Type	SATA-II @ Oxford
		Parameters	969021 cylinders, 16 heads, 63 sectors per track, 512 bytes per sector
		LBA Sectors	976773168
		Physical / Logical Sector Size	4 KB / 512 bytes
		Buffer	8 MB (Dual Ported, Read Ahead)
		Multiple Sectors	16
		Max. PIO Transfer Mode	PIO 4
		Max. MWDMA Transfer Mode	MWDMA 2
		Active MWDMA Transfer Mode	MWDMA 2
		Max. UDMA Transfer Mode	UDMA 6
		Unformatted Capacity	476940 MB
		Form Factor	2.5"
		Rotational Speed	5400 RPM
		ATA Standard	ATA8-ACS

	ATA Device Features:
		48-bit LBA	Supported, Enabled
		Automatic Acoustic Management (AAM)	Not Supported
		Device Configuration Overlay (DCO)	Supported, Enabled
		DMA Setup Auto-Activate	Supported, Disabled
		Free-Fall Control	Not Supported
		General Purpose Logging (GPL)	Supported, Enabled
		Hardware Feature Control	Not Supported
		Host Protected Area (HPA)	Supported, Enabled
		HPA Security Extensions	Supported, Disabled
		Hybrid Information Feature	Not Supported
		In-Order Data Delivery	Supported, Disabled
		Native Command Queuing (NCQ)	Supported
		NCQ Autosense	Not Supported
		NCQ Priority Information	Supported
		NCQ Queue Management Command	Not Supported
		NCQ Streaming	Not Supported
		Phy Event Counters	Supported
		Read Look-Ahead	Supported, Enabled
		Release Interrupt	Not Supported
		Security Mode	Supported, Disabled
		Sense Data Reporting (SDR)	Not Supported
		Service Interrupt	Not Supported
		SMART	Supported, Enabled
		SMART Error Logging	Supported, Enabled
		SMART Self-Test	Supported, Enabled
		Software Settings Preservation (SSP)	Supported, Enabled
		Streaming	Not Supported
		Tagged Command Queuing (TCQ)	Not Supported
		Write Cache	Supported, Enabled
		Write-Read-Verify	Not Supported

	SSD Features:
		Data Set Management	Not Supported
		Deterministic Read After TRIM	Not Supported
		TRIM Command	Not Supported

	Power Management Features:
		Advanced Power Management	Supported, Enabled
		Automatic Partial to Slumber Transitions (APST)	Disabled
		Device Initiated Interface Power Management (DIPM)	Supported, Disabled
		Device Sleep (DEVSLP)	Not Supported
		Extended Power Conditions (EPC)	Not Supported
		Host Initiated Interface Power Management (HIPM)	Supported
		IDLE IMMEDIATE With UNLOAD FEATURE	Supported, Enabled
		Link Power State Device Sleep	Not Supported
		Power Management	Supported, Enabled
		Power-Up In Standby (PUIS)	Supported, Disabled

	ATA Commands:
		DEVICE RESET	Not Supported
		DOWNLOAD MICROCODE	Supported, Enabled
		FLUSH CACHE	Supported, Enabled
		FLUSH CACHE EXT	Supported, Enabled
		NOP	Supported, Enabled
		READ BUFFER	Supported, Enabled
		WRITE BUFFER	Supported, Enabled

	Disk Device Physical Info:
		Manufacturer	Hitachi
		Hard Disk Family	Travelstar Z5K500
		Form Factor	2.5"
		Formatted Capacity	500 GB
		Disks	1
		Recording Surfaces	2
		Physical Dimensions	100 x 70 x 7 mm
		Max. Weight	95 g
		Average Rotational Latency	5.5 ms
		Rotational Speed	5400 RPM
		Max. Internal Data Rate	1087 Mbit/s
		Average Seek	13 ms
		Track-To-Track Seek	1 ms
		Full Seek	25 ms
		Interface	SATA-II
		Buffer-to-Host Data Rate	300 MB/s
		Buffer Size	8 MB

	Device Manufacturer:
		Company Name	Hitachi Global Storage Technologies
		Product Information	http://www.hgst.com
		Driver Update	http://www.aida64.com/driver-updates

SMART


[ INTEL SSDSC2BW120A4 (CVDA5151005P1207GN) ]

	ID	Attribute Description	Threshold	Value	Worst	Data	Status
	05	Reallocated Sector Count	0	100	100	0	OK: Always passes
	09	Power-On Hours Count	0	100	100	379	OK: Always passes
	0C	Power Cycle Count	0	100	100	779	OK: Always passes
	AA	Available Reserved Space	10	100	100	0	OK: Value is normal
	AB	Program Fail Count	0	100	100	0	OK: Always passes
	AC	Erase Fail Count	0	100	100	0	OK: Always passes
	AE	Unexpected Power Loss	0	100	100	12	OK: Always passes
	B7	SATA Downshift Count	0	100	100	8	OK: Always passes
	B8	End-to-End Error Detection Count	90	100	100	0	OK: Value is normal
	BB	Uncorrectable Error Count	0	100	100	0	OK: Always passes
	BE	Airflow Temperature	0	33	47	23, 47, 33	OK: Always passes
	C0	Unsafe Shutdown Count	0	100	100	12	OK: Always passes
	C7	CRC Error Count	0	100	100	0	OK: Always passes
	E1	Host Writes	0	100	100	1.45 TB	OK: Always passes
	E2	Timed Workload Media Wear	0	100	100	65535	OK: Always passes
	E3	Timed Workload Host Read/Write Ratio	0	100	100	54	OK: Always passes
	E4	Timed Workload Timer	0	100	100	65535	OK: Always passes
	E8	Available Reserved Space	10	100	100	0	OK: Value is normal
	E9	Media Wearout Indicator	0	100	100	0	OK: Always passes
	F1	Total LBAs Written	0	100	100	1.45 TB	OK: Always passes
	F2	Total LBAs Read	0	100	100	1.74 TB	OK: Always passes
	F9	Total NAND Writes	0	100	100	3619 GB	OK: Always passes

[ HGST HTS545050A7E380 (TE951649KSEMWS) ]

	ID	Attribute Description	Threshold	Value	Worst	Data	Status
	01	Raw Read Error Rate	62	100	100	0	OK: Value is normal
	02	Throughput Performance	40	100	100	0	OK: Value is normal
	03	Spinup Time	33	200	200	1	OK: Value is normal
	04	Start/Stop Count	0	62	62	60344	OK: Always passes
	05	Reallocated Sector Count	5	100	100	0	OK: Value is normal
	07	Seek Error Rate	67	100	100	0	OK: Value is normal
	08	Seek Time Performance	40	100	100	0	OK: Value is normal
	09	Power-On Time Count	0	82	82	7916	OK: Always passes
	0A	Spinup Retry Count	60	100	100	0	OK: Value is normal
	0C	Power Cycle Count	0	97	97	5876	OK: Always passes
	BF	Mechanical Shock	0	100	100	0	OK: Always passes
	C0	Power-Off Retract Count	0	100	100	199	OK: Always passes
	C1	Load/Unload Cycle Count	0	12	12	880860	OK: Always passes
	C2	Temperature	0	253	253	50, 14, 23	OK: Always passes
	C4	Reallocation Event Count	0	100	100	0	OK: Always passes
	C5	Current Pending Sector Count	0	100	100	8	OK: Always passes
	C6	Offline Uncorrectable Sector Count	0	100	100	0	OK: Always passes
	C7	Ultra ATA CRC Error Rate	0	200	200	174	OK: Always passes
	DF	Load/Unload Retry Count	0	100	100	0	OK: Always passes

Windows Network


[ Atheros AR9002WB-1NG Wireless Network Adapter ]

	Network Adapter Properties:
		Network Adapter	Atheros AR9002WB-1NG Wireless Network Adapter
		Interface Type	802.11 Wireless Ethernet
		Hardware Address	74-2F-68-9D-7C-23
		Connection Name	Wireless Network Connection
		Connection Speed	150 Mbps
		MTU	1500 bytes
		DHCP Lease Obtained	10/10/2015 1:05:48 PM
		DHCP Lease Expires	10/11/2015 1:05:48 PM
		Bytes Received	104812199 (100.0 MB)
		Bytes Sent	8002490 (7.6 MB)

	Network Adapter Addresses:
		IP / Subnet Mask	192.168.1.7 / 255.255.255.0
		Gateway	192.168.1.3
		DHCP	192.168.1.3
		DNS	192.168.1.1
		DNS	192.168.1.3

	Network Adapter Manufacturer:
		Company Name	Atheros Communications, Inc.
		Product Information	http://www.atheros.com/networking
		Driver Download	http://www.atheros.com
		Driver Update	http://www.aida64.com/driver-updates

[ Realtek PCIe GBE Family Controller ]

	Network Adapter Properties:
		Network Adapter	Realtek PCIe GBE Family Controller
		Interface Type	Ethernet
		Hardware Address	14-DA-E9-AE-18-F6
		Connection Name	Local Area Connection
		MTU	1500 bytes
		Bytes Received	0
		Bytes Sent	0

	Network Adapter Manufacturer:
		Company Name	Realtek Semiconductor Corp.
		Product Information	http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=7&PFid=10&Level=3&Conn=2
		Driver Download	http://www.realtek.com.tw/downloads
		Driver Update	http://www.aida64.com/driver-updates

PCI / PnP Network


		Device Description	Type
		Atheros AR9285 802.11b/g/n Wireless Network Adapter	PCI
		Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter (PHY: Realtek RTL8211/8212)	PCI

IAM


[ Microsoft Communities ]

	Account Properties:
		Account Name	Microsoft Communities
		Account ID	account{455C5063-3156-4F93-B60F-0EA2F5DEAB4E}.oeaccount
		Account Type	News (Default)
		Application Name	Microsoft Windows Mail
		Connection Name	Not Specified (IE Default)
		NNTP Server	msnews.microsoft.com

	Account Features:
		NNTP Prompt For Password	No
		NNTP Secure Authentication	No
		NNTP Secure Connection	No
		NNTP Use Group Descriptions	No
		NNTP Post Using Plain Text Format	No
		NNTP Post Using HTML Format	No

[ Active Directory ]

	Account Properties:
		Account Name	Active Directory
		Account ID	account{A8A3FB2F-0421-4348-BA6E-76B7A66DB123}.oeaccount
		Account Type	LDAP
		Application Name	Microsoft Windows Mail
		Connection Name	Not Specified (IE Default)
		LDAP Server	NULL:3268
		LDAP User Name	NULL
		LDAP Search Base	NULL
		LDAP Search Timeout	1 min

	Account Features:
		LDAP Authentication Required	Yes
		LDAP Secure Authentication	Yes
		LDAP Secure Connection	No
		LDAP Simple Search Filter	No

[ VeriSign Internet Directory Service ]

	Account Properties:
		Account Name	VeriSign Internet Directory Service
		Account ID	account{269ECDA8-A227-4DBC-95E9-FF19D1282E51}.oeaccount
		Account Type	LDAP
		Application Name	Microsoft Windows Mail
		Connection Name	Not Specified (IE Default)
		LDAP Server	directory.verisign.com
		LDAP URL	http://www.verisign.com
		LDAP Search Base	NULL
		LDAP Search Timeout	1 min

	Account Features:
		LDAP Authentication Required	No
		LDAP Secure Authentication	No
		LDAP Secure Connection	No
		LDAP Simple Search Filter	Yes

Internet


Internet Settings:
	Start Page	http://go.microsoft.com/fwlink/?LinkId=69157
	Search Page	http://go.microsoft.com/fwlink/?LinkId=54896
	Local Page	C:\Windows\system32\blank.htm
	Download Folder

Current Proxy:
	Proxy Status	Disabled

LAN Proxy:
	Proxy Status	Disabled

Routes


Type	Net Destination	Netmask	Gateway	Metric	Interface
Active	0.0.0.0	0.0.0.0	192.168.1.3	25	192.168.1.7 (Atheros AR9002WB-1NG Wireless Network Adapter)
Active	127.0.0.0	255.0.0.0	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	127.0.0.1	255.255.255.255	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	127.255.255.255	255.255.255.255	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	192.168.1.0	255.255.255.0	192.168.1.7	281	192.168.1.7 (Atheros AR9002WB-1NG Wireless Network Adapter)
Active	192.168.1.7	255.255.255.255	192.168.1.7	281	192.168.1.7 (Atheros AR9002WB-1NG Wireless Network Adapter)
Active	192.168.1.255	255.255.255.255	192.168.1.7	281	192.168.1.7 (Atheros AR9002WB-1NG Wireless Network Adapter)
Active	224.0.0.0	240.0.0.0	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	224.0.0.0	240.0.0.0	192.168.1.7	281	192.168.1.7 (Atheros AR9002WB-1NG Wireless Network Adapter)
Active	255.255.255.255	255.255.255.255	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	255.255.255.255	255.255.255.255	192.168.1.7	281	192.168.1.7 (Atheros AR9002WB-1NG Wireless Network Adapter)

Browser History


		Last Access	URL
		2015-10-07 13:29:52	huytv@file:///C:/Users/huytv/Downloads/AIDA64%20Extreme%20v5.20.3400/Key.rtf
		2015-10-09 05:51:02	huytv@file:///C:/Users/huytv/AppData/Local/Temp/rpt-1.htm
		2015-10-10 13:07:41	huytv@http://windows.microsoft.com/en-US/internet-explorer/products/ie-8/welcome
		2015-10-10 13:07:42	huytv@http://windows.microsoft.com/en-us/internet-explorer/ie-8-welcome
		2015-10-10 13:07:43	huytv@http://go.microsoft.com/fwlink/?LinkID=121792
		2015-10-10 13:11:53	huytv@file:///C:/Users/huytv/Downloads/USB3_AsMedia_Win7_64_Z11250.zip
		2015-10-10 13:15:57	huytv@file:///C:/Users/huytv/AppData/Local/Temp/rpt-2.htm
		2015-10-10 13:31:36	huytv@file:///C:/Users/huytv/Documents/AIDA64%20Reports/AIDA64-Reports.htm
		2015-10-10 13:38:46	huytv@file:///C:/Users/huytv/AppData/Local/Temp/rpt-3.htm
		2015-10-10 13:49:58	huytv@file:///C:/Users/huytv/Documents/AIDA64%20Reports/Report.htm

DirectX Files


Name	Version	Type	Language	Size	Date
amstream.dll	6.06.7601.17514	Final Retail	English	70656	11/21/2010 10:24:00 AM
bdaplgin.ax	6.01.7600.16385	Final Retail	English	74240	7/14/2009 8:14:10 AM
d2d1.dll	6.01.7601.17514	Final Retail	English	739840	11/21/2010 10:24:22 AM
d3d10.dll	6.01.7600.16385	Final Retail	English	1030144	7/14/2009 8:15:08 AM
d3d10_1.dll	6.01.7600.16385	Final Retail	English	161792	7/14/2009 8:15:08 AM
d3d10_1core.dll	6.01.7601.17514	Final Retail	English	219136	11/21/2010 10:23:50 AM
d3d10core.dll	6.01.7600.16385	Final Retail	English	190464	7/14/2009 8:15:08 AM
d3d10level9.dll	6.01.7601.17514	Final Retail	English	489984	11/21/2010 10:24:34 AM
d3d10warp.dll	6.01.7601.17514	Final Retail	English	1171456	11/21/2010 10:24:18 AM
d3d11.dll	6.01.7601.17514	Final Retail	English	522752	11/21/2010 10:23:56 AM
d3d8.dll	6.01.7600.16385	Final Retail	English	1036800	7/14/2009 8:15:08 AM
d3d8thk.dll	6.01.7600.16385	Final Retail	English	11264	7/14/2009 8:15:08 AM
d3d9.dll	6.01.7601.17514	Final Retail	English	1828352	11/21/2010 10:24:23 AM
d3dim.dll	6.01.7600.16385	Final Retail	English	386048	7/14/2009 8:15:08 AM
d3dim700.dll	6.01.7600.16385	Final Retail	English	817664	7/14/2009 8:15:08 AM
d3dramp.dll	6.01.7600.16385	Final Retail	English	593920	7/14/2009 8:15:08 AM
d3dxof.dll	6.01.7600.16385	Final Retail	English	53760	7/14/2009 8:15:08 AM
ddraw.dll	6.01.7600.16385	Final Retail	English	531968	7/14/2009 8:15:10 AM
ddrawex.dll	6.01.7600.16385	Final Retail	English	30208	7/14/2009 8:15:10 AM
devenum.dll	6.06.7600.16385	Final Retail	English	66560	7/14/2009 8:15:10 AM
dinput.dll	6.01.7600.16385	Final Retail	English	136704	7/14/2009 8:15:11 AM
dinput8.dll	6.01.7600.16385	Final Retail	English	145408	7/14/2009 8:15:11 AM
dmband.dll	6.01.7600.16385	Final Retail	English	30720	7/14/2009 8:15:12 AM
dmcompos.dll	6.01.7600.16385	Final Retail	English	63488	7/14/2009 8:15:12 AM
dmime.dll	6.01.7600.16385	Final Retail	English	179712	7/14/2009 8:15:12 AM
dmloader.dll	6.01.7600.16385	Final Retail	English	38400	7/14/2009 8:15:12 AM
dmscript.dll	6.01.7600.16385	Final Retail	English	86016	7/14/2009 8:15:12 AM
dmstyle.dll	6.01.7600.16385	Final Retail	English	105984	7/14/2009 8:15:12 AM
dmsynth.dll	6.01.7600.16385	Final Retail	English	105472	7/14/2009 8:15:12 AM
dmusic.dll	6.01.7600.16385	Final Retail	English	101376	7/14/2009 8:15:12 AM
dplaysvr.exe	6.01.7600.16385	Final Retail	English	29184	7/14/2009 8:14:18 AM
dplayx.dll	6.01.7600.16385	Final Retail	English	213504	7/14/2009 8:15:12 AM
dpmodemx.dll	6.01.7600.16385	Final Retail	English	23040	7/14/2009 8:15:12 AM
dpnaddr.dll	6.01.7601.17514	Final Retail	English	2560	11/21/2010 10:23:53 AM
dpnathlp.dll	6.01.7600.16385	Final Retail	English	57344	7/14/2009 8:15:14 AM
dpnet.dll	6.01.7600.16385	Final Retail	English	376832	7/14/2009 8:15:12 AM
dpnhpast.dll	6.01.7600.16385	Final Retail	English	7168	7/14/2009 8:15:12 AM
dpnhupnp.dll	6.01.7600.16385	Final Retail	English	7168	7/14/2009 8:15:12 AM
dpnlobby.dll	6.01.7600.16385	Final Retail	English	2560	7/14/2009 8:04:52 AM
dpnsvr.exe	6.01.7600.16385	Final Retail	English	33280	7/14/2009 8:14:18 AM
dpwsockx.dll	6.01.7600.16385	Final Retail	English	44032	7/14/2009 8:15:12 AM
dsdmo.dll	6.01.7600.16385	Final Retail	English	173568	7/14/2009 8:15:13 AM
dsound.dll	6.01.7600.16385	Final Retail	English	453632	7/14/2009 8:15:13 AM
dswave.dll	6.01.7600.16385	Final Retail	English	20992	7/14/2009 8:15:13 AM
dwrite.dll	6.01.7601.17514	Final Retail	English	1076736	11/21/2010 10:24:04 AM
dxdiagn.dll	6.01.7601.17514	Final Retail	English	210432	11/21/2010 10:24:22 AM
dxgi.dll	6.01.7601.17514	Final Retail	English	508416	11/21/2010 10:24:10 AM
dxmasf.dll	12.00.7601.17514	Final Retail	English	4096	11/21/2010 10:25:10 AM
dxtmsft.dll	8.00.7600.16385	Final Retail	English	346112	7/14/2009 8:15:14 AM
dxtrans.dll	8.00.7600.16385	Final Retail	English	215552	7/14/2009 8:15:14 AM
dxva2.dll	6.01.7600.16385	Final Retail	English	88064	7/14/2009 8:15:14 AM
encapi.dll	6.01.7600.16385	Final Retail	English	20992	7/14/2009 8:15:14 AM
gcdef.dll	6.01.7600.16385	Final Retail	English	120832	7/14/2009 8:15:22 AM
iac25_32.ax	2.00.0005.0053	Final Retail	English	197632	7/14/2009 8:14:10 AM
ir41_32.ax	4.51.0016.0003	Final Retail	English	839680	7/14/2009 8:14:10 AM
ir41_qc.dll	4.30.0062.0002	Final Retail	English	120320	7/14/2009 8:15:34 AM
ir41_qcx.dll	4.30.0062.0002	Final Retail	English	120320	7/14/2009 8:15:34 AM
ir50_32.dll	5.2562.0015.0055	Final Retail	English	746496	7/14/2009 8:15:34 AM
ir50_qc.dll	5.00.0063.0048	Final Retail	English	200192	7/14/2009 8:15:34 AM
ir50_qcx.dll	5.00.0063.0048	Final Retail	English	200192	7/14/2009 8:15:34 AM
ivfsrc.ax	5.10.0002.0051	Final Retail	English	146944	7/14/2009 8:14:10 AM
joy.cpl	6.01.7600.16385	Final Retail	English	138240	7/14/2009 8:14:09 AM
ksproxy.ax	6.01.7601.17514	Final Retail	English	193536	11/21/2010 10:24:32 AM
kstvtune.ax	6.01.7601.17514	Final Retail	English	84480	11/21/2010 10:25:10 AM
ksuser.dll	6.01.7600.16385	Final Retail	English	4608	7/14/2009 8:15:35 AM
kswdmcap.ax	6.01.7601.17514	Final Retail	English	107008	11/21/2010 10:24:15 AM
ksxbar.ax	6.01.7601.17514	Final Retail	English	48640	11/21/2010 10:25:10 AM
mciqtz32.dll	6.06.7601.17514	Final Retail	English	36352	11/21/2010 10:24:00 AM
mfc40.dll	4.01.0000.6151	Beta Retail	English	954752	11/21/2010 10:24:00 AM
mfc42.dll	6.06.8063.0000	Beta Retail	English	1136640	7/14/2009 8:15:39 AM
mpeg2data.ax	6.06.7601.17514	Final Retail	English	72704	11/21/2010 10:25:10 AM
mpg2splt.ax	6.06.7601.17514	Final Retail	English	199680	11/21/2010 10:25:10 AM
msdmo.dll	6.06.7601.17514	Final Retail	English	30720	11/21/2010 10:24:02 AM
msdvbnp.ax	6.06.7601.17514	Final Retail	English	59904	11/21/2010 10:25:10 AM
msvidctl.dll	6.05.7601.17514	Final Retail	English	2291712	11/21/2010 10:25:10 AM
msyuv.dll	6.01.7601.17514	Final Retail	English	22528	11/21/2010 10:23:50 AM
pid.dll	6.01.7600.16385	Final Retail	English	36352	7/14/2009 8:16:12 AM
psisdecd.dll	6.06.7600.16385	Final Retail	English	465408	7/14/2009 8:16:12 AM
psisrndr.ax	6.06.7601.17514	Final Retail	English	75776	11/21/2010 10:25:10 AM
qasf.dll	12.00.7601.17514	Final Retail	English	206848	11/21/2010 10:24:01 AM
qcap.dll	6.06.7601.17514	Final Retail	English	190976	11/21/2010 10:24:08 AM
qdv.dll	6.06.7601.17514	Final Retail	English	283136	11/21/2010 10:24:09 AM
qdvd.dll	6.06.7601.17514	Final Retail	English	514560	11/21/2010 10:23:55 AM
qedit.dll	6.06.7601.17514	Final Retail	English	509440	11/21/2010 10:25:10 AM
qedwipes.dll	6.06.7600.16385	Final Retail	English	733184	7/14/2009 8:09:35 AM
quartz.dll	6.06.7601.17514	Final Retail	English	1328128	11/21/2010 10:23:56 AM
vbisurf.ax	6.01.7601.17514	Final Retail	English	33792	11/21/2010 10:25:10 AM
vfwwdm32.dll	6.01.7601.17514	Final Retail	English	56832	11/21/2010 10:24:09 AM
wsock32.dll	6.01.7600.16385	Final Retail	English	15360	7/14/2009 8:16:20 AM

DirectX Video


[ Primary Display Driver ]

	DirectDraw Device Properties:
		DirectDraw Driver Name	display
		DirectDraw Driver Description	Primary Display Driver
		Hardware Driver	nvd3dum.dll (9.18.13.5286 - nVIDIA ForceWare 352.86)
		Hardware Description	NVIDIA GeForce GT 520M

	Direct3D Device Properties:
		Total / Free Video Memory	1024 MB / 933 MB
		Rendering Bit Depths	8, 16, 32
		Z-Buffer Bit Depths	16, 24, 32
		Multisample Anti-Aliasing Modes	MSAA 2x, MSAA 4x, MSAA 8x, CSAA 8x, CSAA 8xQ, CSAA 16x, CSAA 16xQ
		Min Texture Size	1 x 1
		Max Texture Size	16384 x 16384
		Unified Shader Version	5.0
		DirectX Hardware Support	DirectX v11.0

	Direct3D Device Features:
		Additive Texture Blending	Supported
		AGP Texturing	Supported
		Anisotropic Filtering	Supported
		Automatic Mipmap Generation	Supported
		Bilinear Filtering	Supported
		Compute Shader	Supported
		Cubic Environment Mapping	Supported
		Cubic Filtering	Not Supported
		Decal-Alpha Texture Blending	Supported
		Decal Texture Blending	Supported
		Directional Lights	Supported
		DirectX Texture Compression	Not Supported
		DirectX Volumetric Texture Compression	Not Supported
		Dithering	Supported
		Dot3 Texture Blending	Supported
		Double-Precision Floating-Point	Supported
		Driver Concurrent Creates	Supported
		Driver Command Lists	Supported
		Dynamic Textures	Supported
		Edge Anti-Aliasing	Supported
		Environmental Bump Mapping	Supported
		Environmental Bump Mapping + Luminance	Supported
		Factor Alpha Blending	Supported
		Geometric Hidden-Surface Removal	Not Supported
		Geometry Shader	Supported
		Guard Band	Supported
		Hardware Scene Rasterization	Supported
		Hardware Transform & Lighting	Supported
		Legacy Depth Bias	Supported
		Map On Default Buffers	Not Supported
		Mipmap LOD Bias Adjustments	Supported
		Mipmapped Cube Textures	Supported
		Mipmapped Volume Textures	Supported
		Modulate-Alpha Texture Blending	Supported
		Modulate Texture Blending	Supported
		Non-Square Textures	Supported
		N-Patches	Not Supported
		Perspective Texture Correction	Supported
		Point Lights	Supported
		Point Sampling	Supported
		Projective Textures	Supported
		Quintic Bezier Curves & B-Splines	Not Supported
		Range-Based Fog	Supported
		Rectangular & Triangular Patches	Not Supported
		Rendering In Windowed Mode	Supported
		Runtime Shader Linking	Not Supported
		Scissor Test	Supported
		Slope-Scale Based Depth Bias	Supported
		Specular Flat Shading	Supported
		Specular Gouraud Shading	Supported
		Specular Phong Shading	Not Supported
		Spherical Mapping	Supported
		Spot Lights	Supported
		Stencil Buffers	Supported
		Sub-Pixel Accuracy	Supported
		Subtractive Texture Blending	Supported
		Table Fog	Supported
		Texture Alpha Blending	Supported
		Texture Clamping	Supported
		Texture Mirroring	Supported
		Texture Transparency	Supported
		Texture Wrapping	Supported
		Tiled Resources	Not Supported
		Triangle Culling	Not Supported
		Trilinear Filtering	Supported
		Two-Sided Stencil Test	Supported
		Vertex Alpha Blending	Supported
		Vertex Fog	Supported
		Vertex Tweening	Not Supported
		Volume Textures	Supported
		W-Based Fog	Supported
		W-Buffering	Not Supported
		Z-Based Fog	Supported
		Z-Bias	Supported
		Z-Test	Supported

	Supported FourCC Codes:
		3x11	Supported
		3x16	Supported
		AI44	Supported
		AIP8	Supported
		ATOC	Supported
		AV12	Supported
		AYUV	Supported
		NV12	Supported
		NV24	Supported
		NVDB	Supported
		NVDP	Supported
		NVMD	Supported
		P010	Supported
		PLFF	Supported
		SSAA	Supported
		UYVY	Supported
		YUY2	Supported
		YV12	Supported

	Video Adapter Manufacturer:
		Company Name	NVIDIA Corporation
		Product Information	http://www.nvidia.com/page/products.html
		Driver Download	http://www.nvidia.com/content/drivers/drivers.asp
		Driver Update	http://www.aida64.com/driver-updates

DirectX Sound


[ Primary Sound Driver ]

	DirectSound Device Properties:
		Device Description	Primary Sound Driver
		Driver Module
		Primary Buffers	1
		Min / Max Secondary Buffers Sample Rate	100 / 200000 Hz
		Primary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Secondary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Total / Free Sound Buffers	1 / 0
		Total / Free Static Sound Buffers	1 / 0
		Total / Free Streaming Sound Buffers	1 / 0
		Total / Free 3D Sound Buffers	0 / 0
		Total / Free 3D Static Sound Buffers	0 / 0
		Total / Free 3D Streaming Sound Buffers	0 / 0

	DirectSound Device Features:
		Certified Driver	No
		Emulated Device	No
		Precise Sample Rate	Supported
		DirectSound3D	Not Supported
		Creative EAX 1.0	Not Supported
		Creative EAX 2.0	Not Supported
		Creative EAX 3.0	Not Supported
		Creative EAX 4.0	Not Supported
		Creative EAX 5.0	Not Supported
		I3DL2	Not Supported
		Sensaura ZoomFX	Not Supported

[ Speakers (High Definition Audio Device) ]

	DirectSound Device Properties:
		Device Description	Speakers (High Definition Audio Device)
		Driver Module	{0.0.0.00000000}.{d6a4f0d7-9f3d-4e47-be49-96c4679e7666}
		Primary Buffers	1
		Min / Max Secondary Buffers Sample Rate	100 / 200000 Hz
		Primary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Secondary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Total / Free Sound Buffers	1 / 0
		Total / Free Static Sound Buffers	1 / 0
		Total / Free Streaming Sound Buffers	1 / 0
		Total / Free 3D Sound Buffers	0 / 0
		Total / Free 3D Static Sound Buffers	0 / 0
		Total / Free 3D Streaming Sound Buffers	0 / 0

	DirectSound Device Features:
		Certified Driver	No
		Emulated Device	No
		Precise Sample Rate	Supported
		DirectSound3D	Not Supported
		Creative EAX 1.0	Not Supported
		Creative EAX 2.0	Not Supported
		Creative EAX 3.0	Not Supported
		Creative EAX 4.0	Not Supported
		Creative EAX 5.0	Not Supported
		I3DL2	Not Supported
		Sensaura ZoomFX	Not Supported

Windows Devices


[ Devices ]

	Batteries:
		Microsoft AC Adapter	6.1.7600.16385
		Microsoft ACPI-Compliant Control Method Battery	6.1.7600.16385
		Microsoft Composite Battery	6.1.7600.16385

	Bluetooth Radios:
		Bluetooth Module	8.0.1.340

	Computer:
		ACPI x64-based PC	6.1.7600.16385

	Disk drives:
		INTEL SSDSC2BW120A4	6.1.7600.16385
		NORELSYS 106X USB Device	6.1.7600.16385

	Display adapters:
		NVIDIA GeForce GT 520M	9.18.13.5286

	DVD/CD-ROM drives:
		HL-DT-ST DVDRAM GT51N	6.1.7601.17514

	Human Interface Devices:
		HID-compliant consumer control device	6.1.7600.16385
		HID-compliant device	6.1.7601.17514
		USB Input Device	6.1.7601.17514
		USB Input Device	6.1.7601.17514
		USB Input Device	6.1.7601.17514

	IDE ATA/ATAPI controllers:
		Intel(R) Mobile Express Chipset SATA AHCI Controller	11.1.0.1006

	Imaging devices:
		ASUS USB2.0 WebCam	6.1.7601.17514

	Keyboards:
		HID Keyboard Device	6.1.7601.17514
		Standard PS/2 Keyboard	6.1.7601.17514

	Mice and other pointing devices:
		HID-compliant mouse	6.1.7600.16385
		Standard PS/2 Port Mouse	6.1.7600.16385

	Monitors:
		Generic PnP Monitor	6.1.7600.16385
		Generic PnP Monitor	6.1.7600.16385

	Network adapters:
		Atheros AR9002WB-1NG Wireless Network Adapter	9.2.0.514
		Microsoft ISATAP Adapter #2	6.1.7600.16385
		Microsoft ISATAP Adapter	6.1.7600.16385
		Realtek PCIe GBE Family Controller	7.92.115.2015
		WAN Miniport (IKEv2)	6.1.7601.17514
		WAN Miniport (IP)	6.1.7601.17514
		WAN Miniport (IPv6)	6.1.7601.17514
		WAN Miniport (L2TP)	6.1.7601.17514
		WAN Miniport (Network Monitor)	6.1.7601.17514
		WAN Miniport (PPPOE)	6.1.7601.17514
		WAN Miniport (PPTP)	6.1.7601.17514
		WAN Miniport (SSTP)	6.1.7601.17514

	Non-Plug and Play Drivers:
		Ancillary Function Driver for Winsock
		Beep
		Bitlocker Drive Encryption Filter Driver
		CNG
		Common Log (CLFS)
		cpuz138
		Disk Virtual Machine Bus Acceleration Filter Driver
		Dynamic Volume Manager
		FinalWire AIDA64 Kernel Driver
		Hardware Policy Driver
		HTTP
		IDE Channel
		Kernel Mode Driver Frameworks service
		KSecDD
		KSecPkg
		LDDM Graphics Subsystem
		Link-Layer Topology Discovery Mapper I/O Driver
		Link-Layer Topology Discovery Responder
		Mount Point Manager
		msahci
		msisadrv
		NativeWiFi Filter
		NDIS System Driver
		NDIS Usermode I/O Protocol
		NDProxy
		NETBT
		NetIO Legacy TDI Support Driver
		NSI proxy service driver.
		Null
		Offline Files Driver
		PEAUTH
		Performance Counters for Windows Driver
		QoS Packet Scheduler
		RDP Encoder Mirror Driver
		RDPCDD
		Reflector Display Driver used to gain access to graphics data
		Remote Access IPv6 ARP Driver
		Security Driver
		Security Processor Loader Driver
		Storage volumes
		System Attribute Cache
		TCP/IP Protocol Driver
		TCP/IP Registry Compatibility
		User Mode Driver Frameworks Platform Driver
		VgaSave
		Virtual WiFi Filter Driver
		WFP Lightweight Filter
		Windows Firewall Authorization Driver

	Processors:
		Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz	6.1.7600.16385
		Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz	6.1.7600.16385
		Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz	6.1.7600.16385
		Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz	6.1.7600.16385

	Sound, video and game controllers:
		High Definition Audio Device	6.1.7601.17514
		NVIDIA High Definition Audio	1.3.34.3

	Storage volume shadow copies:
		Generic volume shadow copy	6.1.7600.16385
		Generic volume shadow copy	6.1.7600.16385

	Storage Volumes:
		Generic volume	6.1.7601.17514
		Generic volume	6.1.7601.17514
		Generic volume	6.1.7601.17514
		Generic volume	6.1.7601.17514
		Generic volume	6.1.7601.17514
		Generic volume	6.1.7601.17514
		Generic volume	6.1.7601.17514
		Generic volume	6.1.7601.17514
		Generic volume	6.1.7601.17514
		Generic volume	6.1.7601.17514
		Generic volume	6.1.7601.17514
		Generic volume	6.1.7601.17514

	System devices:
		2nd Generation Intel(R) Core(TM) Processor Family DRAM Controller - 0104	9.2.0.1035
		ACPI Fixed Feature Button	6.1.7601.17514
		ACPI Lid	6.1.7601.17514
		ACPI Sleep Button	6.1.7601.17514
		ACPI Thermal Zone	6.1.7601.17514
		Composite Bus Enumerator	6.1.7601.17514
		Direct memory access controller	6.1.7601.17514
		File as Volume Driver	6.1.7600.16385
		High Definition Audio Controller	6.1.7601.17514
		High Definition Audio Controller	6.1.7601.17514
		High precision event timer	6.1.7601.17514
		Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10	9.2.0.1035
		Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12	9.2.0.1035
		Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16	9.2.0.1035
		Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 6 - 1C1A	9.2.0.1035
		Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22	9.2.0.1035
		Intel(R) 82802 Firmware Hub Device	6.1.7601.17514
		Intel(R) HM65 Express Chipset Family LPC Interface Controller - 1C49	9.2.0.1035
		Intel(R) Management Engine Interface	9.5.15.1730
		Microsoft ACPI-Compliant Embedded Controller	6.1.7601.17514
		Microsoft ACPI-Compliant System	6.1.7601.17514
		Microsoft System Management BIOS Driver	6.1.7601.17514
		Microsoft Virtual Drive Enumerator Driver	6.1.7601.17514
		Microsoft Windows Management Interface for ACPI	6.1.7601.17514
		Motherboard resources	6.1.7601.17514
		Motherboard resources	6.1.7601.17514
		Motherboard resources	6.1.7601.17514
		Motherboard resources	6.1.7601.17514
		Motherboard resources	6.1.7601.17514
		Numeric data processor	6.1.7601.17514
		PCI bus	3.0.1.41
		Plug and Play Software Device Enumerator	6.1.7601.17514
		Programmable interrupt controller	6.1.7601.17514
		Remote Desktop Device Redirector Bus	6.1.7600.16385
		System CMOS/real time clock	6.1.7601.17514
		System timer	6.1.7601.17514
		Terminal Server Keyboard Driver	6.1.7601.17514
		Terminal Server Mouse Driver	6.1.7601.17514
		UMBus Enumerator	6.1.7601.17514
		UMBus Root Bus Enumerator	6.1.7601.17514
		Volume Manager	6.1.7601.17514
		Xeon E3-1200/2nd Generation Intel(R) Core(TM) Processor Family PCI Express Root Port - 0101	9.2.0.1035

	Universal Serial Bus controllers:
		ASMedia XHCI Controller	1.12.5.0
		Generic USB Hub	6.1.7601.17514
		Generic USB Hub	6.1.7601.17514
		Generic USB Hub	6.1.7601.17514
		Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26	9.2.0.1036
		Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D	9.2.0.1036
		Realtek USB 2.0 Card Reader	6.3.9600.39057
		USB Composite Device	6.1.7601.17514
		USB Composite Device	6.1.7601.17514
		USB Mass Storage Device	6.1.7601.17514
		USB Root Hub	6.1.7601.17514
		USB Root Hub	6.1.7601.17514
		USB Root Hub	1.12.5.0

[ Batteries / Microsoft AC Adapter ]

	Device Properties:
		Driver Description	Microsoft AC Adapter
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	battery.inf
		INF Section	AcAdapter_Inst
		Hardware ID	ACPI\ACPI0003
		PnP Device	Microsoft AC Adapter

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Batteries / Microsoft ACPI-Compliant Control Method Battery ]

	Device Properties:
		Driver Description	Microsoft ACPI-Compliant Control Method Battery
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	battery.inf
		INF Section	CmBatt_Inst
		Hardware ID	ACPI\PNP0C0A
		PnP Device	Control Method Battery

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Batteries / Microsoft Composite Battery ]

	Device Properties:
		Driver Description	Microsoft Composite Battery
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	battery.inf
		INF Section	COMPBATT_Inst.NT
		Hardware ID	COMPOSITE_BATTERY

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Bluetooth Radios / Bluetooth Module ]

	Device Properties:
		Driver Description	Bluetooth Module
		Driver Date	1/29/2015
		Driver Version	8.0.1.340
		Driver Provider	Qualcomm Atheros Communications
		INF File	oem16.inf
		INF Section	QCABTUSB
		Hardware ID	USB\VID_13D3&PID_3304&REV_0001
		Location Information	Port_#0001.Hub_#0003

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Computer / ACPI x64-based PC ]

	Device Properties:
		Driver Description	ACPI x64-based PC
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	hal.inf
		INF Section	ACPI_AMD64_HAL
		Hardware ID	acpiapic

[ Disk drives / INTEL SSDSC2BW120A4 ]

	Device Properties:
		Driver Description	INTEL SSDSC2BW120A4
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	disk.inf
		INF Section	disk_install.NT
		Hardware ID	IDE\DiskINTEL_SSDSC2BW120A4_____________________DC32____
		Location Information	0

	Device Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/design/flash/nand/productinformation.htm
		Driver Update	http://www.aida64.com/driver-updates

[ Disk drives / NORELSYS 106X USB Device ]

	Device Properties:
		Driver Description	NORELSYS 106X USB Device
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	disk.inf
		INF Section	disk_install.NT
		Hardware ID	USBSTOR\DiskNORELSYS106X____________ACD0

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Display adapters / NVIDIA GeForce GT 520M ]

	Device Properties:
		Driver Description	NVIDIA GeForce GT 520M
		Driver Date	5/11/2015
		Driver Version	9.18.13.5286
		Driver Provider	NVIDIA
		INF File	oem4.inf
		INF Section	Section002
		Hardware ID	PCI\VEN_10DE&DEV_1050&SUBSYS_17421043&REV_A1
		Location Information	PCI bus 1, device 0, function 0
		PCI Device	nVIDIA GeForce GT 520M (Asus) Video Adapter

	Device Resources:
		IRQ	16
		Memory	000A0000-000BFFFF
		Memory	C0000000-CFFFFFFF
		Memory	D0000000-D1FFFFFF
		Memory	DC000000-DCFFFFFF
		Port	03B0-03BB
		Port	03C0-03DF
		Port	D000-D07F

	Video Adapter Manufacturer:
		Company Name	NVIDIA Corporation
		Product Information	http://www.nvidia.com/page/products.html
		Driver Download	http://www.nvidia.com/content/drivers/drivers.asp
		Driver Update	http://www.aida64.com/driver-updates

[ DVD/CD-ROM drives / HL-DT-ST DVDRAM GT51N ]

	Device Properties:
		Driver Description	HL-DT-ST DVDRAM GT51N
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	cdrom.inf
		INF Section	cdrom_install
		Hardware ID	IDE\CdRomHL-DT-ST_DVDRAM_GT51N___________________AS00____
		Location Information	1

	Device Manufacturer:
		Company Name	LG Electronics
		Product Information	http://www.lg.com/us/data-storage
		Firmware Download	http://www.lg.com/us/support
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant consumer control device ]

	Device Properties:
		Driver Description	HID-compliant consumer control device
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	hidserv.inf
		INF Section	HIDSystemConsumerDevice
		Hardware ID	HID\VID_04D9&PID_1702&REV_0406&MI_01&Col02

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant device ]

	Device Properties:
		Driver Description	HID-compliant device
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	input.inf
		INF Section	HID_Raw_Inst.NT
		Hardware ID	HID\VID_04D9&PID_1702&REV_0406&MI_01&Col01

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / USB Input Device ]

	Device Properties:
		Driver Description	USB Input Device
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	input.inf
		INF Section	HID_Inst.NT
		Hardware ID	USB\VID_1C4F&PID_0034&REV_0110
		Location Information	Port_#0001.Hub_#0004

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / USB Input Device ]

	Device Properties:
		Driver Description	USB Input Device
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	input.inf
		INF Section	HID_Inst.NT
		Hardware ID	USB\VID_04D9&PID_1702&REV_0406&MI_00
		Location Information	0000.001d.0000.001.002.001.000.000.000

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / USB Input Device ]

	Device Properties:
		Driver Description	USB Input Device
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	input.inf
		INF Section	HID_Inst.NT
		Hardware ID	USB\VID_04D9&PID_1702&REV_0406&MI_01
		Location Information	0000.001d.0000.001.002.001.000.000.000

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ IDE ATA/ATAPI controllers / Intel(R) Mobile Express Chipset SATA AHCI Controller ]

	Device Properties:
		Driver Description	Intel(R) Mobile Express Chipset SATA AHCI Controller
		Driver Date	2/1/2012
		Driver Version	11.1.0.1006
		Driver Provider	Intel
		INF File	oem10.inf
		INF Section	iaStor_Install
		Hardware ID	PCI\VEN_8086&DEV_1C03&SUBSYS_12871043&REV_05
		Location Information	PCI bus 0, device 31, function 2
		PCI Device	Intel Cougar Point-M PCH - SATA AHCI 6-Port Controller [B-3]

	Device Resources:
		IRQ	19
		Memory	DFA06000-DFA067FF
		Port	E020-E03F
		Port	E040-E043
		Port	E050-E057
		Port	E060-E063
		Port	E070-E077

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ Imaging devices / ASUS USB2.0 WebCam ]

	Device Properties:
		Driver Description	ASUS USB2.0 WebCam
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	usbvideo.inf
		INF Section	USBVideo.NT
		Hardware ID	USB\VID_058F&PID_A014&REV_0003&MI_00
		Location Information	0000.001a.0000.001.002.000.000.000.000

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Keyboards / HID Keyboard Device ]

	Device Properties:
		Driver Description	HID Keyboard Device
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	keyboard.inf
		INF Section	HID_Keyboard_Inst.NT
		Hardware ID	HID\VID_04D9&PID_1702&REV_0406&MI_00

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Keyboards / Standard PS/2 Keyboard ]

	Device Properties:
		Driver Description	Standard PS/2 Keyboard
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	keyboard.inf
		INF Section	STANDARD_Inst
		Hardware ID	ACPI\PNP0303
		PnP Device	101/102-Key or MS Natural Keyboard

	Device Resources:
		IRQ	01
		Port	0060-0060
		Port	0064-0064

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Mice and other pointing devices / HID-compliant mouse ]

	Device Properties:
		Driver Description	HID-compliant mouse
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	msmouse.inf
		INF Section	HID_Mouse_Inst.NT
		Hardware ID	HID\VID_1C4F&PID_0034&REV_0110

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Mice and other pointing devices / Standard PS/2 Port Mouse ]

	Device Properties:
		Driver Description	Standard PS/2 Port Mouse
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	msmouse.inf
		INF Section	PS2_Inst
		Hardware ID	ACPI\ETD0101
		PnP Device	ELAN PS/2 Port Smart-Pad

	Device Resources:
		IRQ	12

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Monitors / Generic PnP Monitor ]

	Device Properties:
		Driver Description	Generic PnP Monitor
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	monitor.inf
		INF Section	PnPMonitor.Install
		Hardware ID	MONITOR\CMI001B

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Monitors / Generic PnP Monitor ]

	Device Properties:
		Driver Description	Generic PnP Monitor
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	monitor.inf
		INF Section	PnPMonitor.Install
		Hardware ID	MONITOR\DELA079
		Monitor	Dell UltraSharp U2412M (Analog)

	Monitor Manufacturer:
		Company Name	Dell Computer Corporation
		Product Information	http://accessories.us.dell.com/sna/category.aspx?c=us&category_id=4009&cs=19&l=en&s=dhs
		Driver Download	http://support.dell.com/support/topics/global.aspx/support/product_support/en/monitor_download?c=us&cs=04&l=en&s=bsd
		Driver Update	http://www.aida64.com/driver-updates

[ Network adapters / Atheros AR9002WB-1NG Wireless Network Adapter ]

	Device Properties:
		Driver Description	Atheros AR9002WB-1NG Wireless Network Adapter
		Driver Date	11/26/2012
		Driver Version	9.2.0.514
		Driver Provider	Atheros Communications Inc.
		INF File	oem9.inf
		INF Section	ATHR_DEV_OS61_30AB2C37.ndi.NTAMD64
		Hardware ID	PCI\VEN_168C&DEV_002B&SUBSYS_2C371A3B&REV_01
		Location Information	PCI bus 3, device 0, function 0
		PCI Device	Atheros AR9285 802.11b/g/n Wireless Network Adapter

	Device Resources:
		IRQ	17
		Memory	DEFF0000-DEFFFFFF

	Network Adapter Manufacturer:
		Company Name	Atheros Communications, Inc.
		Product Information	http://www.atheros.com/networking
		Driver Download	http://www.atheros.com
		Driver Update	http://www.aida64.com/driver-updates

[ Network adapters / Microsoft ISATAP Adapter #2 ]

	Device Properties:
		Driver Description	Microsoft ISATAP Adapter #2
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	nettun.inf
		INF Section	ISATAP.ndi
		Hardware ID	*ISATAP

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Network adapters / Microsoft ISATAP Adapter ]

	Device Properties:
		Driver Description	Microsoft ISATAP Adapter
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	nettun.inf
		INF Section	ISATAP.ndi
		Hardware ID	*ISATAP

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Network adapters / Realtek PCIe GBE Family Controller ]

	Device Properties:
		Driver Description	Realtek PCIe GBE Family Controller
		Driver Date	1/15/2015
		Driver Version	7.92.115.2015
		Driver Provider	Realtek
		INF File	oem7.inf
		INF Section	RTL8168E.ndi.NT
		Hardware ID	PCI\VEN_10EC&DEV_8168&SUBSYS_12871043&REV_06
		Location Information	PCI bus 5, device 0, function 0
		PCI Device	Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter

	Device Resources:
		IRQ	65536
		Memory	D2100000-D2103FFF
		Memory	D2104000-D2104FFF
		Port	9000-90FF

	Network Adapter Manufacturer:
		Company Name	Realtek Semiconductor Corp.
		Product Information	http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=7&PFid=10&Level=3&Conn=2
		Driver Download	http://www.realtek.com.tw/downloads
		Driver Update	http://www.aida64.com/driver-updates

[ Network adapters / WAN Miniport (IKEv2) ]

	Device Properties:
		Driver Description	WAN Miniport (IKEv2)
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	netavpna.inf
		INF Section	Ndi-Mp-AgileVpn
		Hardware ID	ms_agilevpnminiport

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Network adapters / WAN Miniport (IP) ]

	Device Properties:
		Driver Description	WAN Miniport (IP)
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	netrasa.inf
		INF Section	Ndi-Mp-Ip
		Hardware ID	ms_ndiswanip

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Network adapters / WAN Miniport (IPv6) ]

	Device Properties:
		Driver Description	WAN Miniport (IPv6)
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	netrasa.inf
		INF Section	Ndi-Mp-Ipv6
		Hardware ID	ms_ndiswanipv6

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Network adapters / WAN Miniport (L2TP) ]

	Device Properties:
		Driver Description	WAN Miniport (L2TP)
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	netrasa.inf
		INF Section	Ndi-Mp-L2tp
		Hardware ID	ms_l2tpminiport

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Network adapters / WAN Miniport (Network Monitor) ]

	Device Properties:
		Driver Description	WAN Miniport (Network Monitor)
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	netrasa.inf
		INF Section	Ndi-Mp-Bh
		Hardware ID	ms_ndiswanbh

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Network adapters / WAN Miniport (PPPOE) ]

	Device Properties:
		Driver Description	WAN Miniport (PPPOE)
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	netrasa.inf
		INF Section	Ndi-Mp-Pppoe
		Hardware ID	ms_pppoeminiport

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Network adapters / WAN Miniport (PPTP) ]

	Device Properties:
		Driver Description	WAN Miniport (PPTP)
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	netrasa.inf
		INF Section	Ndi-Mp-Pptp
		Hardware ID	ms_pptpminiport

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Network adapters / WAN Miniport (SSTP) ]

	Device Properties:
		Driver Description	WAN Miniport (SSTP)
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	netsstpa.inf
		INF Section	Ndi-Mp-Sstp
		Hardware ID	ms_sstpminiport

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Non-Plug and Play Drivers / Ancillary Function Driver for Winsock ]

	Device Properties:
		Driver Description	Ancillary Function Driver for Winsock

[ Non-Plug and Play Drivers / Beep ]

	Device Properties:
		Driver Description	Beep

[ Non-Plug and Play Drivers / Bitlocker Drive Encryption Filter Driver ]

	Device Properties:
		Driver Description	Bitlocker Drive Encryption Filter Driver

[ Non-Plug and Play Drivers / CNG ]

	Device Properties:
		Driver Description	CNG

[ Non-Plug and Play Drivers / Common Log (CLFS) ]

	Device Properties:
		Driver Description	Common Log (CLFS)

[ Non-Plug and Play Drivers / cpuz138 ]

	Device Properties:
		Driver Description	cpuz138

[ Non-Plug and Play Drivers / Disk Virtual Machine Bus Acceleration Filter Driver ]

	Device Properties:
		Driver Description	Disk Virtual Machine Bus Acceleration Filter Driver

[ Non-Plug and Play Drivers / Dynamic Volume Manager ]

	Device Properties:
		Driver Description	Dynamic Volume Manager

[ Non-Plug and Play Drivers / FinalWire AIDA64 Kernel Driver ]

	Device Properties:
		Driver Description	FinalWire AIDA64 Kernel Driver

[ Non-Plug and Play Drivers / Hardware Policy Driver ]

	Device Properties:
		Driver Description	Hardware Policy Driver

[ Non-Plug and Play Drivers / HTTP ]

	Device Properties:
		Driver Description	HTTP

[ Non-Plug and Play Drivers / IDE Channel ]

	Device Properties:
		Driver Description	IDE Channel

[ Non-Plug and Play Drivers / Kernel Mode Driver Frameworks service ]

	Device Properties:
		Driver Description	Kernel Mode Driver Frameworks service

[ Non-Plug and Play Drivers / KSecDD ]

	Device Properties:
		Driver Description	KSecDD

[ Non-Plug and Play Drivers / KSecPkg ]

	Device Properties:
		Driver Description	KSecPkg

[ Non-Plug and Play Drivers / LDDM Graphics Subsystem ]

	Device Properties:
		Driver Description	LDDM Graphics Subsystem

[ Non-Plug and Play Drivers / Link-Layer Topology Discovery Mapper I/O Driver ]

	Device Properties:
		Driver Description	Link-Layer Topology Discovery Mapper I/O Driver

[ Non-Plug and Play Drivers / Link-Layer Topology Discovery Responder ]

	Device Properties:
		Driver Description	Link-Layer Topology Discovery Responder

[ Non-Plug and Play Drivers / Mount Point Manager ]

	Device Properties:
		Driver Description	Mount Point Manager

[ Non-Plug and Play Drivers / msahci ]

	Device Properties:
		Driver Description	msahci

[ Non-Plug and Play Drivers / msisadrv ]

	Device Properties:
		Driver Description	msisadrv

[ Non-Plug and Play Drivers / NativeWiFi Filter ]

	Device Properties:
		Driver Description	NativeWiFi Filter

[ Non-Plug and Play Drivers / NDIS System Driver ]

	Device Properties:
		Driver Description	NDIS System Driver

[ Non-Plug and Play Drivers / NDIS Usermode I/O Protocol ]

	Device Properties:
		Driver Description	NDIS Usermode I/O Protocol

[ Non-Plug and Play Drivers / NDProxy ]

	Device Properties:
		Driver Description	NDProxy

[ Non-Plug and Play Drivers / NETBT ]

	Device Properties:
		Driver Description	NETBT

[ Non-Plug and Play Drivers / NetIO Legacy TDI Support Driver ]

	Device Properties:
		Driver Description	NetIO Legacy TDI Support Driver

[ Non-Plug and Play Drivers / NSI proxy service driver. ]

	Device Properties:
		Driver Description	NSI proxy service driver.

[ Non-Plug and Play Drivers / Null ]

	Device Properties:
		Driver Description	Null

[ Non-Plug and Play Drivers / Offline Files Driver ]

	Device Properties:
		Driver Description	Offline Files Driver

[ Non-Plug and Play Drivers / PEAUTH ]

	Device Properties:
		Driver Description	PEAUTH

[ Non-Plug and Play Drivers / Performance Counters for Windows Driver ]

	Device Properties:
		Driver Description	Performance Counters for Windows Driver

[ Non-Plug and Play Drivers / QoS Packet Scheduler ]

	Device Properties:
		Driver Description	QoS Packet Scheduler

[ Non-Plug and Play Drivers / RDP Encoder Mirror Driver ]

	Device Properties:
		Driver Description	RDP Encoder Mirror Driver

[ Non-Plug and Play Drivers / RDPCDD ]

	Device Properties:
		Driver Description	RDPCDD

[ Non-Plug and Play Drivers / Reflector Display Driver used to gain access to graphics data ]

	Device Properties:
		Driver Description	Reflector Display Driver used to gain access to graphics data

[ Non-Plug and Play Drivers / Remote Access IPv6 ARP Driver ]

	Device Properties:
		Driver Description	Remote Access IPv6 ARP Driver

[ Non-Plug and Play Drivers / Security Driver ]

	Device Properties:
		Driver Description	Security Driver

[ Non-Plug and Play Drivers / Security Processor Loader Driver ]

	Device Properties:
		Driver Description	Security Processor Loader Driver

[ Non-Plug and Play Drivers / Storage volumes ]

	Device Properties:
		Driver Description	Storage volumes

[ Non-Plug and Play Drivers / System Attribute Cache ]

	Device Properties:
		Driver Description	System Attribute Cache

[ Non-Plug and Play Drivers / TCP/IP Protocol Driver ]

	Device Properties:
		Driver Description	TCP/IP Protocol Driver

[ Non-Plug and Play Drivers / TCP/IP Registry Compatibility ]

	Device Properties:
		Driver Description	TCP/IP Registry Compatibility

[ Non-Plug and Play Drivers / User Mode Driver Frameworks Platform Driver ]

	Device Properties:
		Driver Description	User Mode Driver Frameworks Platform Driver

[ Non-Plug and Play Drivers / VgaSave ]

	Device Properties:
		Driver Description	VgaSave

[ Non-Plug and Play Drivers / Virtual WiFi Filter Driver ]

	Device Properties:
		Driver Description	Virtual WiFi Filter Driver

[ Non-Plug and Play Drivers / WFP Lightweight Filter ]

	Device Properties:
		Driver Description	WFP Lightweight Filter

[ Non-Plug and Play Drivers / Windows Firewall Authorization Driver ]

	Device Properties:
		Driver Description	Windows Firewall Authorization Driver

[ Processors / Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz ]

	Device Properties:
		Driver Description	Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	cpu.inf
		INF Section	IntelPPM_Inst.NT
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_42

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel%20Core%20i5-2450M
		Driver Update	http://www.aida64.com/driver-updates

[ Processors / Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz ]

	Device Properties:
		Driver Description	Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	cpu.inf
		INF Section	IntelPPM_Inst.NT
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_42

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel%20Core%20i5-2450M
		Driver Update	http://www.aida64.com/driver-updates

[ Processors / Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz ]

	Device Properties:
		Driver Description	Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	cpu.inf
		INF Section	IntelPPM_Inst.NT
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_42

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel%20Core%20i5-2450M
		Driver Update	http://www.aida64.com/driver-updates

[ Processors / Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz ]

	Device Properties:
		Driver Description	Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	cpu.inf
		INF Section	IntelPPM_Inst.NT
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_42

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel%20Core%20i5-2450M
		Driver Update	http://www.aida64.com/driver-updates

[ Sound, video and game controllers / High Definition Audio Device ]

	Device Properties:
		Driver Description	High Definition Audio Device
		Driver Date	11/19/2010
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	hdaudio.inf
		INF Section	HdAudModel
		Hardware ID	HDAUDIO\FUNC_01&VEN_10EC&DEV_0269&SUBSYS_10431AD3&REV_1001
		Location Information	Internal High Definition Audio Bus

	Device Manufacturer:
		Driver Update	http://www.aida64.com/driver-updates

[ Sound, video and game controllers / NVIDIA High Definition Audio ]

	Device Properties:
		Driver Description	NVIDIA High Definition Audio
		Driver Date	4/16/2015
		Driver Version	1.3.34.3
		Driver Provider	NVIDIA Corporation
		INF File	oem2.inf
		INF Section	NVHDA64V
		Hardware ID	HDAUDIO\FUNC_01&VEN_10DE&DEV_001C&SUBSYS_00000000&REV_1001
		Location Information	Internal High Definition Audio Bus

	Device Manufacturer:
		Company Name	NVIDIA Corporation
		Product Information	http://www.nvidia.com/page/mobo.html
		Driver Download	http://www.nvidia.com/content/drivers/drivers.asp
		Driver Update	http://www.aida64.com/driver-updates

[ Storage volume shadow copies / Generic volume shadow copy ]

	Device Properties:
		Driver Description	Generic volume shadow copy
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	volsnap.inf
		INF Section	volume_snapshot_install.NTAMD64
		Hardware ID	STORAGE\VolumeSnapshot

[ Storage volume shadow copies / Generic volume shadow copy ]

	Device Properties:
		Driver Description	Generic volume shadow copy
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	volsnap.inf
		INF Section	volume_snapshot_install.NTAMD64
		Hardware ID	STORAGE\VolumeSnapshot

[ Storage Volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	volume.inf
		INF Section	volume_install.NTAMD64
		Hardware ID	STORAGE\Volume

[ Storage Volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	volume.inf
		INF Section	volume_install.NTAMD64
		Hardware ID	STORAGE\Volume

[ Storage Volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	volume.inf
		INF Section	volume_install.NTAMD64
		Hardware ID	STORAGE\Volume

[ Storage Volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	volume.inf
		INF Section	volume_install.NTAMD64
		Hardware ID	STORAGE\Volume

[ Storage Volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	volume.inf
		INF Section	volume_install.NTAMD64
		Hardware ID	STORAGE\Volume

[ Storage Volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	volume.inf
		INF Section	volume_install.NTAMD64
		Hardware ID	STORAGE\Volume

[ Storage Volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	volume.inf
		INF Section	volume_install.NTAMD64
		Hardware ID	STORAGE\Volume

[ Storage Volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	volume.inf
		INF Section	volume_install.NTAMD64
		Hardware ID	STORAGE\Volume

[ Storage Volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	volume.inf
		INF Section	volume_install.NTAMD64
		Hardware ID	STORAGE\Volume

[ Storage Volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	volume.inf
		INF Section	volume_install.NTAMD64
		Hardware ID	STORAGE\Volume

[ Storage Volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	volume.inf
		INF Section	volume_install.NTAMD64
		Hardware ID	STORAGE\Volume

[ Storage Volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	volume.inf
		INF Section	volume_install.NTAMD64
		Hardware ID	STORAGE\Volume

[ System devices / 2nd Generation Intel(R) Core(TM) Processor Family DRAM Controller - 0104 ]

	Device Properties:
		Driver Description	2nd Generation Intel(R) Core(TM) Processor Family DRAM Controller - 0104
		Driver Date	7/25/2013
		Driver Version	9.2.0.1035
		Driver Provider	Intel
		INF File	oem8.inf
		INF Section	Intel_NO_DRV
		Hardware ID	PCI\VEN_8086&DEV_0104&SUBSYS_12871043&REV_09
		Location Information	PCI bus 0, device 0, function 0
		PCI Device	Intel Sandy Bridge-MB - Host Bridge/DRAM Controller

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ System devices / ACPI Fixed Feature Button ]

	Device Properties:
		Driver Description	ACPI Fixed Feature Button
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV
		Hardware ID	ACPI\FixedButton

[ System devices / ACPI Lid ]

	Device Properties:
		Driver Description	ACPI Lid
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV
		Hardware ID	ACPI\PNP0C0D
		PnP Device	Lid

[ System devices / ACPI Sleep Button ]

	Device Properties:
		Driver Description	ACPI Sleep Button
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV
		Hardware ID	ACPI\PNP0C0E
		PnP Device	Sleep Button

[ System devices / ACPI Thermal Zone ]

	Device Properties:
		Driver Description	ACPI Thermal Zone
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV
		Hardware ID	ACPI\ThermalZone

[ System devices / Composite Bus Enumerator ]

	Device Properties:
		Driver Description	Composite Bus Enumerator
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	compositebus.inf
		INF Section	CompositeBus_Device.NT
		Hardware ID	ROOT\CompositeBus

[ System devices / Direct memory access controller ]

	Device Properties:
		Driver Description	Direct memory access controller
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_X
		Hardware ID	ACPI\PNP0200
		PnP Device	DMA Controller

	Device Resources:
		DMA	04
		Port	0000-001F
		Port	0081-0091
		Port	0093-009F
		Port	00C0-00DF

[ System devices / File as Volume Driver ]

	Device Properties:
		Driver Description	File as Volume Driver
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	blbdrive.inf
		INF Section	blbdrive_device.NT
		Hardware ID	ROOT\BLBDRIVE

[ System devices / High Definition Audio Controller ]

	Device Properties:
		Driver Description	High Definition Audio Controller
		Driver Date	11/19/2010
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	hdaudbus.inf
		INF Section	HDAudio_Device.NT
		Hardware ID	PCI\VEN_8086&DEV_1C20&SUBSYS_1AD31043&REV_05
		Location Information	PCI bus 0, device 27, function 0
		PCI Device	Intel Cougar Point PCH - High Definition Audio Controller [B-3]

	Device Resources:
		IRQ	22
		Memory	DFA00000-DFA03FFF

[ System devices / High Definition Audio Controller ]

	Device Properties:
		Driver Description	High Definition Audio Controller
		Driver Date	11/19/2010
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	hdaudbus.inf
		INF Section	HDAudio_Device.NT
		Hardware ID	PCI\VEN_10DE&DEV_0E08&SUBSYS_00000000&REV_A1
		Location Information	PCI bus 1, device 0, function 1
		PCI Device	nVIDIA GF119 - High Definition Audio Controller

	Device Resources:
		IRQ	17
		Memory	DD080000-DD083FFF

[ System devices / High precision event timer ]

	Device Properties:
		Driver Description	High precision event timer
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_HPET
		Hardware ID	ACPI\PNP0103
		PnP Device	High Precision Event Timer

	Device Resources:
		Memory	FED00000-FED003FF

[ System devices / Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10 ]

	Device Properties:
		Driver Description	Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
		Driver Date	7/25/2013
		Driver Version	9.2.0.1035
		Driver Provider	Intel
		INF File	oem11.inf
		INF Section	Intel_PCI_DRV
		Hardware ID	PCI\VEN_8086&DEV_1C10&SUBSYS_12871043&REV_B5
		Location Information	PCI bus 0, device 28, function 0
		PCI Device	Intel Cougar Point PCH - PCI Express Port 1 [B-3]

	Device Resources:
		IRQ	16
		Memory	D4200000-D4BFFFFF
		Memory	DF000000-DF9FFFFF
		Port	C000-CFFF

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ System devices / Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12 ]

	Device Properties:
		Driver Description	Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12
		Driver Date	7/25/2013
		Driver Version	9.2.0.1035
		Driver Provider	Intel
		INF File	oem11.inf
		INF Section	Intel_PCI_DRV
		Hardware ID	PCI\VEN_8086&DEV_1C12&SUBSYS_12871043&REV_B5
		Location Information	PCI bus 0, device 28, function 1
		PCI Device	Intel Cougar Point PCH - PCI Express Port 2 [B-3]

	Device Resources:
		IRQ	17
		Memory	D3700000-D40FFFFF
		Memory	DE600000-DEFFFFFF
		Port	B000-BFFF

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ System devices / Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16 ]

	Device Properties:
		Driver Description	Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16
		Driver Date	7/25/2013
		Driver Version	9.2.0.1035
		Driver Provider	Intel
		INF File	oem11.inf
		INF Section	Intel_PCI_DRV
		Hardware ID	PCI\VEN_8086&DEV_1C16&SUBSYS_12871043&REV_B5
		Location Information	PCI bus 0, device 28, function 3
		PCI Device	Intel Cougar Point PCH - PCI Express Port 4 [B-3]

	Device Resources:
		IRQ	19
		Memory	D2C00000-D35FFFFF
		Memory	DDC00000-DE5FFFFF
		Port	A000-AFFF

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ System devices / Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 6 - 1C1A ]

	Device Properties:
		Driver Description	Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 6 - 1C1A
		Driver Date	7/25/2013
		Driver Version	9.2.0.1035
		Driver Provider	Intel
		INF File	oem11.inf
		INF Section	Intel_PCI_DRV
		Hardware ID	PCI\VEN_8086&DEV_1C1A&SUBSYS_12871043&REV_B5
		Location Information	PCI bus 0, device 28, function 5
		PCI Device	Intel Cougar Point PCH - PCI Express Port 6 [B-3]

	Device Resources:
		IRQ	17
		Memory	D2100000-D2AFFFFF
		Memory	DD200000-DDBFFFFF
		Port	9000-9FFF

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ System devices / Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22 ]

	Device Properties:
		Driver Description	Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22
		Driver Date	7/25/2013
		Driver Version	9.2.0.1035
		Driver Provider	Intel
		INF File	oem12.inf
		INF Section	Intel_NO_DRV
		Hardware ID	PCI\VEN_8086&DEV_1C22&SUBSYS_12871043&REV_05
		Location Information	PCI bus 0, device 31, function 3
		PCI Device	Intel Cougar Point PCH - SMBus Controller [B-3]

	Device Resources:
		IRQ	11
		Memory	DFA05000-DFA050FF
		Port	E000-E01F

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ System devices / Intel(R) 82802 Firmware Hub Device ]

	Device Properties:
		Driver Description	Intel(R) 82802 Firmware Hub Device
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_MEM
		Hardware ID	ACPI\INT0800
		PnP Device	Intel Flash EEPROM

	Device Resources:
		Memory	FF000000-FFFFFFFF

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ System devices / Intel(R) HM65 Express Chipset Family LPC Interface Controller - 1C49 ]

	Device Properties:
		Driver Description	Intel(R) HM65 Express Chipset Family LPC Interface Controller - 1C49
		Driver Date	7/25/2013
		Driver Version	9.2.0.1035
		Driver Provider	Intel
		INF File	oem11.inf
		INF Section	Intel_ISAPNP_DRV
		Hardware ID	PCI\VEN_8086&DEV_1C49&SUBSYS_12871043&REV_05
		Location Information	PCI bus 0, device 31, function 0
		PCI Device	Intel HM65 PCH - LPC Interface Controller [B-3]

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ System devices / Intel(R) Management Engine Interface ]

	Device Properties:
		Driver Description	Intel(R) Management Engine Interface
		Driver Date	9/5/2013
		Driver Version	9.5.15.1730
		Driver Provider	Intel
		INF File	oem14.inf
		INF Section	TEE_DDI_x64
		Hardware ID	PCI\VEN_8086&DEV_1C3A&SUBSYS_12871043&REV_04
		Location Information	PCI bus 0, device 22, function 0
		PCI Device	Intel Cougar Point PCH - Manageability Engine Interface 1 [B-2]

	Device Resources:
		IRQ	65536
		Memory	DFA0A000-DFA0A00F

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ System devices / Microsoft ACPI-Compliant Embedded Controller ]

	Device Properties:
		Driver Description	Microsoft ACPI-Compliant Embedded Controller
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV
		Hardware ID	ACPI\PNP0C09
		PnP Device	Embedded Controller Device

	Device Resources:
		Port	0062-0062
		Port	0066-0066

[ System devices / Microsoft ACPI-Compliant System ]

	Device Properties:
		Driver Description	Microsoft ACPI-Compliant System
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	acpi.inf
		INF Section	ACPI_Inst.NT
		Hardware ID	ACPI_HAL\PNP0C08
		PnP Device	ACPI Driver/BIOS

	Device Resources:
		IRQ	100
		IRQ	101
		IRQ	102
		IRQ	103
		IRQ	104
		IRQ	105
		IRQ	106
		IRQ	107
		IRQ	108
		IRQ	109
		IRQ	110
		IRQ	111
		IRQ	112
		IRQ	113
		IRQ	114
		IRQ	115
		IRQ	116
		IRQ	117
		IRQ	118
		IRQ	119
		IRQ	120
		IRQ	121
		IRQ	122
		IRQ	123
		IRQ	124
		IRQ	125
		IRQ	126
		IRQ	127
		IRQ	128
		IRQ	129
		IRQ	130
		IRQ	131
		IRQ	132
		IRQ	133
		IRQ	134
		IRQ	135
		IRQ	136
		IRQ	137
		IRQ	138
		IRQ	139
		IRQ	140
		IRQ	141
		IRQ	142
		IRQ	143
		IRQ	144
		IRQ	145
		IRQ	146
		IRQ	147
		IRQ	148
		IRQ	149
		IRQ	150
		IRQ	151
		IRQ	152
		IRQ	153
		IRQ	154
		IRQ	155
		IRQ	156
		IRQ	157
		IRQ	158
		IRQ	159
		IRQ	160
		IRQ	161
		IRQ	162
		IRQ	163
		IRQ	164
		IRQ	165
		IRQ	166
		IRQ	167
		IRQ	168
		IRQ	169
		IRQ	170
		IRQ	171
		IRQ	172
		IRQ	173
		IRQ	174
		IRQ	175
		IRQ	176
		IRQ	177
		IRQ	178
		IRQ	179
		IRQ	180
		IRQ	181
		IRQ	182
		IRQ	183
		IRQ	184
		IRQ	185
		IRQ	186
		IRQ	187
		IRQ	188
		IRQ	189
		IRQ	190
		IRQ	81
		IRQ	82
		IRQ	83
		IRQ	84
		IRQ	85
		IRQ	86
		IRQ	87
		IRQ	88
		IRQ	89
		IRQ	90
		IRQ	91
		IRQ	92
		IRQ	93
		IRQ	94
		IRQ	95
		IRQ	96
		IRQ	97
		IRQ	98
		IRQ	99

[ System devices / Microsoft System Management BIOS Driver ]

	Device Properties:
		Driver Description	Microsoft System Management BIOS Driver
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	MSSMBIOS_DRV
		Hardware ID	ROOT\mssmbios

[ System devices / Microsoft Virtual Drive Enumerator Driver ]

	Device Properties:
		Driver Description	Microsoft Virtual Drive Enumerator Driver
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	VDRVROOT
		Hardware ID	ROOT\vdrvroot

[ System devices / Microsoft Windows Management Interface for ACPI ]

	Device Properties:
		Driver Description	Microsoft Windows Management Interface for ACPI
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	acpi.inf
		INF Section	WMIMAP_Inst.NT
		Hardware ID	ACPI\pnp0c14
		PnP Device	ACPI Management Interface

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_MBRES
		Hardware ID	ACPI\INT340E
		PnP Device	Intel System Device

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_MBRES
		Hardware ID	ACPI\PNP0C02
		PnP Device	Thermal Monitoring ACPI Device

	Device Resources:
		Memory	D4C00000-D4C00FFF
		Memory	E0000000-E3FFFFFF
		Memory	FED10000-FED17FFF
		Memory	FED18000-FED18FFF
		Memory	FED19000-FED19FFF
		Memory	FED1C000-FED1FFFF
		Memory	FED20000-FED3FFFF
		Memory	FED45000-FED8FFFF
		Memory	FED90000-FED93FFF
		Memory	FEE00000-FEEFFFFF
		Memory	FF000000-FFFFFFFF

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_MBRES
		Hardware ID	ACPI\PNP0C02
		PnP Device	Thermal Monitoring ACPI Device

	Device Resources:
		Memory	D4C00000-D4C00FFF

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_MBRES
		Hardware ID	ACPI\INT3F0D
		PnP Device	Intel Watchdog Timer

	Device Resources:
		Port	0454-0457

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_MBRES
		Hardware ID	ACPI\PNP0C02
		PnP Device	Thermal Monitoring ACPI Device

	Device Resources:
		Port	002E-002F
		Port	004E-004F
		Port	0061-0061
		Port	0063-0063
		Port	0065-0065
		Port	0067-0067
		Port	0070-0070
		Port	0080-0080
		Port	0092-0092
		Port	00B2-00B3
		Port	0400-0453
		Port	0458-047F
		Port	0500-057F
		Port	0680-069F
		Port	1000-100F
		Port	164E-164F
		Port	FFFF-FFFF
		Port	FFFF-FFFF

[ System devices / Numeric data processor ]

	Device Properties:
		Driver Description	Numeric data processor
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_X
		Hardware ID	ACPI\PNP0C04
		PnP Device	Numeric Data Processor

	Device Resources:
		IRQ	13
		Port	00F0-00F0

[ System devices / PCI bus ]

	Device Properties:
		Driver Description	PCI bus
		Driver Date	8/8/2014
		Driver Version	3.0.1.41
		Driver Provider	Intel
		INF File	oem3.inf
		INF Section	HCSwitch.NT
		Hardware ID	ACPI\PNP0A08
		PnP Device	ACPI Three-wire Device Bus

	Device Resources:
		Memory	000A0000-000BFFFF
		Memory	000D0000-000D3FFF
		Memory	000D4000-000D7FFF
		Memory	000D8000-000DBFFF
		Memory	000DC000-000DFFFF
		Memory	000E0000-000E3FFF
		Memory	000E4000-000E7FFF
		Memory	C0000000-FEAFFFFF
		Memory	FED40000-FED44FFF
		Port	0000-0CF7
		Port	0D00-FFFF

[ System devices / Plug and Play Software Device Enumerator ]

	Device Properties:
		Driver Description	Plug and Play Software Device Enumerator
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	SWENUM
		Hardware ID	root\swenum

[ System devices / Programmable interrupt controller ]

	Device Properties:
		Driver Description	Programmable interrupt controller
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_PIC
		Hardware ID	ACPI\PNP0000
		PnP Device	Programmable Interrupt Controller

	Device Resources:
		Port	0020-0021
		Port	0024-0025
		Port	0028-0029
		Port	002C-002D
		Port	0030-0031
		Port	0034-0035
		Port	0038-0039
		Port	003C-003D
		Port	00A0-00A1
		Port	00A4-00A5
		Port	00A8-00A9
		Port	00AC-00AD
		Port	00B0-00B1
		Port	00B4-00B5
		Port	00B8-00B9
		Port	00BC-00BD
		Port	04D0-04D1

[ System devices / Remote Desktop Device Redirector Bus ]

	Device Properties:
		Driver Description	Remote Desktop Device Redirector Bus
		Driver Date	6/21/2006
		Driver Version	6.1.7600.16385
		Driver Provider	Microsoft
		INF File	rdpbus.inf
		INF Section	RDPBUS
		Hardware ID	ROOT\RDPBUS

[ System devices / System CMOS/real time clock ]

	Device Properties:
		Driver Description	System CMOS/real time clock
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_X
		Hardware ID	ACPI\PNP0B00
		PnP Device	Real-Time Clock

	Device Resources:
		IRQ	08
		Port	0070-0077

[ System devices / System timer ]

	Device Properties:
		Driver Description	System timer
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	NO_DRV_X
		Hardware ID	ACPI\PNP0100
		PnP Device	System Timer

	Device Resources:
		IRQ	00
		Port	0040-0043
		Port	0050-0053

[ System devices / Terminal Server Keyboard Driver ]

	Device Properties:
		Driver Description	Terminal Server Keyboard Driver
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	RDP_KBD
		Hardware ID	ROOT\RDP_KBD

[ System devices / Terminal Server Mouse Driver ]

	Device Properties:
		Driver Description	Terminal Server Mouse Driver
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	RDP_MOU
		Hardware ID	ROOT\RDP_MOU

[ System devices / UMBus Enumerator ]

	Device Properties:
		Driver Description	UMBus Enumerator
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	umbus.inf
		INF Section	UmBus_Device.NT
		Hardware ID	UMB\UMBUS

[ System devices / UMBus Root Bus Enumerator ]

	Device Properties:
		Driver Description	UMBus Root Bus Enumerator
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	umbus.inf
		INF Section	UmBusRoot_Device.NT
		Hardware ID	root\umbus

[ System devices / Volume Manager ]

	Device Properties:
		Driver Description	Volume Manager
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	machine.inf
		INF Section	Volmgr
		Hardware ID	ROOT\VOLMGR

[ System devices / Xeon E3-1200/2nd Generation Intel(R) Core(TM) Processor Family PCI Express Root Port - 0101 ]

	Device Properties:
		Driver Description	Xeon E3-1200/2nd Generation Intel(R) Core(TM) Processor Family PCI Express Root Port - 0101
		Driver Date	7/25/2013
		Driver Version	9.2.0.1035
		Driver Provider	Intel
		INF File	oem8.inf
		INF Section	Intel_PCI_DRV
		Hardware ID	PCI\VEN_8086&DEV_0101&SUBSYS_12871043&REV_09
		Location Information	PCI bus 0, device 1, function 0
		PCI Device	Intel Sandy Bridge - PCI Express Controller

	Device Resources:
		IRQ	17
		Memory	000A0000-000BFFFF
		Memory	C0000000-D1FFFFFF
		Memory	DC000000-DD0FFFFF
		Port	03B0-03BB
		Port	03C0-03DF
		Port	D000-DFFF

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ Universal Serial Bus controllers / ASMedia XHCI Controller ]

	Device Properties:
		Driver Description	ASMedia XHCI Controller
		Driver Date	6/2/2011
		Driver Version	1.12.5.0
		Driver Provider	ASMedia Technology Inc
		INF File	oem17.inf
		INF Section	ASMEDIA_Product10_Install.NTAMD64
		Hardware ID	PCI\VEN_1B21&DEV_1042&SUBSYS_10591043&REV_00
		Location Information	PCI bus 4, device 0, function 0
		PCI Device	ASMedia ASM1042 USB 3.0 xHCI Controller

	Device Resources:
		IRQ	65536
		Memory	DDC00000-DDC07FFF

[ Universal Serial Bus controllers / Generic USB Hub ]

	Device Properties:
		Driver Description	Generic USB Hub
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	usb.inf
		INF Section	StandardHub.Dev.NT
		Hardware ID	USB\VID_8087&PID_0024&REV_0000
		Location Information	Port_#0001.Hub_#0002

[ Universal Serial Bus controllers / Generic USB Hub ]

	Device Properties:
		Driver Description	Generic USB Hub
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	usb.inf
		INF Section	StandardHub.Dev.NT
		Hardware ID	USB\VID_8087&PID_0024&REV_0000
		Location Information	Port_#0001.Hub_#0001

[ Universal Serial Bus controllers / Generic USB Hub ]

	Device Properties:
		Driver Description	Generic USB Hub
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	usb.inf
		INF Section	StandardHub.Dev.NT
		Hardware ID	USB\VID_0424&PID_2514&REV_0;;3
		Location Information	Port_#0002.Hub_#0004

[ Universal Serial Bus controllers / Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26 ]

	Device Properties:
		Driver Description	Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26
		Driver Date	7/31/2013
		Driver Version	9.2.0.1036
		Driver Provider	Intel
		INF File	oem13.inf
		INF Section	Intel_EHCI.Dev.NT
		Hardware ID	PCI\VEN_8086&DEV_1C26&SUBSYS_12871043&REV_05
		Location Information	PCI bus 0, device 29, function 0
		PCI Device	Intel Cougar Point PCH - USB EHCI #1 Controller [B-3]

	Device Resources:
		IRQ	23
		Memory	DFA07000-DFA073FF

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ Universal Serial Bus controllers / Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D ]

	Device Properties:
		Driver Description	Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D
		Driver Date	7/31/2013
		Driver Version	9.2.0.1036
		Driver Provider	Intel
		INF File	oem13.inf
		INF Section	Intel_EHCI.Dev.NT
		Hardware ID	PCI\VEN_8086&DEV_1C2D&SUBSYS_12871043&REV_05
		Location Information	PCI bus 0, device 26, function 0
		PCI Device	Intel Cougar Point PCH - USB EHCI #2 Controller [B-3]

	Device Resources:
		IRQ	16
		Memory	DFA08000-DFA083FF

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ Universal Serial Bus controllers / Realtek USB 2.0 Card Reader ]

	Device Properties:
		Driver Description	Realtek USB 2.0 Card Reader
		Driver Date	1/3/2014
		Driver Version	6.3.9600.39057
		Driver Provider	Realtek
		INF File	oem15.inf
		INF Section	RSUSBVSTOR.NTAMD64
		Hardware ID	USB\VID_0BDA&PID_0139&REV_3960
		Location Information	Port_#0004.Hub_#0003

[ Universal Serial Bus controllers / USB Composite Device ]

	Device Properties:
		Driver Description	USB Composite Device
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	usb.inf
		INF Section	Composite.Dev.NT
		Hardware ID	USB\VID_058F&PID_A014&REV_0003
		Location Information	Port_#0002.Hub_#0003

[ Universal Serial Bus controllers / USB Composite Device ]

	Device Properties:
		Driver Description	USB Composite Device
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	usb.inf
		INF Section	Composite.Dev.NT
		Hardware ID	USB\VID_04D9&PID_1702&REV_0406
		Location Information	Port_#0001.Hub_#0005

[ Universal Serial Bus controllers / USB Mass Storage Device ]

	Device Properties:
		Driver Description	USB Mass Storage Device
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	usbstor.inf
		INF Section	USBSTOR_BULK.NT
		Hardware ID	USB\VID_2537&PID_1066&REV_0100
		Location Information	Port_#0002.Hub_#0004

[ Universal Serial Bus controllers / USB Root Hub ]

	Device Properties:
		Driver Description	USB Root Hub
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	usbport.inf
		INF Section	ROOTHUB.Dev.NT
		Hardware ID	USB\ROOT_HUB20&VID8086&PID1C26&REV0005

[ Universal Serial Bus controllers / USB Root Hub ]

	Device Properties:
		Driver Description	USB Root Hub
		Driver Date	6/21/2006
		Driver Version	6.1.7601.17514
		Driver Provider	Microsoft
		INF File	usbport.inf
		INF Section	ROOTHUB.Dev.NT
		Hardware ID	USB\ROOT_HUB20&VID8086&PID1C2D&REV0005

[ Universal Serial Bus controllers / USB Root Hub ]

	Device Properties:
		Driver Description	USB Root Hub
		Driver Date	6/2/2011
		Driver Version	1.12.5.0
		Driver Provider	ASMedia Technology Inc
		INF File	oem5.inf
		INF Section	RootHub_Product1_Install.NTAMD64
		Hardware ID	USB\ASMEDIAUSBD_Hub&VID_040E&PID_0100&REV_0000

Physical Devices


PCI Devices:
	Bus 4, Device 0, Function 0	ASMedia ASM1042 USB 3.0 xHCI Controller
	Bus 3, Device 0, Function 0	Atheros AR9285 802.11b/g/n Wireless Network Adapter
	Bus 0, Device 27, Function 0	Intel Cougar Point PCH - High Definition Audio Controller [B-3]
	Bus 0, Device 22, Function 0	Intel Cougar Point PCH - Manageability Engine Interface 1 [B-2]
	Bus 0, Device 28, Function 0	Intel Cougar Point PCH - PCI Express Port 1 [B-3]
	Bus 0, Device 28, Function 1	Intel Cougar Point PCH - PCI Express Port 2 [B-3]
	Bus 0, Device 28, Function 3	Intel Cougar Point PCH - PCI Express Port 4 [B-3]
	Bus 0, Device 28, Function 5	Intel Cougar Point PCH - PCI Express Port 6 [B-3]
	Bus 0, Device 31, Function 3	Intel Cougar Point PCH - SMBus Controller [B-3]
	Bus 0, Device 31, Function 6	Intel Cougar Point PCH - Thermal Management Controller [B-3]
	Bus 0, Device 29, Function 0	Intel Cougar Point PCH - USB EHCI #1 Controller [B-3]
	Bus 0, Device 26, Function 0	Intel Cougar Point PCH - USB EHCI #2 Controller [B-3]
	Bus 0, Device 31, Function 2	Intel Cougar Point-M PCH - SATA AHCI 6-Port Controller [B-3]
	Bus 0, Device 31, Function 0	Intel HM65 PCH - LPC Interface Controller [B-3]
	Bus 0, Device 1, Function 0	Intel Sandy Bridge - PCI Express Controller
	Bus 0, Device 0, Function 0	Intel Sandy Bridge-MB - Host Bridge/DRAM Controller
	Bus 1, Device 0, Function 0	nVIDIA GeForce GT 520M (Asus) Video Adapter
	Bus 1, Device 0, Function 1	nVIDIA GF119 - High Definition Audio Controller
	Bus 5, Device 0, Function 0	Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter

PnP Devices:
	PNP0303	101/102-Key or MS Natural Keyboard
	PNP0C08	ACPI Driver/BIOS
	FIXEDBUTTON	ACPI Fixed Feature Button
	PNP0C14	ACPI Management Interface
	THERMALZONE	ACPI Thermal Zone
	PNP0A08	ACPI Three-wire Device Bus
	PNP0C0A	Control Method Battery
	PNP0200	DMA Controller
	ETD0101	ELAN PS/2 Port Smart-Pad
	PNP0C09	Embedded Controller Device
	PNP0103	High Precision Event Timer
	INT0800	Intel Flash EEPROM
	INT340E	Intel System Device
	INT3F0D	Intel Watchdog Timer
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I5-2450M_CPU_@_2.50GHZ	Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I5-2450M_CPU_@_2.50GHZ	Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I5-2450M_CPU_@_2.50GHZ	Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_42_-________INTEL(R)_CORE(TM)_I5-2450M_CPU_@_2.50GHZ	Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
	PNP0C0D	Lid
	ACPI0003	Microsoft AC Adapter
	ISATAP	Microsoft ISATAP Adapter #2
	ISATAP	Microsoft ISATAP Adapter
	PNP0C04	Numeric Data Processor
	PNP0000	Programmable Interrupt Controller
	PNP0B00	Real-Time Clock
	PNP0C0E	Sleep Button
	PNP0100	System Timer
	PNP0C02	Thermal Monitoring ACPI Device
	PNP0C02	Thermal Monitoring ACPI Device
	PNP0C02	Thermal Monitoring ACPI Device

USB Devices:
	058F A014	ASUS USB2.0 WebCam
	13D3 3304	Bluetooth Module
	0424 2514	Generic USB Hub
	8087 0024	Generic USB Hub
	8087 0024	Generic USB Hub
	0BDA 0139	Realtek USB 2.0 Card Reader
	04D9 1702	USB Composite Device
	058F A014	USB Composite Device
	04D9 1702	USB Input Device
	04D9 1702	USB Input Device
	1C4F 0034	USB Input Device
	2537 1066	USB Mass Storage Device
	040E 0100	USB Root Hub

PCI Devices


[ ASMedia ASM1042 USB 3.0 xHCI Controller ]

	Device Properties:
		Device Description	ASMedia ASM1042 USB 3.0 xHCI Controller
		Bus Type	PCI Express 2.0 x1
		Bus / Device / Function	4 / 0 / 0
		Device ID	1B21-1042
		Subsystem ID	1043-1059
		Device Class	0C03 (USB Controller)
		Revision	00
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Atheros AR9285 802.11b/g/n Wireless Network Adapter ]

	Device Properties:
		Device Description	Atheros AR9285 802.11b/g/n Wireless Network Adapter
		Bus Type	PCI Express 2.0 x1
		Bus / Device / Function	3 / 0 / 0
		Device ID	168C-002B
		Subsystem ID	1A3B-2C37
		Device Class	0280 (Network Controller)
		Revision	01
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Cougar Point PCH - High Definition Audio Controller [B-3] ]

	Device Properties:
		Device Description	Intel Cougar Point PCH - High Definition Audio Controller [B-3]
		Bus Type	PCI Express 1.0
		Bus / Device / Function	0 / 27 / 0
		Device ID	8086-1C20
		Subsystem ID	1043-1AD3
		Device Class	0403 (High Definition Audio)
		Revision	05
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Cougar Point PCH - Manageability Engine Interface 1 [B-2] ]

	Device Properties:
		Device Description	Intel Cougar Point PCH - Manageability Engine Interface 1 [B-2]
		Bus Type	PCI
		Bus / Device / Function	0 / 22 / 0
		Device ID	8086-1C3A
		Subsystem ID	1043-1287
		Device Class	0780 (Communications Controller)
		Revision	04
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Cougar Point PCH - PCI Express Port 1 [B-3] ]

	Device Properties:
		Device Description	Intel Cougar Point PCH - PCI Express Port 1 [B-3]
		Bus Type	PCI
		Bus / Device / Function	0 / 28 / 0
		Device ID	8086-1C10
		Subsystem ID	0000-0000
		Device Class	0604 (PCI/PCI Bridge)
		Revision	B5
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Cougar Point PCH - PCI Express Port 2 [B-3] ]

	Device Properties:
		Device Description	Intel Cougar Point PCH - PCI Express Port 2 [B-3]
		Bus Type	PCI
		Bus / Device / Function	0 / 28 / 1
		Device ID	8086-1C12
		Subsystem ID	0000-0000
		Device Class	0604 (PCI/PCI Bridge)
		Revision	B5
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Cougar Point PCH - PCI Express Port 4 [B-3] ]

	Device Properties:
		Device Description	Intel Cougar Point PCH - PCI Express Port 4 [B-3]
		Bus Type	PCI
		Bus / Device / Function	0 / 28 / 3
		Device ID	8086-1C16
		Subsystem ID	0000-0000
		Device Class	0604 (PCI/PCI Bridge)
		Revision	B5
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Cougar Point PCH - PCI Express Port 6 [B-3] ]

	Device Properties:
		Device Description	Intel Cougar Point PCH - PCI Express Port 6 [B-3]
		Bus Type	PCI
		Bus / Device / Function	0 / 28 / 5
		Device ID	8086-1C1A
		Subsystem ID	0000-0000
		Device Class	0604 (PCI/PCI Bridge)
		Revision	B5
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Cougar Point PCH - SMBus Controller [B-3] ]

	Device Properties:
		Device Description	Intel Cougar Point PCH - SMBus Controller [B-3]
		Bus Type	PCI
		Bus / Device / Function	0 / 31 / 3
		Device ID	8086-1C22
		Subsystem ID	1043-1287
		Device Class	0C05 (SMBus Controller)
		Revision	05
		Fast Back-to-Back Transactions	Supported, Disabled

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Disabled

[ Intel Cougar Point PCH - Thermal Management Controller [B-3] ]

	Device Properties:
		Device Description	Intel Cougar Point PCH - Thermal Management Controller [B-3]
		Bus Type	PCI
		Bus / Device / Function	0 / 31 / 6
		Device ID	8086-1C24
		Subsystem ID	1043-1287
		Device Class	1180 (Data Acquisition / Signal Processing Controller)
		Revision	05
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Disabled

[ Intel Cougar Point PCH - USB EHCI #1 Controller [B-3] ]

	Device Properties:
		Device Description	Intel Cougar Point PCH - USB EHCI #1 Controller [B-3]
		Bus Type	PCI
		Bus / Device / Function	0 / 29 / 0
		Device ID	8086-1C26
		Subsystem ID	1043-1287
		Device Class	0C03 (USB Controller)
		Revision	05
		Fast Back-to-Back Transactions	Supported, Disabled

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Cougar Point PCH - USB EHCI #2 Controller [B-3] ]

	Device Properties:
		Device Description	Intel Cougar Point PCH - USB EHCI #2 Controller [B-3]
		Bus Type	PCI
		Bus / Device / Function	0 / 26 / 0
		Device ID	8086-1C2D
		Subsystem ID	1043-1287
		Device Class	0C03 (USB Controller)
		Revision	05
		Fast Back-to-Back Transactions	Supported, Disabled

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Cougar Point-M PCH - SATA AHCI 6-Port Controller [B-3] ]

	Device Properties:
		Device Description	Intel Cougar Point-M PCH - SATA AHCI 6-Port Controller [B-3]
		Bus Type	PCI
		Bus / Device / Function	0 / 31 / 2
		Device ID	8086-1C03
		Subsystem ID	1043-1287
		Device Class	0106 (SATA Controller)
		Revision	05
		Fast Back-to-Back Transactions	Supported, Disabled

	Device Features:
		66 MHz Operation	Supported
		Bus Mastering	Enabled

[ Intel HM65 PCH - LPC Interface Controller [B-3] ]

	Device Properties:
		Device Description	Intel HM65 PCH - LPC Interface Controller [B-3]
		Bus Type	PCI
		Bus / Device / Function	0 / 31 / 0
		Device ID	8086-1C49
		Subsystem ID	1043-1287
		Device Class	0601 (PCI/ISA Bridge)
		Revision	05
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Sandy Bridge - PCI Express Controller ]

	Device Properties:
		Device Description	Intel Sandy Bridge - PCI Express Controller
		Bus Type	PCI
		Bus / Device / Function	0 / 1 / 0
		Device ID	8086-0101
		Subsystem ID	0000-0000
		Device Class	0604 (PCI/PCI Bridge)
		Revision	09
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Intel Sandy Bridge-MB - Host Bridge/DRAM Controller ]

	Device Properties:
		Device Description	Intel Sandy Bridge-MB - Host Bridge/DRAM Controller
		Bus Type	PCI
		Bus / Device / Function	0 / 0 / 0
		Device ID	8086-0104
		Subsystem ID	1043-1287
		Device Class	0600 (Host/PCI Bridge)
		Revision	09
		Fast Back-to-Back Transactions	Supported, Disabled

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ nVIDIA GeForce GT 520M (Asus) Video Adapter ]

	Device Properties:
		Device Description	nVIDIA GeForce GT 520M (Asus) Video Adapter
		Bus Type	PCI Express 2.0 x16
		Bus / Device / Function	1 / 0 / 0
		Device ID	10DE-1050
		Subsystem ID	1043-1742
		Device Class	0300 (VGA Display Controller)
		Revision	A1
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

	Video Adapter Manufacturer:
		Company Name	NVIDIA Corporation
		Product Information	http://www.nvidia.com/page/products.html
		Driver Download	http://www.nvidia.com/content/drivers/drivers.asp
		Driver Update	http://www.aida64.com/driver-updates

[ nVIDIA GF119 - High Definition Audio Controller ]

	Device Properties:
		Device Description	nVIDIA GF119 - High Definition Audio Controller
		Bus Type	PCI Express 2.0 x16
		Bus / Device / Function	1 / 0 / 1
		Device ID	10DE-0E08
		Subsystem ID	0000-0000
		Device Class	0403 (High Definition Audio)
		Revision	A1
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

[ Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter ]

	Device Properties:
		Device Description	Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter
		Bus Type	PCI Express 2.0 x1
		Bus / Device / Function	5 / 0 / 0
		Device ID	10EC-8168
		Subsystem ID	1043-1287
		Device Class	0200 (Ethernet Controller)
		Revision	06
		Fast Back-to-Back Transactions	Not Supported

	Device Features:
		66 MHz Operation	Not Supported
		Bus Mastering	Enabled

	Network Adapter Manufacturer:
		Company Name	Realtek Semiconductor Corp.
		Product Information	http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=7&PFid=10&Level=3&Conn=2
		Driver Download	http://www.realtek.com.tw/downloads
		Driver Update	http://www.aida64.com/driver-updates

USB Devices


[ Generic USB Hub ]

	Device Properties:
		Device Description	Generic USB Hub
		Device ID	8087-0024
		Device Class	09 / 00 (Hi-Speed Hub with single TT)
		Device Protocol	01
		Supported USB Version	2.00
		Current Speed	High (USB 2.0)

[ USB Input Device (Usb Mouse) ]

	Device Properties:
		Device Description	USB Input Device
		Device ID	1C4F-0034
		Device Class	03 / 01 (Human Interface Device)
		Device Protocol	02
		Manufacturer	SIGMACHIP
		Product	Usb Mouse
		Supported USB Version	1.10
		Current Speed	Low (USB 1.1)

[ Generic USB Hub ]

	Device Properties:
		Device Description	Generic USB Hub
		Device ID	0424-2514
		Device Class	09 / 00 (Hi-Speed Hub with multiple TTs)
		Device Protocol	02
		Supported USB Version	2.00
		Current Speed	High (USB 2.0)

[ USB Composite Device (USB Keyboard) ]

	Device Properties:
		Device Description	USB Composite Device
		Device ID	04D9-1702
		Device Class	03 / 01 (Human Interface Device)
		Device Protocol	01
		Product	USB Keyboard
		Supported USB Version	1.10
		Current Speed	Low (USB 1.1)

[ Generic USB Hub ]

	Device Properties:
		Device Description	Generic USB Hub
		Device ID	8087-0024
		Device Class	09 / 00 (Hi-Speed Hub with single TT)
		Device Protocol	01
		Supported USB Version	2.00
		Current Speed	High (USB 2.0)

[ Bluetooth Module ]

	Device Properties:
		Device Description	Bluetooth Module
		Device ID	13D3-3304
		Device Class	E0 / 01 (Bluetooth)
		Device Protocol	01
		Supported USB Version	1.10
		Current Speed	Full (USB 1.1)

[ USB Composite Device (ASUS USB2.0 WebCam) ]

	Device Properties:
		Device Description	USB Composite Device
		Device ID	058F-A014
		Device Class	EF / 02 (Interface Association Descriptor)
		Device Protocol	01
		Manufacturer	04G6200086K1AN17J000AKN
		Product	ASUS USB2.0 WebCam
		Supported USB Version	2.00
		Current Speed	High (USB 2.0)

[ Realtek USB 2.0 Card Reader (USB2.0-CRW) ]

	Device Properties:
		Device Description	Realtek USB 2.0 Card Reader
		Device ID	0BDA-0139
		Device Class	FF / FF
		Device Protocol	FF
		Manufacturer	Generic
		Product	USB2.0-CRW
		Serial Number	20100201396000000
		Supported USB Version	2.00
		Current Speed	High (USB 2.0)

[ USB Mass Storage Device (NS1066) ]

	Device Properties:
		Device Description	USB Mass Storage Device
		Device ID	2537-1066
		Device Class	08 / 06 (Mass Storage)
		Device Protocol	50
		Manufacturer	Norelsys
		Product	NS1066
		Serial Number	0123456789AFFE6
		Supported USB Version	3.00
		Current Speed	Super (USB 3.0)

Device Resources


Resource	Share	Device Description
DMA 04	Exclusive	Direct memory access controller
IRQ 00	Exclusive	System timer
IRQ 01	Exclusive	Standard PS/2 Keyboard
IRQ 08	Exclusive	System CMOS/real time clock
IRQ 100	Exclusive	Microsoft ACPI-Compliant System
IRQ 101	Exclusive	Microsoft ACPI-Compliant System
IRQ 102	Exclusive	Microsoft ACPI-Compliant System
IRQ 103	Exclusive	Microsoft ACPI-Compliant System
IRQ 104	Exclusive	Microsoft ACPI-Compliant System
IRQ 105	Exclusive	Microsoft ACPI-Compliant System
IRQ 106	Exclusive	Microsoft ACPI-Compliant System
IRQ 107	Exclusive	Microsoft ACPI-Compliant System
IRQ 108	Exclusive	Microsoft ACPI-Compliant System
IRQ 109	Exclusive	Microsoft ACPI-Compliant System
IRQ 11	Shared	Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22
IRQ 110	Exclusive	Microsoft ACPI-Compliant System
IRQ 111	Exclusive	Microsoft ACPI-Compliant System
IRQ 112	Exclusive	Microsoft ACPI-Compliant System
IRQ 113	Exclusive	Microsoft ACPI-Compliant System
IRQ 114	Exclusive	Microsoft ACPI-Compliant System
IRQ 115	Exclusive	Microsoft ACPI-Compliant System
IRQ 116	Exclusive	Microsoft ACPI-Compliant System
IRQ 117	Exclusive	Microsoft ACPI-Compliant System
IRQ 118	Exclusive	Microsoft ACPI-Compliant System
IRQ 119	Exclusive	Microsoft ACPI-Compliant System
IRQ 12	Exclusive	Standard PS/2 Port Mouse
IRQ 120	Exclusive	Microsoft ACPI-Compliant System
IRQ 121	Exclusive	Microsoft ACPI-Compliant System
IRQ 122	Exclusive	Microsoft ACPI-Compliant System
IRQ 123	Exclusive	Microsoft ACPI-Compliant System
IRQ 124	Exclusive	Microsoft ACPI-Compliant System
IRQ 125	Exclusive	Microsoft ACPI-Compliant System
IRQ 126	Exclusive	Microsoft ACPI-Compliant System
IRQ 127	Exclusive	Microsoft ACPI-Compliant System
IRQ 128	Exclusive	Microsoft ACPI-Compliant System
IRQ 129	Exclusive	Microsoft ACPI-Compliant System
IRQ 13	Exclusive	Numeric data processor
IRQ 130	Exclusive	Microsoft ACPI-Compliant System
IRQ 131	Exclusive	Microsoft ACPI-Compliant System
IRQ 132	Exclusive	Microsoft ACPI-Compliant System
IRQ 133	Exclusive	Microsoft ACPI-Compliant System
IRQ 134	Exclusive	Microsoft ACPI-Compliant System
IRQ 135	Exclusive	Microsoft ACPI-Compliant System
IRQ 136	Exclusive	Microsoft ACPI-Compliant System
IRQ 137	Exclusive	Microsoft ACPI-Compliant System
IRQ 138	Exclusive	Microsoft ACPI-Compliant System
IRQ 139	Exclusive	Microsoft ACPI-Compliant System
IRQ 140	Exclusive	Microsoft ACPI-Compliant System
IRQ 141	Exclusive	Microsoft ACPI-Compliant System
IRQ 142	Exclusive	Microsoft ACPI-Compliant System
IRQ 143	Exclusive	Microsoft ACPI-Compliant System
IRQ 144	Exclusive	Microsoft ACPI-Compliant System
IRQ 145	Exclusive	Microsoft ACPI-Compliant System
IRQ 146	Exclusive	Microsoft ACPI-Compliant System
IRQ 147	Exclusive	Microsoft ACPI-Compliant System
IRQ 148	Exclusive	Microsoft ACPI-Compliant System
IRQ 149	Exclusive	Microsoft ACPI-Compliant System
IRQ 150	Exclusive	Microsoft ACPI-Compliant System
IRQ 151	Exclusive	Microsoft ACPI-Compliant System
IRQ 152	Exclusive	Microsoft ACPI-Compliant System
IRQ 153	Exclusive	Microsoft ACPI-Compliant System
IRQ 154	Exclusive	Microsoft ACPI-Compliant System
IRQ 155	Exclusive	Microsoft ACPI-Compliant System
IRQ 156	Exclusive	Microsoft ACPI-Compliant System
IRQ 157	Exclusive	Microsoft ACPI-Compliant System
IRQ 158	Exclusive	Microsoft ACPI-Compliant System
IRQ 159	Exclusive	Microsoft ACPI-Compliant System
IRQ 16	Shared	NVIDIA GeForce GT 520M
IRQ 16	Shared	Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D
IRQ 16	Shared	Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
IRQ 160	Exclusive	Microsoft ACPI-Compliant System
IRQ 161	Exclusive	Microsoft ACPI-Compliant System
IRQ 162	Exclusive	Microsoft ACPI-Compliant System
IRQ 163	Exclusive	Microsoft ACPI-Compliant System
IRQ 164	Exclusive	Microsoft ACPI-Compliant System
IRQ 165	Exclusive	Microsoft ACPI-Compliant System
IRQ 166	Exclusive	Microsoft ACPI-Compliant System
IRQ 167	Exclusive	Microsoft ACPI-Compliant System
IRQ 168	Exclusive	Microsoft ACPI-Compliant System
IRQ 169	Exclusive	Microsoft ACPI-Compliant System
IRQ 17	Shared	Atheros AR9002WB-1NG Wireless Network Adapter
IRQ 17	Shared	High Definition Audio Controller
IRQ 17	Shared	Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12
IRQ 17	Shared	Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 6 - 1C1A
IRQ 17	Shared	Xeon E3-1200/2nd Generation Intel(R) Core(TM) Processor Family PCI Express Root Port - 0101
IRQ 170	Exclusive	Microsoft ACPI-Compliant System
IRQ 171	Exclusive	Microsoft ACPI-Compliant System
IRQ 172	Exclusive	Microsoft ACPI-Compliant System
IRQ 173	Exclusive	Microsoft ACPI-Compliant System
IRQ 174	Exclusive	Microsoft ACPI-Compliant System
IRQ 175	Exclusive	Microsoft ACPI-Compliant System
IRQ 176	Exclusive	Microsoft ACPI-Compliant System
IRQ 177	Exclusive	Microsoft ACPI-Compliant System
IRQ 178	Exclusive	Microsoft ACPI-Compliant System
IRQ 179	Exclusive	Microsoft ACPI-Compliant System
IRQ 180	Exclusive	Microsoft ACPI-Compliant System
IRQ 181	Exclusive	Microsoft ACPI-Compliant System
IRQ 182	Exclusive	Microsoft ACPI-Compliant System
IRQ 183	Exclusive	Microsoft ACPI-Compliant System
IRQ 184	Exclusive	Microsoft ACPI-Compliant System
IRQ 185	Exclusive	Microsoft ACPI-Compliant System
IRQ 186	Exclusive	Microsoft ACPI-Compliant System
IRQ 187	Exclusive	Microsoft ACPI-Compliant System
IRQ 188	Exclusive	Microsoft ACPI-Compliant System
IRQ 189	Exclusive	Microsoft ACPI-Compliant System
IRQ 19	Shared	Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16
IRQ 19	Shared	Intel(R) Mobile Express Chipset SATA AHCI Controller
IRQ 190	Exclusive	Microsoft ACPI-Compliant System
IRQ 22	Shared	High Definition Audio Controller
IRQ 23	Shared	Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26
IRQ 65536	Exclusive	Realtek PCIe GBE Family Controller
IRQ 65536	Exclusive	ASMedia XHCI Controller
IRQ 65536	Exclusive	Intel(R) Management Engine Interface
IRQ 81	Exclusive	Microsoft ACPI-Compliant System
IRQ 82	Exclusive	Microsoft ACPI-Compliant System
IRQ 83	Exclusive	Microsoft ACPI-Compliant System
IRQ 84	Exclusive	Microsoft ACPI-Compliant System
IRQ 85	Exclusive	Microsoft ACPI-Compliant System
IRQ 86	Exclusive	Microsoft ACPI-Compliant System
IRQ 87	Exclusive	Microsoft ACPI-Compliant System
IRQ 88	Exclusive	Microsoft ACPI-Compliant System
IRQ 89	Exclusive	Microsoft ACPI-Compliant System
IRQ 90	Exclusive	Microsoft ACPI-Compliant System
IRQ 91	Exclusive	Microsoft ACPI-Compliant System
IRQ 92	Exclusive	Microsoft ACPI-Compliant System
IRQ 93	Exclusive	Microsoft ACPI-Compliant System
IRQ 94	Exclusive	Microsoft ACPI-Compliant System
IRQ 95	Exclusive	Microsoft ACPI-Compliant System
IRQ 96	Exclusive	Microsoft ACPI-Compliant System
IRQ 97	Exclusive	Microsoft ACPI-Compliant System
IRQ 98	Exclusive	Microsoft ACPI-Compliant System
IRQ 99	Exclusive	Microsoft ACPI-Compliant System
Memory 000A0000-000BFFFF	Shared	NVIDIA GeForce GT 520M
Memory 000A0000-000BFFFF	Shared	PCI bus
Memory 000A0000-000BFFFF	Undetermined	Xeon E3-1200/2nd Generation Intel(R) Core(TM) Processor Family PCI Express Root Port - 0101
Memory 000D0000-000D3FFF	Shared	PCI bus
Memory 000D4000-000D7FFF	Shared	PCI bus
Memory 000D8000-000DBFFF	Shared	PCI bus
Memory 000DC000-000DFFFF	Shared	PCI bus
Memory 000E0000-000E3FFF	Shared	PCI bus
Memory 000E4000-000E7FFF	Shared	PCI bus
Memory C0000000-CFFFFFFF	Exclusive	NVIDIA GeForce GT 520M
Memory C0000000-D1FFFFFF	Exclusive	Xeon E3-1200/2nd Generation Intel(R) Core(TM) Processor Family PCI Express Root Port - 0101
Memory C0000000-FEAFFFFF	Shared	PCI bus
Memory D0000000-D1FFFFFF	Exclusive	NVIDIA GeForce GT 520M
Memory D2100000-D2103FFF	Exclusive	Realtek PCIe GBE Family Controller
Memory D2100000-D2AFFFFF	Exclusive	Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 6 - 1C1A
Memory D2104000-D2104FFF	Exclusive	Realtek PCIe GBE Family Controller
Memory D2C00000-D35FFFFF	Exclusive	Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16
Memory D3700000-D40FFFFF	Exclusive	Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12
Memory D4200000-D4BFFFFF	Exclusive	Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
Memory D4C00000-D4C00FFF	Exclusive	Motherboard resources
Memory D4C00000-D4C00FFF	Exclusive	Motherboard resources
Memory DC000000-DCFFFFFF	Exclusive	NVIDIA GeForce GT 520M
Memory DC000000-DD0FFFFF	Exclusive	Xeon E3-1200/2nd Generation Intel(R) Core(TM) Processor Family PCI Express Root Port - 0101
Memory DD080000-DD083FFF	Exclusive	High Definition Audio Controller
Memory DD200000-DDBFFFFF	Exclusive	Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 6 - 1C1A
Memory DDC00000-DDC07FFF	Exclusive	ASMedia XHCI Controller
Memory DDC00000-DE5FFFFF	Exclusive	Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16
Memory DE600000-DEFFFFFF	Exclusive	Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12
Memory DEFF0000-DEFFFFFF	Exclusive	Atheros AR9002WB-1NG Wireless Network Adapter
Memory DF000000-DF9FFFFF	Exclusive	Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
Memory DFA00000-DFA03FFF	Exclusive	High Definition Audio Controller
Memory DFA05000-DFA050FF	Exclusive	Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22
Memory DFA06000-DFA067FF	Exclusive	Intel(R) Mobile Express Chipset SATA AHCI Controller
Memory DFA07000-DFA073FF	Exclusive	Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26
Memory DFA08000-DFA083FF	Exclusive	Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D
Memory DFA0A000-DFA0A00F	Exclusive	Intel(R) Management Engine Interface
Memory E0000000-E3FFFFFF	Exclusive	Motherboard resources
Memory FED00000-FED003FF	Exclusive	High precision event timer
Memory FED10000-FED17FFF	Exclusive	Motherboard resources
Memory FED18000-FED18FFF	Exclusive	Motherboard resources
Memory FED19000-FED19FFF	Exclusive	Motherboard resources
Memory FED1C000-FED1FFFF	Exclusive	Motherboard resources
Memory FED20000-FED3FFFF	Exclusive	Motherboard resources
Memory FED40000-FED44FFF	Shared	PCI bus
Memory FED45000-FED8FFFF	Exclusive	Motherboard resources
Memory FED90000-FED93FFF	Exclusive	Motherboard resources
Memory FEE00000-FEEFFFFF	Exclusive	Motherboard resources
Memory FF000000-FFFFFFFF	Exclusive	Intel(R) 82802 Firmware Hub Device
Memory FF000000-FFFFFFFF	Exclusive	Motherboard resources
Port 0000-001F	Exclusive	Direct memory access controller
Port 0000-0CF7	Shared	PCI bus
Port 0020-0021	Exclusive	Programmable interrupt controller
Port 0024-0025	Exclusive	Programmable interrupt controller
Port 0028-0029	Exclusive	Programmable interrupt controller
Port 002C-002D	Exclusive	Programmable interrupt controller
Port 002E-002F	Exclusive	Motherboard resources
Port 0030-0031	Exclusive	Programmable interrupt controller
Port 0034-0035	Exclusive	Programmable interrupt controller
Port 0038-0039	Exclusive	Programmable interrupt controller
Port 003C-003D	Exclusive	Programmable interrupt controller
Port 0040-0043	Exclusive	System timer
Port 004E-004F	Exclusive	Motherboard resources
Port 0050-0053	Exclusive	System timer
Port 0060-0060	Exclusive	Standard PS/2 Keyboard
Port 0061-0061	Exclusive	Motherboard resources
Port 0062-0062	Exclusive	Microsoft ACPI-Compliant Embedded Controller
Port 0063-0063	Exclusive	Motherboard resources
Port 0064-0064	Exclusive	Standard PS/2 Keyboard
Port 0065-0065	Exclusive	Motherboard resources
Port 0066-0066	Exclusive	Microsoft ACPI-Compliant Embedded Controller
Port 0067-0067	Exclusive	Motherboard resources
Port 0070-0070	Exclusive	Motherboard resources
Port 0070-0077	Exclusive	System CMOS/real time clock
Port 0080-0080	Exclusive	Motherboard resources
Port 0081-0091	Exclusive	Direct memory access controller
Port 0092-0092	Exclusive	Motherboard resources
Port 0093-009F	Exclusive	Direct memory access controller
Port 00A0-00A1	Exclusive	Programmable interrupt controller
Port 00A4-00A5	Exclusive	Programmable interrupt controller
Port 00A8-00A9	Exclusive	Programmable interrupt controller
Port 00AC-00AD	Exclusive	Programmable interrupt controller
Port 00B0-00B1	Exclusive	Programmable interrupt controller
Port 00B2-00B3	Exclusive	Motherboard resources
Port 00B4-00B5	Exclusive	Programmable interrupt controller
Port 00B8-00B9	Exclusive	Programmable interrupt controller
Port 00BC-00BD	Exclusive	Programmable interrupt controller
Port 00C0-00DF	Exclusive	Direct memory access controller
Port 00F0-00F0	Exclusive	Numeric data processor
Port 03B0-03BB	Shared	NVIDIA GeForce GT 520M
Port 03B0-03BB	Undetermined	Xeon E3-1200/2nd Generation Intel(R) Core(TM) Processor Family PCI Express Root Port - 0101
Port 03C0-03DF	Shared	NVIDIA GeForce GT 520M
Port 03C0-03DF	Undetermined	Xeon E3-1200/2nd Generation Intel(R) Core(TM) Processor Family PCI Express Root Port - 0101
Port 0400-0453	Exclusive	Motherboard resources
Port 0454-0457	Exclusive	Motherboard resources
Port 0458-047F	Exclusive	Motherboard resources
Port 04D0-04D1	Exclusive	Programmable interrupt controller
Port 0500-057F	Exclusive	Motherboard resources
Port 0680-069F	Exclusive	Motherboard resources
Port 0D00-FFFF	Shared	PCI bus
Port 1000-100F	Exclusive	Motherboard resources
Port 164E-164F	Exclusive	Motherboard resources
Port 9000-90FF	Exclusive	Realtek PCIe GBE Family Controller
Port 9000-9FFF	Exclusive	Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 6 - 1C1A
Port A000-AFFF	Exclusive	Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16
Port B000-BFFF	Exclusive	Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12
Port C000-CFFF	Exclusive	Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
Port D000-D07F	Exclusive	NVIDIA GeForce GT 520M
Port D000-DFFF	Exclusive	Xeon E3-1200/2nd Generation Intel(R) Core(TM) Processor Family PCI Express Root Port - 0101
Port E000-E01F	Exclusive	Intel(R) 6 Series/C200 Series Chipset Family SMBus Controller - 1C22
Port E020-E03F	Exclusive	Intel(R) Mobile Express Chipset SATA AHCI Controller
Port E040-E043	Exclusive	Intel(R) Mobile Express Chipset SATA AHCI Controller
Port E050-E057	Exclusive	Intel(R) Mobile Express Chipset SATA AHCI Controller
Port E060-E063	Exclusive	Intel(R) Mobile Express Chipset SATA AHCI Controller
Port E070-E077	Exclusive	Intel(R) Mobile Express Chipset SATA AHCI Controller
Port FFFF-FFFF	Exclusive	Motherboard resources
Port FFFF-FFFF	Exclusive	Motherboard resources

Input


[ HID Keyboard Device ]

	Keyboard Properties:
		Keyboard Name	HID Keyboard Device
		Keyboard Type	IBM enhanced (101- or 102-key) keyboard
		Keyboard Layout	US
		ANSI Code Page	1252 - Western European (Windows)
		OEM Code Page	437
		Repeat Delay	1
		Repeat Rate	31

[ HID-compliant mouse ]

	Mouse Properties:
		Mouse Name	HID-compliant mouse
		Mouse Buttons	3
		Mouse Hand	Right
		Pointer Speed	1
		Double-Click Time	500 msec
		X/Y Threshold	6 / 10
		Wheel Scroll Lines	3

	Mouse Features:
		Active Window Tracking	Disabled
		ClickLock	Disabled
		Hide Pointer While Typing	Enabled
		Mouse Wheel	Present
		Move Pointer To Default Button	Disabled
		Pointer Trails	Disabled
		Sonar	Disabled

Printers


[ Fax ]

	Printer Properties:
		Printer Name	Fax
		Default Printer	No
		Share Point	Not shared
		Printer Port	SHRFAX:
		Printer Driver	Microsoft Shared Fax Driver (v4.00)
		Device Name	Fax
		Print Processor	winprint
		Separator Page	None
		Availability	8:00 AM - 8:00 AM
		Priority	1
		Print Jobs Queued	0
		Status	Unknown

	Paper Properties:
		Paper Size	Letter, 8.5 x 11 in
		Orientation	Portrait
		Print Quality	200 x 200 dpi Mono

[ Microsoft XPS Document Writer (Default) ]

	Printer Properties:
		Printer Name	Microsoft XPS Document Writer
		Default Printer	Yes
		Share Point	Not shared
		Printer Port	XPSPort:
		Printer Driver	Microsoft XPS Document Writer (v6.00)
		Device Name	Microsoft XPS Document Writer
		Print Processor	winprint
		Separator Page	None
		Availability	Always
		Priority	1
		Print Jobs Queued	0
		Status	Unknown

	Paper Properties:
		Paper Size	Letter, 8.5 x 11 in
		Orientation	Portrait
		Print Quality	600 x 600 dpi Color

Auto Start


Application Description	Start From	Application Command
CocCoc Update	Registry\User\Run	C:\Users\huytv\AppData\Local\CocCoc\Update\CocCocUpdate.exe /c

Scheduled


[ CocCocUpdateTaskUserS-1-5-21-2283534224-2209397732-517526467-1000Core ]

	Task Properties:
		Task Name	CocCocUpdateTaskUserS-1-5-21-2283534224-2209397732-517526467-1000Core
		Status	Enabled
		Application Name	C:\Users\huytv\AppData\Local\CocCoc\Update\CocCocUpdate.exe
		Application Parameters	/c
		Working Folder
		Comment	Gi? cho ph?n m?m C?c C?c c?a b?n luôn c?p nh?t. N?u tác v? này b? vô hi?u hoá ho?c b? d?ng, ph?n m?m C?c C?c c?a b?n s? không du?c c?p nh?t. Ði?u này có nghia là các l? h?ng b?o m?t xu?t hi?n s? không th? kh?c ph?c du?c và các tính nang có th? không ho?t d?ng. Tác v? này s? t? g? cài d?t khi không có ph?n m?m C?c C?c nào s? d?ng nó.
		Account Name	huytv
		Creator	huytv
		Last Run	Unknown
		Next Run	10/11/2015 4:33:00 AM

	Task Triggers:
		Daily	At 4:33:00 AM every day

[ CocCocUpdateTaskUserS-1-5-21-2283534224-2209397732-517526467-1000UA ]

	Task Properties:
		Task Name	CocCocUpdateTaskUserS-1-5-21-2283534224-2209397732-517526467-1000UA
		Status	Enabled
		Application Name	C:\Users\huytv\AppData\Local\CocCoc\Update\CocCocUpdate.exe
		Application Parameters	/ua /installsource scheduler
		Working Folder
		Comment	Gi? cho ph?n m?m C?c C?c c?a b?n luôn c?p nh?t. N?u tác v? này b? vô hi?u hoá ho?c b? d?ng, ph?n m?m C?c C?c c?a b?n s? không du?c c?p nh?t. Ði?u này có nghia là các l? h?ng b?o m?t xu?t hi?n s? không th? kh?c ph?c du?c và các tính nang có th? không ho?t d?ng. Tác v? này s? t? g? cài d?t khi không có ph?n m?m C?c C?c nào s? d?ng nó.
		Account Name	huytv
		Creator	huytv
		Last Run	10/10/2015 1:09:00 PM
		Next Run	10/10/2015 2:09:00 PM

	Task Triggers:
		Daily	At 4:09:00 AM every day - After triggered, repeat every 1 hour for a duration of 1 day

Installed Programs


Program	Version	Inst. Size	GUID	Publisher	Inst. Date
7-Zip 15.05 beta x64		Unknown	7-Zip
AIDA64 Extreme v5.50	5.50	Unknown	AIDA64 Extreme_is1	FinalWire Ltd.	2015-10-07
Asmedia ASM104x USB 3.0 Host Controller Driver	1.12.5.0	Unknown	{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}	Asmedia Technology	2015-10-10
C?c C?c	41.0.2272.127	Unknown	CocCocBrowser	Ðon v? ch? qu?n C?c C?c	2015-10-07
CPUID CPU-Z 1.73		Unknown	CPUID CPU-Z_is1		2015-10-07
NVIDIA Control Panel 352.86 [english (united states)]	352.86	Unknown	{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel	NVIDIA Corporation	2015-10-07
NVIDIA Install Application [english (united states)]	2.1002.175.1474	Unknown	{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer	NVIDIA Corporation	2015-10-07
UniKey 4.0 RC2 (build 1101)		Unknown	{AC006985-A51F-42AC-A7E9-5E66D8AC8063}_is1	Pham Kim Long	2015-10-10

Licenses


		Software	Product Key
		Microsoft Internet Explorer 8.0.7601.17514	HYF8J-CVRMY-CM74G-RPHKF-PW487
		Microsoft Windows 7 Professional	HYF8J-CVRMY-CM74G-RPHKF-PW487

File Types


Extension	File Type Description	Content Type
386	Virtual Device Driver
3G2	3GPP2 Audio/Video	video/3gpp2
3GP	3GPP Audio/Video	video/3gpp
3GP2	3GPP2 Audio/Video	video/3gpp2
3GPP	3GPP Audio/Video	video/3gpp
AAC	ADTS Audio	audio/vnd.dlna.adts
ADT	ADTS Audio	audio/vnd.dlna.adts
ADTS	ADTS Audio	audio/vnd.dlna.adts
AIF	AIFF Format Sound	audio/aiff
AIFC	AIFF Format Sound	audio/aiff
AIFF	AIFF Format Sound	audio/aiff
ANI	Animated Cursor
APPLICATION	Application Manifest	application/x-ms-application
APPREF-MS	Application Reference
ASA	ASA File
ASF	Windows Media Audio/Video file	video/x-ms-asf
ASP	ASP File
ASX	Windows Media Audio/Video playlist	video/x-ms-asf
AU	AU Format Sound	audio/basic
AVI	Video Clip	video/avi
BAT	Windows Batch File
BLG	Performance Monitor File
BMP	Bitmap Image	image/bmp
C2R	C2R File
CAB	Cabinet File
CAMP	WCS Viewing Condition Profile
CAT	Security Catalog	application/vnd.ms-pki.seccat
CDA	CD Audio Track
CDMP	WCS Device Profile
CDX	CDX File
CER	Security Certificate	application/x-x509-ca-cert
CHK	Recovered File Fragments
CHM	Compiled HTML Help file
CMD	Windows Command Script
COM	MS-DOS Application
COMPOSITEFONT	Composite Font File
CONTACT	Contact File	text/x-ms-contact
CPL	Control Panel Item
CRD	Information Card
CRDS	Information Card Store
CRL	Certificate Revocation List	application/pkix-crl
CRT	Security Certificate	application/x-x509-ca-cert
CSS	Cascading Style Sheet Document	text/css
CUR	Cursor
DB	Data Base File
DER	Security Certificate	application/x-x509-ca-cert
DESKLINK	Desktop Shortcut
DIAGCAB	Diagnostic Cabinet
DIAGCFG	Diagnostic Configuration
DIAGPKG	Diagnostic Document
DIB	Bitmap Image	image/bmp
DLL	Application Extension	application/x-msdownload
DOCX	OOXML Text Document
DRV	Device Driver
DSN	Microsoft OLE DB Provider for ODBC Drivers
DVR	Microsoft Recorded TV Show
DVR-MS	Microsoft Recorded TV Show
DWFX	XPS Document	model/vnd.dwfx+xps
EASMX	XPS Document	model/vnd.easmx+xps
EDRWX	XPS Document	model/vnd.edrwx+xps
EMF	EMF File
EPRTX	XPS Document	model/vnd.eprtx+xps
EVT	EVT File
EVTX	EVTX File
EXE	Application	application/x-msdownload
FON	Font file
GADGET	Windows Gadget
GIF	GIF Image	image/gif
GMMP	WCS Gamut Mapping Profile
GROUP	Contact Group File	text/x-ms-group
GRP	Microsoft Program Group
H1C	Windows Help Collection Definition File
H1D	Windows Help Validator File
H1F	Windows Help Include File
H1H	Windows Help Merged Hierarchy
H1K	Windows Help Index File
H1Q	Windows Help Merged Query Index
H1S	Compiled Windows Help file
H1T	Windows Help Table of Contents File
H1V	Windows Help Virtual Topic Definition File
H1W	Windows Help Merged Keyword Index
HLP	Help File
HTA	HTML Application	application/hta
HTM	HTML Document	text/html
HTML	HTML Document	text/html
ICC	ICC Profile
ICL	Icon Library
ICM	ICC Profile
ICO	Icon	image/x-icon
IMG	Disc Image File
INF	Setup Information
INI	Configuration Settings
ISO	Disc Image File
JFIF	JPEG Image	image/jpeg
JNT	Journal Document
JOB	Task Scheduler Task Object
JOD	Microsoft.Jet.OLEDB.4.0
JPE	JPEG Image	image/jpeg
JPEG	JPEG Image	image/jpeg
JPG	JPEG Image	image/jpeg
JS	JScript Script File
JSE	JScript Encoded File
JTP	Journal Template
JTX	XPS Document	application/x-jtx+xps
LABEL	Property List
LIBRARY-MS	Library Folder	application/windows-library+xml
LNK	Shortcut
LOG	Text Document
M1V	Movie Clip	video/mpeg
M2T	AVCHD Video	video/vnd.dlna.mpeg-tts
M2TS	AVCHD Video	video/vnd.dlna.mpeg-tts
M2V	Movie Clip	video/mpeg
M3U	M3U file	audio/x-mpegurl
M4A	MPEG-4 Audio	audio/mp4
M4V	MP4 Video	video/mp4
MAPIMAIL	Mail Service
MCL	MCL File
MHT	MHTML Document	message/rfc822
MHTML	MHTML Document	message/rfc822
MID	MIDI Sequence	audio/mid
MIDI	MIDI Sequence	audio/mid
MIG	Migration Store
MLC	Language Pack File_
MOD	Movie Clip	video/mpeg
MOV	QuickTime Movie	video/quicktime
MP2	MP3 Format Sound	audio/mpeg
MP2V	Movie Clip	video/mpeg
MP3	MP3 Format Sound	audio/mpeg
MP4	MP4 Video	video/mp4
MP4V	MP4 Video	video/mp4
MPA	Movie Clip	video/mpeg
MPE	Movie Clip	video/mpeg
MPEG	Movie Clip	video/mpeg
MPG	Movie Clip	video/mpeg
MPV2	Movie Clip	video/mpeg
MSC	Microsoft Common Console Document
MSDVD	MSDVD File
MSI	Windows Installer Package
MSP	Windows Installer Patch
MSRCINCIDENT	Windows Remote Assistance Invitation
MSSTYLES	Windows Visual Style File
MSU	Microsoft Update Standalone Package
MTS	AVCHD Video	video/vnd.dlna.mpeg-tts
MYDOCS	MyDocs Drop Target
NFO	MSInfo Configuration File
OCX	ActiveX control
ODT	ODT File
OSDX	OpenSearch Description File	application/opensearchdescription+xml
OTF	OpenType Font file
P10	Certificate Request	application/pkcs10
P12	Personal Information Exchange	application/x-pkcs12
P7B	PKCS #7 Certificates	application/x-pkcs7-certificates
P7C	Digital ID File	application/pkcs7-mime
P7M	PKCS #7 MIME Message	application/pkcs7-mime
P7R	Certificate Request Response	application/x-pkcs7-certreqresp
P7S	PKCS #7 Signature	application/pkcs7-signature
PBK	Dial-Up Phonebook
PERFMONCFG	Performance Monitor Configuration
PFM	Type 1 Font file
PFX	Personal Information Exchange	application/x-pkcs12
PIF	Shortcut to MS-DOS Program
PKO	Public Key Security Object	application/vnd.ms-pki.pko
PNF	Precompiled Setup Information
PNG	PNG Image	image/png
PRF	PICS Rules File	application/pics-rules
PRINTEREXPORT	Printer Migration File
PS1	PS1 File
PS1XML	PS1XML File
PSC1	PSC1 File	application/PowerShell
PSD1	PSD1 File
PSM1	PSM1 File
QDS	Directory Query
RAT	Rating System File	application/rat-file
RDP	Remote Desktop Connection
REG	Registration Entries
RESMONCFG	Resource Monitor Configuration
RLE	RLE File
RLL	Application Extension
RMI	MIDI Sequence	audio/mid
RTF	Rich Text Document
SCF	Windows Explorer Command
SCP	Text Document
SCR	Screen saver
SCT	Windows Script Component	text/scriptlet
SEARCHCONNECTOR-MS	Search Connector Folder	application/windows-search-connector+xml
SEARCH-MS	Saved Search
SFCACHE	ReadyBoost Cache File
SLUPKG-MS	XrML Digital License Package	application/x-ms-license
SND	AU Format Sound	audio/basic
SPC	PKCS #7 Certificates	application/x-pkcs7-certificates
SST	Microsoft Serialized Certificate Store	application/vnd.ms-pki.certstore
STL	Certificate Trust List	application/vnd.ms-pki.stl
SYS	System file
THEME	Windows Theme File
THEMEPACK	Windows Theme Pack
TIF	TIF File	image/tiff
TIFF	TIFF File	image/tiff
TS	MPEG-2 TS Video	video/vnd.dlna.mpeg-tts
TTC	TrueType Collection Font file
TTF	TrueType Font file
TTS	MPEG-2 TS Video	video/vnd.dlna.mpeg-tts
TXT	Text Document	text/plain
UDL	Microsoft Data Link
URL	URL File
VBE	VBScript Encoded File
VBS	VBScript Script File
VCF	vCard File	text/x-vcard
VXD	Virtual Device Driver
WAB	Address Book File
WAV	Wave Sound	audio/wav
WAX	Windows Media Audio shortcut	audio/x-ms-wax
WBCAT	Windows Backup Catalog File
WCX	Workspace Configuration File
WDP	Windows Media Photo	image/vnd.ms-photo
WEBPNP	Web Point And Print File
WM	Windows Media Audio/Video file	video/x-ms-wm
WMA	Windows Media Audio file	audio/x-ms-wma
WMD	Windows Media Player Download Package	application/x-ms-wmd
WMDB	Windows Media Library
WMF	WMF File
WMS	Windows Media Player Skin File
WMV	Windows Media Audio/Video file	video/x-ms-wmv
WMX	Windows Media Audio/Video playlist	video/x-ms-wmx
WMZ	Windows Media Player Skin Package	application/x-ms-wmz
WPL	Windows Media playlist	application/vnd.ms-wpl
WSC	Windows Script Component	text/scriptlet
WSF	Windows Script File
WSH	Windows Script Host Settings File
WTV	Windows Recorded TV Show
WTX	Text Document
WVX	Windows Media Audio/Video playlist	video/x-ms-wvx
XAML	Windows Markup File	application/xaml+xml
XBAP	XAML Browser Application	application/x-ms-xbap
XML	XML Document	text/xml
XPS	XPS Document	application/vnd.ms-xpsdocument
XRM-MS	XrML Digital License	text/xml
XSL	XSL Stylesheet	text/xml
ZFSENDTOTARGET	Compressed (zipped) Folder SendTo Target
ZIP	Compressed (zipped) Folder	application/x-zip-compressed

Desktop Gadgets


[ Calendar ]

	Gadget Properties:
		Name	Calendar
		Description	Browse the days of the calendar.
		Version	1.1.0.0
		Author	Microsoft Corporation
		Copyright	© 2009
		URL	http://go.microsoft.com/fwlink/?LinkId=124093
		Folder	ProgramFiles
		XML	Calendar.Gadget\en-US\gadget.xml

[ Clock ]

	Gadget Properties:
		Name	Clock
		Description	Watch the clock in your own time zone or any city in the world.
		Version	1.0.0.0
		Author	Microsoft Corporation
		Copyright	© 2009
		URL	http://go.microsoft.com/fwlink/?LinkId=124093
		Folder	ProgramFiles
		XML	Clock.Gadget\en-US\gadget.xml

[ CPU Meter ]

	Gadget Properties:
		Name	CPU Meter
		Description	See the current computer CPU and system memory (RAM).
		Version	1.0.0.0
		Author	Microsoft Corporation
		Copyright	© 2009
		URL	http://go.microsoft.com/fwlink/?LinkId=124093
		Folder	ProgramFiles
		XML	CPU.Gadget\en-US\gadget.xml

[ Currency ]

	Gadget Properties:
		Name	Currency
		Description	Convert from one currency to another.
		Version	1.0.0.0
		Author	Microsoft Corporation
		Copyright	© 2009
		URL	http://go.microsoft.com/fwlink/?LinkId=124093
		Folder	ProgramFiles
		XML	Currency.Gadget\en-US\gadget.xml

[ Feed Headlines ]

	Gadget Properties:
		Name	Feed Headlines
		Description	Track the latest news, sports, and entertainment headlines.
		Version	1.1.0.0
		Author	Microsoft Corporation
		Copyright	© 2009
		URL	http://go.microsoft.com/fwlink/?LinkId=124093
		Folder	ProgramFiles
		XML	RSSFeeds.Gadget\en-US\gadget.xml

[ Picture Puzzle ]

	Gadget Properties:
		Name	Picture Puzzle
		Description	Move the pieces of the puzzle and try to put them in order.
		Version	1.0.0.0
		Author	Microsoft Corporation
		Copyright	© 2009
		URL	http://go.microsoft.com/fwlink/?LinkId=124093
		Folder	ProgramFiles
		XML	PicturePuzzle.Gadget\en-US\gadget.xml

[ Slide Show ]

	Gadget Properties:
		Name	Slide Show
		Description	Show a continuous slide show of your pictures.
		Version	1.0.0.0
		Author	Microsoft Corporation
		Copyright	© 2009
		URL	http://go.microsoft.com/fwlink/?LinkId=124093
		Folder	ProgramFiles
		XML	SlideShow.Gadget\en-US\gadget.xml

[ Weather ]

	Gadget Properties:
		Name	Weather
		Description	See what the weather looks like around the world.
		Version	1.1.0.0
		Author	Microsoft Corporation
		Copyright	© 2009
		URL	http://go.microsoft.com/fwlink/?LinkId=124093
		Folder	ProgramFiles
		XML	Weather.Gadget\en-US\gadget.xml

[ Windows Media Center ]

	Gadget Properties:
		Name	Windows Media Center
		Description	Play your latest TV recordings, new Internet TV clips, and favorite music and pictures.
		Version	1.0.0.0
		Author	Microsoft Corporation
		Copyright	© 2009
		URL	http://go.microsoft.com/fwlink/?LinkId=124093
		Folder	ProgramFiles
		XML	MediaCenter.Gadget\en-US\gadget.xml

Windows Security


Operating System Properties:
	OS Name	Microsoft Windows 7 Professional
	OS Service Pack	Service Pack 1
	Winlogon Shell	explorer.exe
	User Account Control (UAC)	Enabled
	UAC Remote Restrictions	Enabled
	System Restore	Enabled
	Windows Update Agent	7.6.7600.320 (winmain_wtr_wsus3sp2(oobla).140514-0916)

Data Execution Prevention (DEP, NX, EDB):
	Supported by Operating System	Yes
	Supported by CPU	Yes
	Active (To Protect Applications)	Yes
	Active (To Protect Drivers)	Yes

Windows Update


Update Description	Update Type	Inst. Date
(Automatic Update)	Download:Notify, Install:Notify
Update for Windows (KB2685811)	Update	10/7/2015
Windows Update Agent 7.6.7600.320	Update	10/7/2015

Firewall


Software Description	Software Version	Status
Windows Firewall	6.1.7600.16385	Enabled

Anti-Spyware


		Software Description	Software Version
		Microsoft Windows Defender	6.1.7600.16385(win7_rtm.090713-1255)

Regional


Time Zone:
	Current Time Zone	SE Asia Standard Time
	Current Time Zone Description	(UTC+07:00) Bangkok, Hanoi, Jakarta
	Change To Standard Time
	Change To Daylight Saving Time

Language:
	Language Name (Native)	English
	Language Name (English)	English
	Language Name (ISO 639)	en

Country/Region:
	Country Name (Native)	United States
	Country Name (English)	United States
	Country Name (ISO 3166)	US
	Country Code	1

Currency:
	Currency Name (Native)	US Dollar
	Currency Name (English)	US Dollar
	Currency Symbol (Native)	$
	Currency Symbol (ISO 4217)	USD
	Currency Format	$123,456,789.00
	Negative Currency Format	($123,456,789.00)

Formatting:
	Time Format	h:mm:ss tt
	Short Date Format	M/d/yyyy
	Long Date Format	dddd, MMMM dd, yyyy
	Number Format	123,456,789.00
	Negative Number Format	-123,456,789.00
	List Format	first, second, third
	Native Digits	0123456789

Days of Week:
	Native Name for Monday	Monday / Mon
	Native Name for Tuesday	Tuesday / Tue
	Native Name for Wednesday	Wednesday / Wed
	Native Name for Thursday	Thursday / Thu
	Native Name for Friday	Friday / Fri
	Native Name for Saturday	Saturday / Sat
	Native Name for Sunday	Sunday / Sun

Months:
	Native Name for January	January / Jan
	Native Name for February	February / Feb
	Native Name for March	March / Mar
	Native Name for April	April / Apr
	Native Name for May	May / May
	Native Name for June	June / Jun
	Native Name for July	July / Jul
	Native Name for August	August / Aug
	Native Name for September	September / Sep
	Native Name for October	October / Oct
	Native Name for November	November / Nov
	Native Name for December	December / Dec

Miscellaneous:
	Calendar Type	Gregorian (localized)
	Default Paper Size	US Letter
	Measurement System	U.S.

Display Languages:
	LCID 0409h (Active)	English (United States)

Environment


		Variable	Value
		ALLUSERSPROFILE	C:\ProgramData
		APPDATA	C:\Users\huytv\AppData\Roaming
		CommonProgramFiles(x86)	C:\Program Files (x86)\Common Files
		CommonProgramFiles	C:\Program Files (x86)\Common Files
		CommonProgramW6432	C:\Program Files\Common Files
		COMPUTERNAME	HUYTV-PC
		ComSpec	C:\Windows\system32\cmd.exe
		FP_NO_HOST_CHECK	NO
		HOMEDRIVE	C:
		HOMEPATH	\Users\huytv
		LOCALAPPDATA	C:\Users\huytv\AppData\Local
		LOGONSERVER	\\HUYTV-PC
		NUMBER_OF_PROCESSORS	4
		OS	Windows_NT
		Path	C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
		PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
		PROCESSOR_ARCHITECTURE	x86
		PROCESSOR_ARCHITEW6432	AMD64
		PROCESSOR_IDENTIFIER	Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
		PROCESSOR_LEVEL	6
		PROCESSOR_REVISION	2a07
		ProgramData	C:\ProgramData
		ProgramFiles(x86)	C:\Program Files (x86)
		ProgramFiles	C:\Program Files (x86)
		ProgramW6432	C:\Program Files
		PSModulePath	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
		PUBLIC	C:\Users\Public
		SystemDrive	C:
		SystemRoot	C:\Windows
		TEMP	C:\Users\huytv\AppData\Local\Temp
		TMP	C:\Users\huytv\AppData\Local\Temp
		USERDOMAIN	huytv-PC
		USERNAME	huytv
		USERPROFILE	C:\Users\huytv
		windir	C:\Windows
		windows_tracing_flags	3
		windows_tracing_logfile	C:\BVTBin\Tests\installpackage\csilogfile.log

Recycle Bin


Drive	Items Size	Items Count	Space %	Recycle Bin
C:	15743 KB	1	?	?
E:	0	0	?	?
F:	0	0	?	?

System Files


	[ system.ini ]

		; for 16-bit app support
		[386Enh]
		woafont=dosapp.fon
		EGA80WOA.FON=EGA80WOA.FON
		EGA40WOA.FON=EGA40WOA.FON
		CGA80WOA.FON=CGA80WOA.FON
		CGA40WOA.FON=CGA40WOA.FON

		[drivers]
		wave=mmdrv.dll
		timer=timer.drv

		[mci]

	[ win.ini ]

		; for 16-bit app support
		[fonts]
		[extensions]
		[mci extensions]
		[files]
		[Mail]
		MAPI=1
		[MCI Extensions.BAK]
		3g2=MPEGVideo
		3gp=MPEGVideo
		3gp2=MPEGVideo
		3gpp=MPEGVideo
		aac=MPEGVideo
		adt=MPEGVideo
		adts=MPEGVideo
		m2t=MPEGVideo
		m2ts=MPEGVideo
		m2v=MPEGVideo
		m4a=MPEGVideo
		m4v=MPEGVideo
		mod=MPEGVideo
		mov=MPEGVideo
		mp4=MPEGVideo
		mp4v=MPEGVideo
		mts=MPEGVideo
		ts=MPEGVideo
		tts=MPEGVideo

	[ hosts ]



	[ lmhosts.sam ]

System Folders


		System Folder	Path
		Administrative Tools	C:\Users\huytv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
		AppData	C:\Users\huytv\AppData\Roaming
		Cache	C:\Users\huytv\AppData\Local\Microsoft\Windows\Temporary Internet Files
		CD Burning	C:\Users\huytv\AppData\Local\Microsoft\Windows\Burn\Burn
		Common Administrative Tools	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
		Common AppData	C:\ProgramData
		Common Desktop	C:\Users\Public\Desktop
		Common Documents	C:\Users\Public\Documents
		Common Favorites	C:\Users\huytv\Favorites
		Common Files (x86)	C:\Program Files (x86)\Common Files
		Common Files	C:\Program Files (x86)\Common Files
		Common Music	C:\Users\Public\Music
		Common Pictures	C:\Users\Public\Pictures
		Common Programs	C:\ProgramData\Microsoft\Windows\Start Menu\Programs
		Common Start Menu	C:\ProgramData\Microsoft\Windows\Start Menu
		Common Startup	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
		Common Templates	C:\ProgramData\Microsoft\Windows\Templates
		Common Video	C:\Users\Public\Videos
		Cookies	C:\Users\huytv\AppData\Roaming\Microsoft\Windows\Cookies
		Desktop	C:\Users\huytv\Desktop
		Device	C:\Windows\Inf
		Favorites	C:\Users\huytv\Favorites
		Fonts	C:\Windows\Fonts
		History	C:\Users\huytv\AppData\Local\Microsoft\Windows\History
		Local AppData	C:\Users\huytv\AppData\Local
		My Documents	C:\Users\huytv\Documents
		My Music	C:\Users\huytv\Music
		My Pictures	C:\Users\huytv\Pictures
		My Video	C:\Users\huytv\Videos
		NetHood	C:\Users\huytv\AppData\Roaming\Microsoft\Windows\Network Shortcuts
		PrintHood	C:\Users\huytv\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
		Profile	C:\Users\huytv
		Program Files (x86)	C:\Program Files (x86)
		Program Files	C:\Program Files (x86)
		Programs	C:\Users\huytv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
		Recent	C:\Users\huytv\AppData\Roaming\Microsoft\Windows\Recent
		Resources	C:\Windows\resources
		SendTo	C:\Users\huytv\AppData\Roaming\Microsoft\Windows\SendTo
		Start Menu	C:\Users\huytv\AppData\Roaming\Microsoft\Windows\Start Menu
		Startup	C:\Users\huytv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
		System (x86)	C:\Windows\SysWOW64
		System	C:\Windows\system32
		Temp	C:\Users\huytv\AppData\Local\Temp\
		Templates	C:\Users\huytv\AppData\Roaming\Microsoft\Windows\Templates
		Windows	C:\Windows

Event Logs


Log Name	Event Type	Category	Generated On	User	Source	Description
Application	Warning	1	2015-10-07 04:10:50		Windows Search Service	1008: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.
Application	Warning	None	2015-10-07 04:17:06	SYSTEM	Microsoft-Windows-User Profiles Service	1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2283534224-2209397732-517526467-1000: Process 700 (\Device\HarddiskVolume4\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2283534224-2209397732-517526467-1000
Application	Warning	3	2015-10-07 04:18:55		Windows Search Service	3036: The content source <csc://{S-1-5-21-2283534224-2209397732-517526467-1000}/> cannot be accessed. Context: Application, SystemIndex Catalog Details: The URL was already processed during this update. If you received this message while processing alerts, then the alerts are redundant, or else Modify should be used instead of Add. (HRESULT : 0x80040d0d) (0x80040d0d)
Application	Error	None	2015-10-07 04:22:02		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2015-10-07 07:31:51		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2015-10-07 12:13:34		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2015-10-07 12:19:55		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2015-10-07 13:13:04		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2015-10-07 15:40:57		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2015-10-07 18:10:44		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2015-10-09 05:48:18		Microsoft-Windows-CAPI2	4107: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .
Application	Error	None	2015-10-09 05:49:00		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2015-10-10 13:07:31		WinMgmt	10: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Application	Error	None	2015-10-10 13:08:25		Microsoft-Windows-CAPI2	4107: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .
Security	Audit Success	12288	2015-10-07 04:10:49		Microsoft-Windows-Security-Auditing	4616: The system time was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process Information: Process ID: 0x350 Name: C:\Windows\System32\oobe\msoobe.exe Previous Time: 2015-10-07T11:10:49.925818500Z New Time: 2015-10-06T21:10:49.801000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Security	Audit Success	13824	2015-10-07 04:10:49		Microsoft-Windows-Security-Auditing	4720: A user account was created. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 New Account: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Attributes: SAM Account Name: huytv Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 Allowed To Delegate To: - Old UAC Value: 0x0 New UAC Value: 0x15 User Account Control: %%2080 %%2082 %%2084 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges -
Security	Audit Success	13826	2015-10-07 04:10:49		Microsoft-Windows-Security-Auditing	4728: A member was added to a security-enabled global group. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: - Group: Security ID: S-1-5-21-2283534224-2209397732-517526467-513 Group Name: None Group Domain: huytv-PC Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 04:10:49		Microsoft-Windows-Security-Auditing	4732: A member was added to a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: - Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Additional Information: Privileges: -
Security	Audit Success	12544	2015-10-07 04:10:50		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1a0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 04:10:50		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-10-07 04:10:50		Microsoft-Windows-Security-Auditing	4722: A user account was enabled. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC
Security	Audit Success	13824	2015-10-07 04:10:50		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Changed Attributes: SAM Account Name: huytv Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x15 New UAC Value: 0x14 User Account Control: %%2048 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2015-10-07 04:10:50		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Changed Attributes: SAM Account Name: huytv Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x14 New UAC Value: 0x214 User Account Control: %%2089 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2015-10-07 04:10:50		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Changed Attributes: SAM Account Name: huytv Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 10/7/2015 4:10:50 AM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x214 New UAC Value: 0x214 User Account Control: - User Parameters: - SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2015-10-07 04:10:50		Microsoft-Windows-Security-Auditing	4724: An attempt was made to reset an account's password. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC
Security	Audit Success	13826	2015-10-07 04:10:50		Microsoft-Windows-Security-Auditing	4732: A member was added to a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: - Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 04:10:50		Microsoft-Windows-Security-Auditing	4733: A member was removed from a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: - Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Additional Information: Privileges: -
Security	Audit Success	12544	2015-10-07 04:10:51		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: huytv Account Domain: huytv-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-10-07 04:10:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x2c933 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: WIN-TPI17MVV42Q Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 04:10:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x2c974 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2bc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: WIN-TPI17MVV42Q Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 04:10:51		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x2c933 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-07 04:12:41		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1a0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 04:12:41		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12290	2015-10-07 04:13:51		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security	Audit Success	12544	2015-10-07 04:14:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1a0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 04:14:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1a0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 04:14:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 04:14:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-07 04:15:59		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1a0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 04:15:59		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12545	2015-10-07 04:17:06		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x2c974 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	103	2015-10-07 04:17:07		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	13568	2015-10-07 04:17:07		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Wdfres.dll Handle ID: 0x1c Process Information: Process ID: 0x7b4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 04:17:07		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\Wdf01000.mof Handle ID: 0x1c Process Information: Process ID: 0x7b4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 04:17:07		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\WdfLdr.sys Handle ID: 0x1c Process Information: Process ID: 0x7b4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 04:17:07		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\Wdf01000.sys Handle ID: 0x1c Process Information: Process ID: 0x7b4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 04:17:07		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf Handle ID: 0x1c Process Information: Process ID: 0x7b4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 04:17:07		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\en-US\wdf01000.sys.mui Handle ID: 0x1c Process Information: Process ID: 0x7b4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 04:17:07		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\wdfres.dll.mui Handle ID: 0x1c Process Information: Process ID: 0x7b4 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	12288	2015-10-07 04:18:48		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12290	2015-10-07 04:18:48		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security	Audit Success	12292	2015-10-07 04:18:48		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12544	2015-10-07 04:18:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 04:18:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 04:18:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 04:18:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 04:18:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 04:18:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 04:18:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 04:18:48		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: huytv Account Domain: huytv-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x220 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-10-07 04:18:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x142dc Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x220 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 04:18:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x14341 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x220 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 04:18:48		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 04:18:48		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 04:18:48		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 04:18:48		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 04:18:48		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 04:18:48		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 04:18:48		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x142dc Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-10-07 04:18:48		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x8ec6
Security	Audit Success	12292	2015-10-07 04:18:49		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2015-10-07 04:18:49		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x20d6c Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 04:18:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x200 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 04:18:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	103	2015-10-07 04:19:51		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	12545	2015-10-07 04:19:51		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x14341 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12288	2015-10-07 04:20:09		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12290	2015-10-07 04:20:09		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security	Audit Success	12292	2015-10-07 04:20:09		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12544	2015-10-07 04:20:09		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 04:20:09		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x204 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 04:20:09		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x204 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 04:20:09		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x204 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 04:20:09		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x204 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 04:20:09		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x204 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 04:20:09		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x204 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 04:20:09		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: huytv Account Domain: huytv-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-10-07 04:20:09		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x15dde Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 04:20:09		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x15e29 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 04:20:09		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 04:20:09		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 04:20:09		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 04:20:09		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 04:20:09		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 04:20:09		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 04:20:09		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x15dde Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-10-07 04:20:09		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x8d27
Security	Audit Success	12292	2015-10-07 04:20:10		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2015-10-07 04:20:10		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1f8be Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 04:20:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x204 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 04:20:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-07 04:22:10		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x204 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 04:22:10		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-07 04:22:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x204 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 04:22:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-07 04:23:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x204 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 04:23:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x204 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 04:23:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 04:23:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-10-07 04:23:17		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xf3c Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x88334
Security	Audit Success	13568	2015-10-07 04:23:17		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xf3c Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x88334
Security	Audit Success	12288	2015-10-07 06:44:23		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12544	2015-10-07 06:44:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 06:44:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x228 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 06:44:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x228 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 06:44:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x228 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 06:44:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x228 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 06:44:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x228 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 06:44:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 06:44:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 06:44:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 06:44:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 06:44:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-10-07 06:44:23		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x852a
Security	Audit Success	12290	2015-10-07 06:44:24		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security	Audit Success	12292	2015-10-07 06:44:24		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12292	2015-10-07 06:44:24		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2015-10-07 06:44:24		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: huytv Account Domain: huytv-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x240 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-10-07 06:44:24		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x148cc Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x240 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 06:44:24		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x14918 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x240 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 06:44:24		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x228 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 06:44:24		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x20a97 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 06:44:24		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x148cc Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 06:44:24		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-07 06:44:30		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x228 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 06:44:30		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12545	2015-10-07 06:44:37		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x14918 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	103	2015-10-07 06:44:38		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	12288	2015-10-07 07:29:57		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12544	2015-10-07 07:29:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 07:29:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 07:29:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 07:29:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 07:29:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 07:29:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 07:29:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 07:29:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 07:29:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 07:29:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 07:29:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-10-07 07:29:57		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x862e
Security	Audit Success	12290	2015-10-07 07:29:58		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security	Audit Success	12292	2015-10-07 07:29:58		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12292	2015-10-07 07:29:58		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2015-10-07 07:29:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 07:29:58		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: huytv Account Domain: huytv-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-10-07 07:29:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x14e68 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 07:29:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x14ee5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 07:29:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1fdce Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 07:29:58		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 07:29:58		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x14e68 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-07 07:30:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 07:30:04		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-07 07:31:59		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 07:31:59		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-07 07:34:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-10-07 07:34:53		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x14ee5 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12548	2015-10-07 07:34:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	103	2015-10-07 07:34:54		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	12288	2015-10-07 11:23:26		Microsoft-Windows-Security-Auditing	4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x1e0 Name: C:\Windows\System32\svchost.exe Previous Time: 2015-10-06T21:23:25.979218300Z New Time: 2015-10-07T04:23:26.736485300Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Security	Audit Success	12288	2015-10-07 11:23:26		Microsoft-Windows-Security-Auditing	4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x1e0 Name: C:\Windows\System32\svchost.exe Previous Time: 2015-10-07T04:23:26.739485300Z New Time: 2015-10-07T04:23:26.739000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Security	Audit Success	12288	2015-10-07 11:23:26		Microsoft-Windows-Security-Auditing	4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x1e0 Name: C:\Windows\System32\svchost.exe Previous Time: 2015-10-07T04:23:26.743000200Z New Time: 2015-10-07T04:23:26.743000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Security	Audit Success	12544	2015-10-07 11:28:26		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x204 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-10-07 11:28:26		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x15e29 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12548	2015-10-07 11:28:26		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-10-07 11:28:28		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuaueng.dll Handle ID: 0x1c Process Information: Process ID: 0x9e0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 11:28:28		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wups2.dll Handle ID: 0x1c Process Information: Process ID: 0x9e0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 11:28:28		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuauclt.exe Handle ID: 0x1c Process Information: Process ID: 0x9e0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 11:28:28		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wucltux.dll Handle ID: 0x1c Process Information: Process ID: 0x9e0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 11:28:28		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\wuaueng.dll.mui Handle ID: 0x1c Process Information: Process ID: 0x9e0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 11:28:28		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\wucltux.dll.mui Handle ID: 0x1c Process Information: Process ID: 0x9e0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 11:28:28		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuapp.exe Handle ID: 0x1c Process Information: Process ID: 0x9e0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 11:28:28		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuwebv.dll Handle ID: 0x1c Process Information: Process ID: 0x9e0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 11:28:28		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wuapp.exe Handle ID: 0x1c Process Information: Process ID: 0x9e0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 11:28:28		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wuwebv.dll Handle ID: 0x1c Process Information: Process ID: 0x9e0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 11:28:28		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wups.dll Handle ID: 0x1c Process Information: Process ID: 0x9e0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 11:28:28		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wudriver.dll Handle ID: 0x1c Process Information: Process ID: 0x9e0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 11:28:28		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuapi.dll Handle ID: 0x1c Process Information: Process ID: 0x9e0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 11:28:28		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\wuapi.dll.mui Handle ID: 0x1c Process Information: Process ID: 0x9e0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 11:28:28		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wups.dll Handle ID: 0x1c Process Information: Process ID: 0x9e0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 11:28:28		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wudriver.dll Handle ID: 0x1c Process Information: Process ID: 0x9e0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 11:28:28		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wuapi.dll Handle ID: 0x1c Process Information: Process ID: 0x9e0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	13568	2015-10-07 11:28:28		Microsoft-Windows-Security-Auditing	4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\en-US\wuapi.dll.mui Handle ID: 0x1c Process Information: Process ID: 0x9e0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Security	Audit Success	103	2015-10-07 11:28:29		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	12288	2015-10-07 12:11:40		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12544	2015-10-07 12:11:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:11:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 12:11:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-10-07 12:11:40		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x8713
Security	Audit Success	12290	2015-10-07 12:11:41		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security	Audit Success	12292	2015-10-07 12:11:41		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12292	2015-10-07 12:11:41		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2015-10-07 12:11:41		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:11:41		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:11:41		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:11:41		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:11:41		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:11:41		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: huytv Account Domain: huytv-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-10-07 12:11:41		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x16250 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:11:41		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x162c5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:11:41		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x20430 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 12:11:41		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 12:11:41		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 12:11:41		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 12:11:41		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 12:11:41		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 12:11:41		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x16250 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-07 12:11:47		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 12:11:47		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-07 12:13:42		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 12:13:42		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-07 12:14:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 12:14:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12288	2015-10-07 12:18:02		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12290	2015-10-07 12:18:02		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security	Audit Success	12544	2015-10-07 12:18:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:18:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:18:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:18:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:18:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:18:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:18:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 12:18:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 12:18:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 12:18:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 12:18:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 12:18:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 12:18:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-10-07 12:18:02		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x8e40
Security	Audit Success	12292	2015-10-07 12:18:03		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12292	2015-10-07 12:18:03		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2015-10-07 12:18:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:18:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x191ba Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:18:03		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: huytv Account Domain: huytv-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-10-07 12:18:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x1e912 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:18:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x1e977 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 12:18:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 12:18:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x1e912 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-07 12:18:10		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 12:18:10		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-07 12:20:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 12:20:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	103	2015-10-07 12:23:15		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	12545	2015-10-07 12:23:15		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x1e977 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	103	2015-10-07 12:26:56		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	12544	2015-10-07 12:26:56		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-10-07 12:26:56		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x162c5 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12548	2015-10-07 12:26:56		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12288	2015-10-07 12:42:46		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12290	2015-10-07 12:42:46		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security	Audit Success	12292	2015-10-07 12:42:46		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12292	2015-10-07 12:42:46		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2015-10-07 12:42:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:42:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:42:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:42:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:42:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:42:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:42:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:42:46		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: huytv Account Domain: huytv-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-10-07 12:42:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x15417 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:42:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x154a4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 12:42:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 12:42:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 12:42:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 12:42:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 12:42:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 12:42:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 12:42:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x15417 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-10-07 12:42:46		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x8ce3
Security	Audit Success	12544	2015-10-07 12:42:47		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x20955 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 12:42:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 12:42:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	103	2015-10-07 12:43:14		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	12545	2015-10-07 12:43:14		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x154a4 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12288	2015-10-07 13:11:11		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12290	2015-10-07 13:11:11		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security	Audit Success	12544	2015-10-07 13:11:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 13:11:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 13:11:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 13:11:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 13:11:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 13:11:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 13:11:11		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 13:11:11		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 13:11:11		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 13:11:11		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 13:11:11		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-10-07 13:11:11		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x8bf1
Security	Audit Success	12292	2015-10-07 13:11:12		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12292	2015-10-07 13:11:12		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2015-10-07 13:11:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 13:11:12		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: huytv Account Domain: huytv-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-10-07 13:11:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x1594b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 13:11:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x15991 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 13:11:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x209f7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 13:11:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 13:11:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x1594b Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-07 13:11:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 13:11:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-07 13:13:13		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 13:13:13		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-07 13:29:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 13:29:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-07 13:36:05		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: huytv Account Domain: huytv-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-10-07 13:36:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 7 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x1270d0 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 13:36:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 7 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x1270de Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-10-07 13:36:05		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x1270de Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-10-07 13:36:05		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x1270d0 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-10-07 13:36:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x1270d0 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12545	2015-10-07 13:41:16		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x15991 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	103	2015-10-07 13:41:17		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	12288	2015-10-07 15:39:03		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12290	2015-10-07 15:39:03		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security	Audit Success	12544	2015-10-07 15:39:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 15:39:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 15:39:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 15:39:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 15:39:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 15:39:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 15:39:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 15:39:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 15:39:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 15:39:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 15:39:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-10-07 15:39:03		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x860b
Security	Audit Success	12292	2015-10-07 15:39:04		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12292	2015-10-07 15:39:04		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2015-10-07 15:39:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 15:39:04		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: huytv Account Domain: huytv-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-10-07 15:39:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x148bd Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 15:39:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x14918 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 15:39:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x20150 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 15:39:04		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 15:39:04		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x148bd Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-07 15:39:10		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 15:39:10		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-07 15:41:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 15:41:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	103	2015-10-07 16:10:37		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	12544	2015-10-07 16:10:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-10-07 16:10:37		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x14918 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12548	2015-10-07 16:10:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12288	2015-10-07 16:21:42		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12290	2015-10-07 16:21:42		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security	Audit Success	12544	2015-10-07 16:21:42		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 16:21:42		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 16:21:42		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 16:21:42		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 16:21:42		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 16:21:42		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 16:21:42		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 16:21:42		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 16:21:42		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 16:21:42		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 16:21:42		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-10-07 16:21:42		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x86f3
Security	Audit Success	12292	2015-10-07 16:21:43		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12292	2015-10-07 16:21:43		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2015-10-07 16:21:43		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 16:21:43		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: huytv Account Domain: huytv-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-10-07 16:21:43		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x14d0a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 16:21:43		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x14d59 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 16:21:43		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x2001d Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 16:21:43		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 16:21:43		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x14d0a Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-07 16:21:49		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 16:21:49		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	103	2015-10-07 16:21:57		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	12545	2015-10-07 16:21:57		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x14d59 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12288	2015-10-07 18:06:55		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12544	2015-10-07 18:06:55		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: 37L4247F27-25$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x198 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 18:06:55		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 18:06:55		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-10-07 18:06:55		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x31781
Security	Audit Success	13826	2015-10-07 18:06:55		Microsoft-Windows-Security-Auditing	4731: A security-enabled local group was created. Subject: Security ID: S-1-5-18 Account Name: 37L4247F27-25$ Account Domain: WORKGROUP Logon ID: 0x3e7 New Group: Security ID: S-1-5-32-556 Group Name: Network Configuration Operators Group Domain: Builtin Attributes: SAM Account Name: Network Configuration Operators SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:06:55		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: 37L4247F27-25$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-556 Group Name: Network Configuration Operators Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:06:55		Microsoft-Windows-Security-Auditing	4731: A security-enabled local group was created. Subject: Security ID: S-1-5-18 Account Name: 37L4247F27-25$ Account Domain: WORKGROUP Logon ID: 0x3e7 New Group: Security ID: S-1-5-32-547 Group Name: Power Users Group Domain: Builtin Attributes: SAM Account Name: Power Users SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:06:55		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: 37L4247F27-25$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-547 Group Name: Power Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:06:55		Microsoft-Windows-Security-Auditing	4731: A security-enabled local group was created. Subject: Security ID: S-1-5-18 Account Name: 37L4247F27-25$ Account Domain: WORKGROUP Logon ID: 0x3e7 New Group: Security ID: S-1-5-32-569 Group Name: Cryptographic Operators Group Domain: Builtin Attributes: SAM Account Name: Cryptographic Operators SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:06:55		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: 37L4247F27-25$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-569 Group Name: Cryptographic Operators Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:06:55		Microsoft-Windows-Security-Auditing	4731: A security-enabled local group was created. Subject: Security ID: S-1-5-18 Account Name: 37L4247F27-25$ Account Domain: WORKGROUP Logon ID: 0x3e7 New Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Attributes: SAM Account Name: Backup Operators SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:06:55		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: 37L4247F27-25$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:06:55		Microsoft-Windows-Security-Auditing	4731: A security-enabled local group was created. Subject: Security ID: S-1-5-18 Account Name: 37L4247F27-25$ Account Domain: WORKGROUP Logon ID: 0x3e7 New Group: Security ID: S-1-5-32-552 Group Name: Replicator Group Domain: Builtin Attributes: SAM Account Name: Replicator SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:06:55		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: 37L4247F27-25$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-552 Group Name: Replicator Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:06:55		Microsoft-Windows-Security-Auditing	4731: A security-enabled local group was created. Subject: Security ID: S-1-5-18 Account Name: 37L4247F27-25$ Account Domain: WORKGROUP Logon ID: 0x3e7 New Group: Security ID: S-1-5-32-555 Group Name: Remote Desktop Users Group Domain: Builtin Attributes: SAM Account Name: Remote Desktop Users SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:06:55		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: 37L4247F27-25$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-555 Group Name: Remote Desktop Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-10-07 18:06:56		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: 37L4247F27-25$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x198 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 18:06:56		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12292	2015-10-07 18:07:01		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12544	2015-10-07 18:07:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: 37L4247F27-25$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x198 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 18:07:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: 37L4247F27-25$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x198 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 18:07:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: 37L4247F27-25$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x198 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 18:07:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: 37L4247F27-25$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x198 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 18:07:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: 37L4247F27-25$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x198 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 18:07:01		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 18:07:01		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 18:07:01		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 18:07:01		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 18:07:01		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12292	2015-10-07 18:07:02		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2015-10-07 18:07:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x4095f Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	13824	2015-10-07 18:07:58		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: 37L4247F27-25$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2283534224-2209397732-517526467-500 Account Name: Administrator Account Domain: 37L4247F27-25 Changed Attributes: SAM Account Name: - Display Name: - User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: 0x211 New UAC Value: 0x211 User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-10-07 18:08:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: 37L4247F27-25$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x198 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 18:08:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: 37L4247F27-25$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x198 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 18:08:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 18:08:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	103	2015-10-07 18:08:20		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	12288	2015-10-07 18:08:53		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12544	2015-10-07 18:08:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 18:08:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1a0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 18:08:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1a0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 18:08:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 18:08:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-10-07 18:08:53		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x89b9
Security	Audit Success	12544	2015-10-07 18:08:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1a0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 18:08:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1a0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 18:08:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1a0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 18:08:58		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 18:08:58		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-07 18:08:58		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-07 18:10:38		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1a0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 18:10:38		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12292	2015-10-07 18:10:39		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12292	2015-10-07 18:10:39		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2015-10-07 18:10:39		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1a0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-07 18:10:39		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x214fb Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-07 18:10:39		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2283534224-2209397732-517526467-500 Account Name: Administrator Account Domain: huytv-PC Changed Attributes: SAM Account Name: Administrator Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 11/20/2010 8:57:24 PM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x211 New UAC Value: 0x211 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2283534224-2209397732-517526467-500 Account Name: Administrator Account Domain: huytv-PC Changed Attributes: SAM Account Name: Administrator Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 11/20/2010 8:57:24 PM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x211 New UAC Value: 0x211 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2283534224-2209397732-517526467-501 Account Name: Guest Account Domain: huytv-PC Changed Attributes: SAM Account Name: Guest Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x215 New UAC Value: 0x215 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2283534224-2209397732-517526467-501 Account Name: Guest Account Domain: huytv-PC Changed Attributes: SAM Account Name: Guest Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x215 New UAC Value: 0x215 User Account Control: - User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
Security	Audit Success	13824	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-544 Account Domain: Builtin Old Account Name: Administrators New Account Name: Administrators Additional Information: Privileges: -
Security	Audit Success	13824	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-545 Account Domain: Builtin Old Account Name: Users New Account Name: Users Additional Information: Privileges: -
Security	Audit Success	13824	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-546 Account Domain: Builtin Old Account Name: Guests New Account Name: Guests Additional Information: Privileges: -
Security	Audit Success	13824	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-551 Account Domain: Builtin Old Account Name: Backup Operators New Account Name: Backup Operators Additional Information: Privileges: -
Security	Audit Success	13824	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-552 Account Domain: Builtin Old Account Name: Replicator New Account Name: Replicator Additional Information: Privileges: -
Security	Audit Success	13824	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-555 Account Domain: Builtin Old Account Name: Remote Desktop Users New Account Name: Remote Desktop Users Additional Information: Privileges: -
Security	Audit Success	13824	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-556 Account Domain: Builtin Old Account Name: Network Configuration Operators New Account Name: Network Configuration Operators Additional Information: Privileges: -
Security	Audit Success	13824	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-547 Account Domain: Builtin Old Account Name: Power Users New Account Name: Power Users Additional Information: Privileges: -
Security	Audit Success	13824	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-558 Account Domain: Builtin Old Account Name: Performance Monitor Users New Account Name: Performance Monitor Users Additional Information: Privileges: -
Security	Audit Success	13824	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-559 Account Domain: Builtin Old Account Name: Performance Log Users New Account Name: Performance Log Users Additional Information: Privileges: -
Security	Audit Success	13824	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-562 Account Domain: Builtin Old Account Name: Distributed COM Users New Account Name: Distributed COM Users Additional Information: Privileges: -
Security	Audit Success	13824	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-568 Account Domain: Builtin Old Account Name: IIS_IUSRS New Account Name: IIS_IUSRS Additional Information: Privileges: -
Security	Audit Success	13824	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-569 Account Domain: Builtin Old Account Name: Cryptographic Operators New Account Name: Cryptographic Operators Additional Information: Privileges: -
Security	Audit Success	13824	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4781: The name of an account was changed: Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-32-573 Account Domain: Builtin Old Account Name: Event Log Readers New Account Name: Event Log Readers Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Changed Attributes: SAM Account Name: Event Log Readers SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Changed Attributes: SAM Account Name: Administrators SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Changed Attributes: SAM Account Name: Users SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Changed Attributes: SAM Account Name: Guests SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Changed Attributes: SAM Account Name: Backup Operators SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-552 Group Name: Replicator Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-552 Group Name: Replicator Group Domain: Builtin Changed Attributes: SAM Account Name: Replicator SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-555 Group Name: Remote Desktop Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-555 Group Name: Remote Desktop Users Group Domain: Builtin Changed Attributes: SAM Account Name: Remote Desktop Users SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-556 Group Name: Network Configuration Operators Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-556 Group Name: Network Configuration Operators Group Domain: Builtin Changed Attributes: SAM Account Name: Network Configuration Operators SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-547 Group Name: Power Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-547 Group Name: Power Users Group Domain: Builtin Changed Attributes: SAM Account Name: Power Users SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Changed Attributes: SAM Account Name: Performance Monitor Users SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Changed Attributes: SAM Account Name: Performance Log Users SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Changed Attributes: SAM Account Name: Distributed COM Users SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Changed Attributes: SAM Account Name: IIS_IUSRS SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-569 Group Name: Cryptographic Operators Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-569 Group Name: Cryptographic Operators Group Domain: Builtin Changed Attributes: SAM Account Name: Cryptographic Operators SID History: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-10-07 18:10:43		Microsoft-Windows-Security-Auditing	4735: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-TPI17MVV42Q$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: -
Security	Audit Success	12288	2015-10-08 03:22:17		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12290	2015-10-08 03:22:17		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security	Audit Success	12544	2015-10-08 03:22:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-08 03:22:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-08 03:22:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-08 03:22:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-08 03:22:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-08 03:22:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-08 03:22:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-08 03:22:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-08 03:22:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-08 03:22:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-08 03:22:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-10-08 03:22:17		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x8703
Security	Audit Success	12292	2015-10-08 03:22:18		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12292	2015-10-08 03:22:18		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2015-10-08 03:22:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-08 03:22:18		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: huytv Account Domain: huytv-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-10-08 03:22:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x14b30 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-08 03:22:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x14bb4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-08 03:22:18		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x20564 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-08 03:22:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-08 03:22:18		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x14b30 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-08 03:22:24		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-08 03:22:24		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	103	2015-10-08 03:23:04		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	12545	2015-10-08 03:23:04		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x14bb4 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12288	2015-10-08 14:02:12		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12544	2015-10-08 14:02:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-08 14:02:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-08 14:02:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-08 14:02:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-08 14:02:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-08 14:02:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-08 14:02:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-10-08 14:02:12		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x85f3
Security	Audit Success	12290	2015-10-08 14:02:13		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security	Audit Success	12292	2015-10-08 14:02:13		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12292	2015-10-08 14:02:13		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2015-10-08 14:02:13		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-08 14:02:13		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-08 14:02:13		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-08 14:02:13		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: huytv Account Domain: huytv-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-10-08 14:02:13		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x1bdf7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-08 14:02:13		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x1bed7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-08 14:02:13		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1ee46 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-08 14:02:13		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-08 14:02:13		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-08 14:02:13		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-08 14:02:13		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x1bdf7 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-08 14:02:20		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-08 14:02:20		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	103	2015-10-08 14:02:26		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	12545	2015-10-08 14:02:26		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x1bed7 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12288	2015-10-09 00:16:53		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12544	2015-10-09 00:16:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 00:16:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-09 00:16:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-10-09 00:16:53		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x896d
Security	Audit Success	12290	2015-10-09 00:16:54		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security	Audit Success	12292	2015-10-09 00:16:54		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12292	2015-10-09 00:16:54		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2015-10-09 00:16:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 00:16:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 00:16:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 00:16:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 00:16:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 00:16:54		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: huytv Account Domain: huytv-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-10-09 00:16:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x164f5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 00:16:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x165c9 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-09 00:16:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-09 00:16:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-09 00:16:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-09 00:16:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-09 00:16:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-09 00:16:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x164f5 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-09 00:16:55		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1ec8b Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 00:17:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-09 00:17:01		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	103	2015-10-09 00:17:10		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	12545	2015-10-09 00:17:10		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x165c9 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12288	2015-10-09 04:50:16		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12290	2015-10-09 04:50:16		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security	Audit Success	12544	2015-10-09 04:50:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 04:50:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 04:50:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 04:50:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 04:50:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 04:50:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-09 04:50:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-09 04:50:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-09 04:50:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-09 04:50:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-09 04:50:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-10-09 04:50:16		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x84a5
Security	Audit Success	12292	2015-10-09 04:50:17		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12292	2015-10-09 04:50:17		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2015-10-09 04:50:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 04:50:17		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: huytv Account Domain: huytv-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x338 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-10-09 04:50:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x16d00 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x338 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 04:50:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x16da6 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x338 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 04:50:17		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x1ec76 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-09 04:50:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-09 04:50:17		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x16d00 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-09 04:50:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-09 04:50:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	103	2015-10-09 04:50:31		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	12545	2015-10-09 04:50:31		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x16da6 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12288	2015-10-09 05:47:04		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12544	2015-10-09 05:47:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 05:47:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 05:47:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 05:47:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 05:47:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 05:47:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-09 05:47:04		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-09 05:47:04		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-09 05:47:04		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-09 05:47:04		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-09 05:47:04		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-10-09 05:47:04		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x8978
Security	Audit Success	12290	2015-10-09 05:47:05		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security	Audit Success	12292	2015-10-09 05:47:05		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12292	2015-10-09 05:47:05		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2015-10-09 05:47:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 05:47:05		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: huytv Account Domain: huytv-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-10-09 05:47:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x14255 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 05:47:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x14292 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x26c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 05:47:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x20d95 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-09 05:47:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-09 05:47:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x14255 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-09 05:47:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-09 05:47:11		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-09 05:49:10		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-09 05:49:10		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-09 05:50:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x218 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-09 05:50:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12545	2015-10-09 05:52:50		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x14292 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	103	2015-10-09 05:52:55		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	12288	2015-10-09 11:26:05		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12290	2015-10-09 11:26:05		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security	Audit Success	12292	2015-10-09 11:26:05		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12544	2015-10-09 11:26:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 11:26:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 11:26:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 11:26:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 11:26:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 11:26:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 11:26:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 11:26:05		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: huytv Account Domain: huytv-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-10-09 11:26:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x172db Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 11:26:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x1734a Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-09 11:26:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-09 11:26:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-09 11:26:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-09 11:26:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-09 11:26:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-09 11:26:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-09 11:26:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x172db Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-10-09 11:26:05		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x88ff
Security	Audit Success	12292	2015-10-09 11:26:06		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2015-10-09 11:26:06		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x22b58 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-09 11:26:12		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-09 11:26:12		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12545	2015-10-09 11:26:23		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x1734a This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	103	2015-10-09 11:26:24		Microsoft-Windows-Eventlog	1100: The event logging service has shut down.
Security	Audit Success	12288	2015-10-10 13:05:37		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12290	2015-10-10 13:05:37		Microsoft-Windows-Security-Auditing	5056: A cryptographic self test was performed. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Module: ncrypt.dll Return Code: 0x0
Security	Audit Success	12544	2015-10-10 13:05:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-10 13:05:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-10 13:05:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-10 13:05:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-10 13:05:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-10 13:05:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-10 13:05:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-10 13:05:37		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: huytv Account Domain: huytv-PC Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-10-10 13:05:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x156fd Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-10 13:05:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 New Logon: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x15797 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: HUYTV-PC Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-10 13:05:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-10 13:05:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-10 13:05:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-10 13:05:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-10 13:05:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-10 13:05:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-10 13:05:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2283534224-2209397732-517526467-1000 Account Name: huytv Account Domain: huytv-PC Logon ID: 0x156fd Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-10-10 13:05:37		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x884a
Security	Audit Success	12292	2015-10-10 13:05:38		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12292	2015-10-10 13:05:38		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2015-10-10 13:05:38		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x21e49 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-10 13:05:44		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-10 13:05:44		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-10 13:07:39		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-10 13:07:39		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-10 13:12:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-10 13:12:04		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-10-10 13:14:08		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-10-10 13:14:08		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x224 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-10-10 13:14:08		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-10-10 13:14:08		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-10-10 13:14:13		Microsoft-Windows-Security-Auditing	4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xd04 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0xc9105
Security	Audit Success	13568	2015-10-10 13:14:13		Microsoft-Windows-Security-Auditing	4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: HUYTV-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xd04 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0xc9105
System	Warning	None	2015-10-07 04:14:05		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-07 04:14:09		BTHUSB	17: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System	Warning	None	2015-10-07 04:14:09		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Warning	None	2015-10-07 04:14:13		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-07 04:14:17		BTHUSB	17: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System	Warning	None	2015-10-07 04:14:17		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Warning	None	2015-10-07 04:17:08	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: WLAN AutoConfig service has successfully stopped.
System	Warning	None	2015-10-07 04:17:37		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Warning	None	2015-10-07 04:17:41		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-07 04:18:48		EventLog	6008: The previous system shutdown at 4:17:33 AM on ?10/?7/?2015 was unexpected.
System	Warning	None	2015-10-07 04:18:51		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-07 04:18:55		BTHUSB	17: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System	Warning	None	2015-10-07 04:18:55		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Warning	None	2015-10-07 04:19:51	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: WLAN AutoConfig service has successfully stopped.
System	Warning	None	2015-10-07 04:20:12		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-07 04:20:16		BTHUSB	17: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System	Warning	None	2015-10-07 04:20:16		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Warning	None	2015-10-07 06:44:27		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-07 06:44:31		BTHUSB	17: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System	Warning	None	2015-10-07 06:44:31		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Warning	None	2015-10-07 06:44:38	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: WLAN AutoConfig service has successfully stopped.
System	Warning	None	2015-10-07 07:30:01		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-07 07:30:05		BTHUSB	17: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System	Warning	None	2015-10-07 07:30:05		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Warning	None	2015-10-07 07:34:55	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: WLAN AutoConfig service has successfully stopped.
System	Error	1	2015-10-07 11:23:33	SYSTEM	Microsoft-Windows-WindowsUpdateClient	20: Installation Failure: Windows failed to install the following update with error 0x8024d00e: Windows Update Core.
System	Warning	None	2015-10-07 11:28:29	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: WLAN AutoConfig service has successfully stopped.
System	Warning	None	2015-10-07 12:11:44		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-07 12:11:48		BTHUSB	17: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System	Warning	None	2015-10-07 12:11:48		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-07 12:18:03		Service Control Manager	7026: The following boot-start or system-start driver(s) failed to load: cdrom
System	Warning	None	2015-10-07 12:18:05		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-07 12:18:09		BTHUSB	17: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System	Warning	None	2015-10-07 12:18:09		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Warning	None	2015-10-07 12:23:16	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: WLAN AutoConfig service has successfully stopped.
System	Warning	None	2015-10-07 12:26:57	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: WLAN AutoConfig service has successfully stopped.
System	Warning	None	2015-10-07 12:42:49		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-07 12:42:53		BTHUSB	17: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System	Warning	None	2015-10-07 12:42:53		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Warning	None	2015-10-07 12:43:15	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: WLAN AutoConfig service has successfully stopped.
System	Warning	None	2015-10-07 13:11:15		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-07 13:11:19		BTHUSB	17: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System	Warning	None	2015-10-07 13:11:19		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Warning	None	2015-10-07 13:25:31	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
System	Warning	None	2015-10-07 13:25:41	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name coccoc.com timed out after none of the configured DNS servers responded.
System	Warning	None	2015-10-07 13:25:46	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
System	Warning	None	2015-10-07 13:25:47	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name searcher.qc.coccoc.com timed out after none of the configured DNS servers responded.
System	Warning	None	2015-10-07 13:41:17	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: WLAN AutoConfig service has successfully stopped.
System	Warning	None	2015-10-07 15:39:07		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-07 15:39:11		BTHUSB	17: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System	Warning	None	2015-10-07 15:39:11		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Warning	None	2015-10-07 16:00:55	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name twitter.com timed out after none of the configured DNS servers responded.
System	Warning	None	2015-10-07 16:10:38	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: WLAN AutoConfig service has successfully stopped.
System	Warning	None	2015-10-07 16:21:46		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-07 16:21:50		BTHUSB	17: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System	Warning	None	2015-10-07 16:21:50		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Warning	None	2015-10-07 16:21:58	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: WLAN AutoConfig service has successfully stopped.
System	Warning	None	2015-10-07 18:07:56		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-07 18:08:00		BTHUSB	17: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System	Warning	None	2015-10-07 18:08:00		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Warning	None	2015-10-07 18:08:54		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-07 18:08:58		BTHUSB	17: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System	Warning	None	2015-10-07 18:08:58		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Warning	None	2015-10-08 03:22:21		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-08 03:22:25		BTHUSB	17: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System	Warning	None	2015-10-08 03:22:25		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Warning	None	2015-10-08 03:23:04	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: WLAN AutoConfig service has successfully stopped.
System	Warning	None	2015-10-08 14:02:16		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-08 14:02:20		BTHUSB	17: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System	Warning	None	2015-10-08 14:02:20		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Warning	None	2015-10-08 14:02:27	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: WLAN AutoConfig service has successfully stopped.
System	Warning	None	2015-10-09 00:16:57		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-09 00:17:01		BTHUSB	17: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System	Warning	None	2015-10-09 00:17:01		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Warning	None	2015-10-09 00:17:11	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: WLAN AutoConfig service has successfully stopped.
System	Warning	None	2015-10-09 04:50:20		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-09 04:50:24		BTHUSB	17: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System	Warning	None	2015-10-09 04:50:24		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Warning	None	2015-10-09 04:50:32	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: WLAN AutoConfig service has successfully stopped.
System	Warning	None	2015-10-09 05:47:08		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-09 05:47:12		BTHUSB	17: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System	Warning	None	2015-10-09 05:47:12		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Warning	None	2015-10-09 05:52:55	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: WLAN AutoConfig service has successfully stopped.
System	Warning	None	2015-10-09 11:26:08		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-09 11:26:12		BTHUSB	17: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System	Warning	None	2015-10-09 11:26:12		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Warning	None	2015-10-09 11:26:24	SYSTEM	Microsoft-Windows-WLAN-AutoConfig	4001: WLAN AutoConfig service has successfully stopped.
System	Warning	None	2015-10-10 13:05:40		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Error	None	2015-10-10 13:05:44		BTHUSB	17: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
System	Warning	None	2015-10-10 13:05:44		BTHUSB	3: A command sent to the adapter has timed out. The adapter did not respond.
System	Warning	2	2015-10-10 13:08:37	SYSTEM	Microsoft-Windows-WindowsUpdateClient	16: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
System	Warning	None	2015-10-10 13:20:06	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name vi-vn.facebook.com timed out after none of the configured DNS servers responded.

Database Software


Database Drivers:
	Borland Database Engine	-
	Borland InterBase Client	-
	Easysoft ODBC-InterBase 6	-
	Easysoft ODBC-InterBase 7	-
	Firebird Client	-
	Jet Engine	4.00.9756.0
	MDAC	6.1.7601.17514 (win7sp1_rtm.101119-1850)
	ODBC	6.1.7601.17514 (win7sp1_rtm.101119-1850)
	MySQL Connector/ODBC	-
	Oracle Client	-
	PsqlODBC	-
	Sybase ASE ODBC	-

Database Servers:
	Borland InterBase Server	-
	Firebird Server	-
	Microsoft SQL Server	-
	Microsoft SQL Server Compact Edition	-
	Microsoft SQL Server Express Edition	-
	MySQL Server	-
	Oracle Server	-
	PostgreSQL Server	-
	Sybase SQL Server	-

ODBC Drivers


Driver Description	File Name	Version	File Extensions Supported
Driver da Microsoft para arquivos texto (.txt; .csv)	odbcjt32.dll	6.1.7601.17514 (win7sp1_rtm.101119-1850)	.,.asc,.csv,.tab,.txt,.csv
Driver do Microsoft Access (*.mdb)	odbcjt32.dll	6.1.7601.17514 (win7sp1_rtm.101119-1850)	*.mdb
Driver do Microsoft dBase (*.dbf)	odbcjt32.dll	6.1.7601.17514 (win7sp1_rtm.101119-1850)	.dbf,.ndx,*.mdx
Driver do Microsoft Excel(*.xls)	odbcjt32.dll	6.1.7601.17514 (win7sp1_rtm.101119-1850)	*.xls
Driver do Microsoft Paradox (*.db )	odbcjt32.dll	6.1.7601.17514 (win7sp1_rtm.101119-1850)	*.db
Driver para o Microsoft Visual FoxPro	vfpodbc.dll	1.0.2.0	.dbf,.cdx,.idx,.fpt
Microsoft Access Driver (*.mdb)	odbcjt32.dll	6.1.7601.17514 (win7sp1_rtm.101119-1850)	*.mdb
Microsoft Access-Treiber (*.mdb)	odbcjt32.dll	6.1.7601.17514 (win7sp1_rtm.101119-1850)	*.mdb
Microsoft dBase Driver (*.dbf)	odbcjt32.dll	6.1.7601.17514 (win7sp1_rtm.101119-1850)	.dbf,.ndx,*.mdx
Microsoft dBase VFP Driver (*.dbf)	vfpodbc.dll	1.0.2.0	.dbf,.cdx,.idx,.fpt
Microsoft dBase-Treiber (*.dbf)	odbcjt32.dll	6.1.7601.17514 (win7sp1_rtm.101119-1850)	.dbf,.ndx,*.mdx
Microsoft Excel Driver (*.xls)	odbcjt32.dll	6.1.7601.17514 (win7sp1_rtm.101119-1850)	*.xls
Microsoft Excel-Treiber (*.xls)	odbcjt32.dll	6.1.7601.17514 (win7sp1_rtm.101119-1850)	*.xls
Microsoft FoxPro VFP Driver (*.dbf)	vfpodbc.dll	1.0.2.0	.dbf,.cdx,.idx,.fpt
Microsoft ODBC for Oracle	msorcl32.dll	6.1.7601.17514 (win7sp1_rtm.101119-1850)
Microsoft Paradox Driver (*.db )	odbcjt32.dll	6.1.7601.17514 (win7sp1_rtm.101119-1850)	*.db
Microsoft Paradox-Treiber (*.db )	odbcjt32.dll	6.1.7601.17514 (win7sp1_rtm.101119-1850)	*.db
Microsoft Text Driver (.txt; .csv)	odbcjt32.dll	6.1.7601.17514 (win7sp1_rtm.101119-1850)	.,.asc,.csv,.tab,.txt,.csv
Microsoft Text-Treiber (.txt; .csv)	odbcjt32.dll	6.1.7601.17514 (win7sp1_rtm.101119-1850)	.,.asc,.csv,.tab,.txt,.csv
Microsoft Visual FoxPro Driver	vfpodbc.dll	1.0.2.0	.dbf,.cdx,.idx,.fpt
Microsoft Visual FoxPro-Treiber	vfpodbc.dll	1.0.2.0	.dbf,.cdx,.idx,.fpt
SQL Server	sqlsrv32.dll	6.1.7601.17514 (win7sp1_rtm.101119-1850)

Debug - PCI


		B00 D00 F00:	Intel Sandy Bridge-MB - Host Bridge/DRAM Controller

		Offset 000:	86 80 04 01 06 00 90 20 09 00 00 06 00 00 00 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 87 12
		Offset 030:	00 00 00 00 E0 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	01 90 D1 FE 00 00 00 00 01 00 D1 FE 00 00 00 00
		Offset 050:	03 00 00 00 09 00 00 00 00 00 00 00 01 00 80 BF
		Offset 060:	05 00 00 E0 00 00 00 00 01 80 D1 FE 00 00 00 00
		Offset 070:	00 00 80 FF 01 00 00 00 00 0C 80 FF 7F 00 00 00
		Offset 080:	10 11 11 00 00 00 11 00 1A 00 00 00 00 00 00 00
		Offset 090:	01 00 80 FF 01 00 00 00 01 00 70 3F 02 00 00 00
		Offset 0A0:	01 00 00 00 02 00 00 00 01 00 80 3F 02 00 00 00
		Offset 0B0:	01 00 00 C0 01 00 00 C0 01 00 80 BF 01 00 00 C0
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	09 00 0C 01 9E 61 80 E2 90 00 00 14 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 B8 0F 06 00 00 00 00 00

		B00 D01 F00:	Intel Sandy Bridge - PCI Express Controller

		Offset 000:	86 80 01 01 07 00 10 00 09 00 04 06 10 00 81 00
		Offset 010:	00 00 00 00 00 00 00 00 00 01 01 00 D0 D0 00 20
		Offset 020:	00 DC 00 DD 01 C0 F1 D1 00 00 00 00 00 00 00 00
		Offset 030:	00 00 00 00 88 00 00 00 00 00 00 00 11 01 18 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0A
		Offset 080:	01 90 03 C8 08 00 00 00 0D 80 00 00 43 10 87 12
		Offset 090:	05 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	10 00 42 01 00 80 00 00 00 00 00 00 02 2D 21 02
		Offset 0B0:	42 00 02 51 80 25 0C 00 00 00 48 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	42 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 01 00 00 00 00 00 00 00 10 00

		B00 D16 F00:	Intel Cougar Point PCH - Manageability Engine Interface 1 [B-2]

		Offset 000:	86 80 3A 1C 06 04 10 00 04 00 80 07 00 00 80 00
		Offset 010:	04 A0 A0 DF 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 87 12
		Offset 030:	00 00 00 00 50 00 00 00 00 00 00 00 00 01 00 00
		Offset 040:	55 02 00 1E 08 00 01 80 06 00 00 60 F8 1F 00 10
		Offset 050:	01 8C 03 C8 08 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 05 00 81 00
		Offset 090:	0C F0 E0 FE 00 00 00 00 B0 49 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 C0
		Offset 0C0:	F6 2B 5A 75 02 BC B8 05 09 46 B9 33 78 E5 79 E1
		Offset 0D0:	57 19 D6 A9 A8 EB 26 17 EC 37 F4 DB D7 7A 52 BF
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B00 D1A F00:	Intel Cougar Point PCH - USB EHCI #2 Controller [B-3]

		Offset 000:	86 80 2D 1C 06 00 90 02 05 20 03 0C 00 00 00 00
		Offset 010:	00 80 A0 DF 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 87 12
		Offset 030:	00 00 00 00 50 00 00 00 00 00 00 00 10 01 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	01 58 C2 C9 00 00 00 00 0A 98 A0 20 00 00 00 00
		Offset 060:	20 20 81 07 00 00 00 00 01 00 00 01 00 20 00 00
		Offset 070:	00 00 DF 3F 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 80 00 11 88 0C 93 30 0D 00 24 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 13 00 06 03 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 AA FF 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 04 E0 EA BE
		Offset 0F0:	00 00 00 00 88 85 80 00 87 0F 06 08 08 17 5B 20

		B00 D1B F00:	Intel Cougar Point PCH - High Definition Audio Controller [B-3]

		Offset 000:	86 80 20 1C 06 00 10 00 05 00 03 04 10 00 00 00
		Offset 010:	04 00 A0 DF 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 D3 1A
		Offset 030:	00 00 00 00 50 00 00 00 00 00 00 00 16 01 00 00
		Offset 040:	01 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	01 60 42 C8 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	05 70 80 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	10 00 91 00 00 00 00 10 00 08 10 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 04 00 01 00 24 00 40 00 0C A3 82 10 00 33 02
		Offset 0D0:	00 0C A3 02 10 00 33 02 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00

		B00 D1C F00:	Intel Cougar Point PCH - PCI Express Port 1 [B-3]

		Offset 000:	86 80 10 1C 07 00 10 00 B5 00 04 06 10 00 81 00
		Offset 010:	00 00 00 00 00 00 00 00 00 02 02 00 C0 C0 00 20
		Offset 020:	00 DF 90 DF 21 D4 B1 D4 00 00 00 00 00 00 00 00
		Offset 030:	00 00 00 00 40 00 00 00 00 00 00 00 10 01 00 00
		Offset 040:	10 80 42 01 00 80 00 00 00 00 10 00 12 4C 12 01
		Offset 050:	02 00 01 10 00 B2 04 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	02 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	0D A0 00 00 43 10 87 12 00 00 00 00 00 00 00 00
		Offset 0A0:	01 00 02 C8 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 01 02 0B 00 00 00 80 11 01 00 00 00 00
		Offset 0E0:	00 3F 00 00 00 00 00 00 01 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00

		B00 D1C F01:	Intel Cougar Point PCH - PCI Express Port 2 [B-3]

		Offset 000:	86 80 12 1C 07 00 10 00 B5 00 04 06 10 00 81 00
		Offset 010:	00 00 00 00 00 00 00 00 00 03 03 00 B0 B0 00 00
		Offset 020:	60 DE F0 DE 71 D3 01 D4 00 00 00 00 00 00 00 00
		Offset 030:	00 00 00 00 40 00 00 00 00 00 00 00 11 02 00 00
		Offset 040:	10 80 42 01 00 80 00 00 00 00 10 00 12 3C 12 02
		Offset 050:	42 00 11 70 00 B2 0C 00 00 00 40 01 00 00 00 00
		Offset 060:	00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	02 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	0D A0 00 00 43 10 87 12 00 00 00 00 00 00 00 00
		Offset 0A0:	01 00 02 C8 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 01 02 0B 00 00 00 80 11 01 00 00 00 00
		Offset 0E0:	00 03 00 00 00 00 00 00 01 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00

		B00 D1C F03:	Intel Cougar Point PCH - PCI Express Port 4 [B-3]

		Offset 000:	86 80 16 1C 07 00 10 00 B5 00 04 06 10 00 81 00
		Offset 010:	00 00 00 00 00 00 00 00 00 04 04 00 A0 A0 00 00
		Offset 020:	C0 DD 50 DE C1 D2 51 D3 00 00 00 00 00 00 00 00
		Offset 030:	00 00 00 00 40 00 00 00 00 00 00 00 13 04 00 00
		Offset 040:	10 80 42 01 00 80 00 00 00 00 10 00 12 3C 12 04
		Offset 050:	40 00 12 70 00 B2 1C 00 00 00 40 01 00 00 00 00
		Offset 060:	00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	0D A0 00 00 43 10 87 12 00 00 00 00 00 00 00 00
		Offset 0A0:	01 00 02 C8 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 01 02 0B 00 00 00 80 11 01 00 00 00 00
		Offset 0E0:	00 03 00 00 00 00 00 00 01 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00

		B00 D1C F05:	Intel Cougar Point PCH - PCI Express Port 6 [B-3]

		Offset 000:	86 80 1A 1C 07 00 10 00 B5 00 04 06 10 00 81 00
		Offset 010:	00 00 00 00 00 00 00 00 00 05 05 00 90 90 00 00
		Offset 020:	20 DD B0 DD 11 D2 A1 D2 00 00 00 00 00 00 00 00
		Offset 030:	00 00 00 00 40 00 00 00 00 00 00 00 11 02 00 00
		Offset 040:	10 80 42 01 00 80 00 00 00 00 10 00 12 3C 12 06
		Offset 050:	42 00 11 70 00 B2 2C 00 00 00 40 01 00 00 00 00
		Offset 060:	00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	02 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	0D A0 00 00 43 10 87 12 00 00 00 00 00 00 00 00
		Offset 0A0:	01 00 02 C8 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 01 02 0B 00 00 00 80 11 01 00 00 00 00
		Offset 0E0:	00 03 00 00 00 00 00 00 01 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00

		B00 D1D F00:	Intel Cougar Point PCH - USB EHCI #1 Controller [B-3]

		Offset 000:	86 80 26 1C 06 00 90 02 05 20 03 0C 00 00 00 00
		Offset 010:	00 70 A0 DF 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 87 12
		Offset 030:	00 00 00 00 50 00 00 00 00 00 00 00 17 01 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	01 58 C2 C9 00 80 00 00 0A 98 A0 20 00 00 00 00
		Offset 060:	20 20 01 06 00 00 00 00 01 00 00 01 00 20 00 00
		Offset 070:	00 00 DF 3F 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 80 00 11 88 0C 93 30 0D 00 24 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 13 00 06 03 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 AA FF 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 84 E0 70 BF
		Offset 0F0:	00 00 00 00 88 85 80 00 87 0F 06 08 08 17 5B 20

		B00 D1F F00:	Intel HM65 PCH - LPC Interface Controller [B-3]

		Offset 000:	86 80 49 1C 07 00 10 02 05 00 01 06 00 00 80 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 87 12
		Offset 030:	00 00 00 00 E0 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	01 04 00 00 80 00 00 00 01 05 00 00 10 00 00 00
		Offset 050:	F8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	8A 8B 8B 85 D0 00 00 00 80 80 83 84 F8 F0 00 00
		Offset 070:	78 F0 79 F0 7A F0 7B F0 7C F0 7D F0 7E F0 7F F0
		Offset 080:	00 00 0F 1C 00 00 00 00 00 00 00 00 51 02 2C 00
		Offset 090:	00 00 00 00 00 0F 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	04 0A 80 00 41 18 06 00 00 47 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 84 00 80 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 67 45 00 00 C0 F8 00 00 28 00 00 00
		Offset 0E0:	09 00 0C 10 00 00 00 00 13 06 64 0E 00 00 00 00
		Offset 0F0:	01 C0 D1 FE 00 00 00 00 87 0F 06 08 00 00 00 00

		B00 D1F F02:	Intel Cougar Point-M PCH - SATA AHCI 6-Port Controller [B-3]

		Offset 000:	86 80 03 1C 07 00 B0 02 05 01 06 01 00 00 00 00
		Offset 010:	71 E0 00 00 61 E0 00 00 51 E0 00 00 41 E0 00 00
		Offset 020:	21 E0 00 00 00 60 A0 DF 00 00 00 00 43 10 87 12
		Offset 030:	00 00 00 00 80 00 00 00 00 00 00 00 13 02 00 00
		Offset 040:	00 80 00 80 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	01 A8 03 40 08 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	60 3A 05 85 83 01 00 3A 08 42 5C 01 00 00 00 00
		Offset 0A0:	E0 00 00 00 39 00 00 00 12 B0 10 00 48 00 00 00
		Offset 0B0:	13 00 06 03 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00

		B00 D1F F03:	Intel Cougar Point PCH - SMBus Controller [B-3]

		Offset 000:	86 80 22 1C 03 00 80 02 05 00 05 0C 00 00 00 00
		Offset 010:	04 50 A0 DF 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	01 E0 00 00 00 00 00 00 00 00 00 00 43 10 87 12
		Offset 030:	00 00 00 00 00 00 00 00 00 00 00 00 0B 03 00 00
		Offset 040:	01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	03 04 04 00 00 00 08 08 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00

		B00 D1F F06:	Intel Cougar Point PCH - Thermal Management Controller [B-3]

		Offset 000:	86 80 24 1C 00 00 10 00 05 00 80 11 00 00 00 00
		Offset 010:	04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 87 12
		Offset 030:	00 00 00 00 50 00 00 00 00 00 00 00 0B 03 00 00
		Offset 040:	05 00 C0 D4 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	01 00 23 00 08 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 87 0F 06 08 00 00 00 00

		B01 D00 F00:	nVIDIA GeForce GT 520M (Asus) Video Adapter

		Offset 000:	DE 10 50 10 07 00 10 00 A1 00 00 03 10 00 80 00
		Offset 010:	00 00 00 DC 0C 00 00 C0 00 00 00 00 0C 00 00 D0
		Offset 020:	00 00 00 00 01 D0 00 00 00 00 00 00 43 10 42 17
		Offset 030:	00 00 00 00 60 00 00 00 00 00 00 00 10 01 00 00
		Offset 040:	43 10 42 17 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	01 00 00 00 01 00 00 00 CE D6 23 00 00 00 00 00
		Offset 060:	01 68 03 00 08 00 00 00 05 78 80 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 10 B4 02 00 E0 8D 2C 01
		Offset 080:	10 29 00 00 02 3D 05 00 42 01 02 11 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 01 00 01 00 00 00 00 00
		Offset 0B0:	00 00 00 00 09 00 14 01 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B01 D00 F01:	nVIDIA GF119 - High Definition Audio Controller

		Offset 000:	DE 10 08 0E 06 00 10 00 A1 00 03 04 10 00 80 00
		Offset 010:	00 00 08 DD 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 030:	00 00 00 00 60 00 00 00 00 00 00 00 11 02 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 CE D6 23 00 00 00 00 00
		Offset 060:	01 68 03 00 08 00 00 00 05 78 80 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 10 00 02 00 A0 8D 2C 01
		Offset 080:	10 28 00 00 02 3D 05 00 02 01 02 11 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B03 D00 F00:	Atheros AR9285 802.11b/g/n Wireless Network Adapter

		Offset 000:	8C 16 2B 00 46 01 10 00 01 00 80 02 10 00 00 00
		Offset 010:	04 00 FF DE 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 3B 1A 37 2C
		Offset 030:	00 00 00 00 40 00 00 00 00 00 00 00 11 01 00 00
		Offset 040:	01 50 C3 DB 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	05 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	10 00 12 00 C0 8C 90 05 10 20 10 00 11 3C 03 00
		Offset 070:	42 00 11 10 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B04 D00 F00:	ASMedia ASM1042 USB 3.0 xHCI Controller

		Offset 000:	21 1B 42 10 06 04 10 00 00 30 03 0C 10 00 00 00
		Offset 010:	04 00 C0 DD 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 59 10
		Offset 030:	00 00 00 00 50 00 00 00 00 00 00 00 00 01 00 00
		Offset 040:	00 00 00 00 60 61 11 02 00 00 00 00 00 00 00 00
		Offset 050:	05 68 86 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	30 20 00 00 00 00 00 00 11 78 07 80 00 20 00 00
		Offset 070:	80 20 00 00 00 00 00 00 01 80 43 C0 00 00 00 00
		Offset 080:	10 00 12 00 02 82 90 05 10 28 00 00 12 FC 03 01
		Offset 090:	40 00 12 10 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 43 10 00 00 00 00 00 00

		B05 D00 F00:	Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter

		Offset 000:	EC 10 68 81 07 04 10 00 06 00 00 02 10 00 00 00
		Offset 010:	01 90 00 00 00 00 00 00 0C 40 10 D2 00 00 00 00
		Offset 020:	0C 00 10 D2 00 00 00 00 00 00 00 00 43 10 87 12
		Offset 030:	00 00 00 00 40 00 00 00 00 00 00 00 00 01 00 00
		Offset 040:	01 50 C3 FF 08 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	05 70 80 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	10 B0 02 02 C1 8C 90 05 10 50 10 00 11 3C 07 00
		Offset 080:	42 01 11 10 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 10 00 00 00 10 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	11 D0 03 80 04 00 00 00 04 08 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		PCI-8086-0104:	Intel SNB/IVB/HSW/CRW/BDW/SKL MCHBAR @ FED10000h

		Offset 4000:	99 79 18 00 54 54 14 0A 20 22 02 0A 90 56 00 00
		Offset 4010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 4020:	05 00 10 00 22 22 20 20 22 00 0E 00 00 00 00 00

		PCI-8086-0104:	Intel SNB/IVB/HSW/CRW/BDW/SKL MCHBAR @ FED10000h

		Offset 4280:	00 00 00 00 00 00 0C 00 00 00 00 00 44 00 00 00
		Offset 4290:	80 40 00 00 0F 98 00 00 4F 14 6B 5A 50 02 00 00
		Offset 42A0:	03 10 00 00 00 72 90 41 00 00 00 00 01 00 00 00

		PCI-8086-0104:	Intel SNB/IVB/HSW/CRW/BDW/SKL MCHBAR @ FED10000h

		Offset 4400:	99 79 18 00 54 54 14 0A 20 22 02 0A 90 56 00 00
		Offset 4410:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 4420:	05 00 10 00 22 22 20 20 22 00 0E 00 00 00 00 00

		PCI-8086-0104:	Intel SNB/IVB/HSW/CRW/BDW/SKL MCHBAR @ FED10000h

		Offset 4680:	00 00 00 00 00 00 0C 00 00 00 00 00 44 00 00 00
		Offset 4690:	80 40 00 00 0F 98 00 00 4F 14 6B 5A 50 02 00 00
		Offset 46A0:	03 10 00 00 00 72 90 41 00 00 00 00 01 00 00 00

		PCI-8086-0104:	Intel SNB/IVB/HSW/CRW/BDW/SKL MCHBAR @ FED10000h

		Offset 4800:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 4810:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		PCI-8086-0104:	Intel SNB/IVB/HSW/CRW/BDW/SKL MCHBAR @ FED10000h

		Offset 4A80:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 4A90:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		PCI-8086-0104:	Intel SNB/IVB/HSW/CRW/BDW/SKL MCHBAR @ FED10000h

		Offset 5000:	24 00 00 00 10 00 62 00 10 00 62 00 00 00 60 00
		Offset 5010:	00 00 00 00 00 00 20 10 00 00 00 00 00 00 00 00

		PCI-8086-0104:	Intel SNB/IVB/HSW/CRW/BDW/SKL MCHBAR @ FED10000h

		Offset 5880:	E7 71 91 CA 00 00 00 00 D0 DA E4 00 00 00 00 00
		Offset 5890:	34 D5 04 02 3E 37 00 02 00 00 00 00 00 00 00 00
		Offset 58A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 58B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 58C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 58D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 58E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 58F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 5900:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 5910:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 5920:	00 00 00 00 10 00 00 00 0D C8 61 25 00 00 00 00
		Offset 5930:	18 01 C0 00 C0 01 10 00 03 10 0A 00 2F B6 36 51
		Offset 5940:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 5950:	00 00 00 00 00 00 10 00 00 19 01 60 00 08 00 00
		Offset 5960:	00 00 00 00 1C CA A8 5B 35 12 E2 00 63 28 76 7E
		Offset 5970:	00 00 00 00 00 00 00 00 4B 00 00 00 4B 00 00 00
		Offset 5980:	48 00 00 00 08 40 45 29 00 00 00 00 00 00 00 00
		Offset 5990:	FF 00 00 00 FF 00 00 00 1A 0D 0D 00 00 0E 64 00
		Offset 59A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 59B0:	0C 03 00 80 94 14 14 18 04 01 00 80 94 14 14 18
		Offset 59C0:	00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00

		PCI-8086-0104:	Intel SNB/IVB/HSW/CRW/BDW/SKL MCHBAR @ FED10000h

		Offset 5E00:	05 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00
		Offset 5E10:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		PCI-8086-1C24:	Intel 5/6/7/8/9/10-series PCH TBARB @ D4C00000h

		Offset 00:	01 BA 00 F3 2B 3A 37 29 81 04 38 00 00 99 40 00
		Offset 10:	00 00 00 19 87 DE 8C 80 00 00 F0 10 00 00 00 00
		Offset 20:	00 00 86 07 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 30:	00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 40:	01 02 00 FF 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 50:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 60:	00 00 00 00 00 00 00 00 00 00 00 00 16 1B 20 05
		Offset 70:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 80:	01 01 00 00 74 74 00 FF 00 00 00 00 00 00 00 00
		Offset 90:	C0 78 2E 28 00 00 00 00 00 00 00 00 00 00 00 00
		Offset A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset C0:	01 01 00 00 00 00 00 FF 00 00 00 00 00 00 00 00
		Offset D0:	00 00 00 00 00 00 00 00 32 00 C3 00 00 00 00 00
		Offset E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Debug - Video BIOS


		C000:0000	U.q.K7400.L.w.VIDEO ......x...IBM VGA Compatible.......Q02/20/12
		C000:0040	..........@.q.T...+.C.B..?..@.........U:....G..GPMIDl.o.......
		C000:0080	.....3GF119 E1317 SKU 0000 VGA BIOS.............................
		C000:00C0	.......................Version 75.19.11.00.14 ...Copyright (C) 1
		C000:0100	996-2011 NVIDIA Corp..............GF119 Board - 13170500........
		C000:0140	.....Chip Rev ................................................
		C000:0180	........PCIR..P.........q.......HYB$..BIT......E2...,.B.!.8.C...
		C000:01C0	Y.D...g.A...k.I...n.L.....M.....N.....P.0...S.....T.....U.....V.
		C000:0200	....x.....d.....p.....i.B.....>..L.c.i.....................u.@..
		C000:0240	..............\\....0.............L.....O.B....N$N*NBN.O.O$N...O
		C000:0280	.T..L.M.o..<o...N...i...j...l...n...n.......o......Hn...j...n...
		C000:02C0	n....P.....(.L.#L#".#E...PFL..L}L...........D..................u
		C000:0300	.......@...01/07/11.........................630.13170000........
		C000:0340	........_.X............./....b ........._.X.........,......b1..
		C000:0380	...5..........X.....G.....L.s.B...Q.P._.......%.~.........
		C000:03C0	?...a....B.f...............n.....q.....t.k.&.s.x.X.z...........

Debug - Unknown


		Optical	HL-DT-ST DVDRAM GT51N

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.