Report of <VANBANGIT>

AIDA64 Extreme Edition


		Version	AIDA64 v2.80.2300
		Benchmark Module	3.0.492-x64
		Homepage	http://www.aida64.com/
		Report Type	Quick Report
		Computer	VANBANGIT
		Generator	Truong
		Operating System	Microsoft Windows 8 Professional 6.2.9200.16463 (Win8 RTM)
		Date	2015-09-26
		Time	18:00

Summary


Computer:
	Computer Type	ACPI x64-based PC (Mobile)
	Operating System	Microsoft Windows 8 Professional
	OS Service Pack	-
	Internet Explorer	9.11.10240.16384
	DirectX	DirectX 12.0
	Computer Name	VANBANGIT
	User Name	Truong
	Logon Domain	VANBANGIT
	Date / Time	2015-09-26 / 18:00

Motherboard:
	CPU Type	Mobile DualCore Intel Core i3-3110M, 2366 MHz
	Motherboard Name	Asus K45A Series Notebook
	Motherboard Chipset	Intel Panther Point HM76, Intel Ivy Bridge
	System Memory	8071 MB
	BIOS Type	Unknown

Display:
	Video Adapter	Intel(R) HD Graphics 4000 (2112 MB)
	Video Adapter	Intel(R) HD Graphics 4000 (2112 MB)
	Video Adapter	Intel(R) HD Graphics 4000 (2112 MB)
	3D Accelerator	Intel HD Graphics 4000
	Monitor	BOEhydis HB140WX1-100 [14" LCD]

Multimedia:
	Audio Adapter	Intel Panther Point HDMI @ Intel Panther Point PCH - High Definition Audio Controller [C-1]
	Audio Adapter	Realtek ALC269 @ Intel Panther Point PCH - High Definition Audio Controller [C-1]

Storage:
	IDE Controller	Intel(R) 7 Series/C216 Chipset Family SATA AHCI Controller - 1E03
	Storage Controller	Microsoft Storage Spaces Controller
	Disk Drive	INTEL SSDSC2BW120A4 (111 GB)
	Disk Drive	TOSHIBA MQ01ABD050 (500 GB, 5400 RPM, SATA-II)
	SMART Hard Disks Status	OK

Partitions:
	C: (NTFS)	56359 MB (21660 MB free)
	D: (NTFS)	99999 MB (33949 MB free)
	E: (NTFS)	368.1 GB (109.5 GB free)
	Total Size	520.8 GB (163.8 GB free)

Input:
	Keyboard	Keyboard Device Filter
	Mouse	ASUS Touchpad
	Mouse	HID-compliant mouse

Network:
	Primary IP Address	127.0.0.1
	Primary MAC Address	74-2F-68-35-DF-99
	Network Adapter	Bluetooth Device (Personal Area Network)
	Network Adapter	Microsoft Wi-Fi Direct Virtual Adapter
	Network Adapter	Qualcomm Atheros AR9002WB-1NG Wireless Network Adapter
	Network Adapter	Realtek PCIe GBE Family Controller

Peripherals:
	Printer	Fax
	Printer	Microsoft Print to PDF
	Printer	Microsoft XPS Document Writer
	USB2 Controller	Intel Panther Point PCH - USB 2.0 EHCI Controller #1 [C-1]
	USB2 Controller	Intel Panther Point PCH - USB 2.0 EHCI Controller #2 [C-1]
	USB3 Controller	Intel Panther Point PCH - USB 3.0 xHCI Controller [C-1]
	USB Device	Bluetooth Module
	USB Device	Generic USB Hub
	USB Device	Generic USB Hub
	USB Device	Realtek USB 2.0 Card Reader
	USB Device	USB Composite Device
	USB Device	USB Input Device
	USB Device	USB2.0 UVC HD Webcam
	Battery	Microsoft AC Adapter
	Battery	Microsoft ACPI-Compliant Control Method Battery

DMI:
	DMI BIOS Vendor
	DMI BIOS Version
	DMI System Manufacturer	ASUSTeK COMPUTER INC.
	DMI System Product	K45A
	DMI System Version	1.0
	DMI System Serial Number	CCN0CJ454681498
	DMI System UUID	B1A9B865-3DE511E2-87F50860-6E8CF3D8
	DMI Motherboard Manufacturer	ASUSTeK COMPUTER INC.
	DMI Motherboard Product	K45A
	DMI Motherboard Version	1.0
	DMI Motherboard Serial Number	CCN0CJ454681498
	DMI Chassis Manufacturer	ASUSTeK COMPUTER INC.
	DMI Chassis Version	1.0
	DMI Chassis Serial Number	CCN0CJ454681498
	DMI Chassis Asset Tag	No Asset Tag
	DMI Chassis Type	Notebook

Computer Name


Type	Class	Computer Name
Computer Comment	Logical
NetBIOS Name	Logical	VANBANGIT
DNS Host Name	Logical	vanbangit
DNS Domain Name	Logical
Fully Qualified DNS Name	Logical	vanbangit
NetBIOS Name	Physical	VANBANGIT
DNS Host Name	Physical	vanbangit
DNS Domain Name	Physical
Fully Qualified DNS Name	Physical	vanbangit

DMI


[ BIOS ]

	BIOS Properties:
		Size	64 KB
		Boot Devices	Floppy Disk, Hard Disk
		Capabilities	BBS
		Supported Standards	DMI, ACPI
		Expansion Capabilities	USB

[ System ]

	System Properties:
		Manufacturer	ASUSTeK COMPUTER INC.
		Product	K45A
		Version	1.0
		Serial Number	CCN0CJ454681498
		SKU#	ASUS-NotebookSKU
		Family	K
		Universal Unique ID	B1A9B865-3DE511E2-87F50860-6E8CF3D8
		Wake-Up Type	Power Switch

[ Motherboard ]

	Motherboard Properties:
		Manufacturer	ASUSTeK COMPUTER INC.
		Product	K45A
		Version	1.0
		Serial Number	CCN0CJ454681498

	Motherboard Manufacturer:
		Company Name	ASUSTeK Computer Inc.
		Product Information	http://www.asus.com/Motherboard
		BIOS Download	http://support.asus.com/download/download.aspx?SLanguage=en-us
		Driver Update	http://www.aida64.com/driver-updates
		BIOS Upgrades	http://www.aida64.com/bios-updates

[ Chassis ]

	Chassis Properties:
		Manufacturer	ASUSTeK COMPUTER INC.
		Version	1.0
		Serial Number	CCN0CJ454681498
		Asset Tag	No Asset Tag
		Chassis Type	Notebook
		Boot-Up State	Safe
		Power Supply State	Safe
		Thermal State	Safe
		Security Status	None

[ Processors / Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz ]

	Processor Properties:
		Manufacturer	Intel(R) Corporation
		Version	Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
		Asset Tag	Fill By OEM
		Part Number	Fill By OEM
		External Clock	100 MHz
		Maximum Clock	3800 MHz
		Current Clock	2400 MHz
		Type	Central Processor
		Voltage	5 V, 2.9 V
		Status	Enabled
		Upgrade	Socket rPGA988B
		Socket Designation	SOCKET 0
		HTT / CMP Units	2 / 2

	CPU Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://ark.intel.com/search.aspx?q=Intel Core i3-3110M
		Driver Update	http://www.aida64.com/driver-updates

[ Caches / CPU Internal L2 ]

	Cache Properties:
		Type	Internal
		Status	Enabled
		Operational Mode	Write-Through
		Associativity	8-way Set-Associative
		Maximum Size	512 KB
		Installed Size	512 KB
		Error Correction	Multi-bit ECC
		Socket Designation	CPU Internal L2

[ Caches / CPU Internal L1 ]

	Cache Properties:
		Type	Internal
		Status	Enabled
		Operational Mode	Write-Through
		Associativity	8-way Set-Associative
		Maximum Size	128 KB
		Installed Size	128 KB
		Error Correction	Parity
		Socket Designation	CPU Internal L1

[ Caches / CPU Internal L3 ]

	Cache Properties:
		Type	Internal
		Status	Enabled
		Operational Mode	Write-Back
		Associativity	12-way Set-Associative
		Maximum Size	3072 KB
		Installed Size	3072 KB
		Error Correction	Multi-bit ECC
		Socket Designation	CPU Internal L3

[ Memory Devices / ChannelA-DIMM0 ]

	Memory Device Properties:
		Form Factor	SODIMM
		Type	DDR3
		Type Detail	Synchronous
		Size	4096 MB
		Speed	1600 MHz
		Total Width	64-bit
		Data Width	64-bit
		Device Locator	ChannelA-DIMM0
		Bank Locator	BANK 0
		Manufacturer	Kingston
		Serial Number	5E10132E
		Asset Tag	9876543210
		Part Number	9905428-086.A00LF

[ Memory Devices / ChannelA-DIMM1 ]

	Memory Device Properties:
		Form Factor	DIMM
		Device Locator	ChannelA-DIMM1
		Bank Locator	BANK 1
		Manufacturer	[Empty]
		Serial Number	[Empty]
		Asset Tag	9876543210
		Part Number	[Empty]

[ Memory Devices / ChannelB-DIMM0 ]

	Memory Device Properties:
		Form Factor	SODIMM
		Type	DDR3
		Type Detail	Synchronous
		Size	4096 MB
		Speed	1600 MHz
		Total Width	64-bit
		Data Width	64-bit
		Device Locator	ChannelB-DIMM0
		Bank Locator	BANK 2
		Manufacturer	8325
		Serial Number	00000000
		Asset Tag	9876543210
		Part Number	FSGF65F-D8KMB

[ Memory Devices / ChannelB-DIMM1 ]

	Memory Device Properties:
		Form Factor	DIMM
		Device Locator	ChannelB-DIMM1
		Bank Locator	BANK 3
		Manufacturer	[Empty]
		Serial Number	[Empty]
		Asset Tag	9876543210
		Part Number	[Empty]

[ System Slots / J6B2 ]

	System Slot Properties:
		Slot Designation	J6B2
		Type	PCI-E
		Usage	In Use
		Data Bus Width	x16
		Length	Long

[ System Slots / J6B1 ]

	System Slot Properties:
		Slot Designation	J6B1
		Type	PCI-E
		Usage	In Use
		Data Bus Width	x1
		Length	Short

[ System Slots / J6D1 ]

	System Slot Properties:
		Slot Designation	J6D1
		Type	PCI-E
		Usage	In Use
		Data Bus Width	x1
		Length	Short

[ System Slots / J7B1 ]

	System Slot Properties:
		Slot Designation	J7B1
		Type	PCI-E
		Usage	In Use
		Data Bus Width	x1
		Length	Short

[ System Slots / J8B4 ]

	System Slot Properties:
		Slot Designation	J8B4
		Type	PCI-E
		Usage	In Use
		Data Bus Width	x1
		Length	Short

[ Port Connectors / PS2Mouse ]

	Port Connector Properties:
		Port Type	Mouse Port
		Internal Reference Designator	J1A1
		Internal Connector Type	None
		External Reference Designator	PS2Mouse
		External Connector Type	PS/2

[ Port Connectors / Keyboard ]

	Port Connector Properties:
		Port Type	Keyboard Port
		Internal Reference Designator	J1A1
		Internal Connector Type	None
		External Reference Designator	Keyboard
		External Connector Type	PS/2

[ Port Connectors / TV Out ]

	Port Connector Properties:
		Internal Reference Designator	J2A1
		Internal Connector Type	None
		External Reference Designator	TV Out
		External Connector Type	Mini-Centronics Type-14

[ Port Connectors / COM A ]

	Port Connector Properties:
		Port Type	Serial Port 16550A Compatible
		Internal Reference Designator	J2A2A
		Internal Connector Type	None
		External Reference Designator	COM A
		External Connector Type	DB-9 pin male

[ Port Connectors / Video ]

	Port Connector Properties:
		Port Type	Video Port
		Internal Reference Designator	J2A2B
		Internal Connector Type	None
		External Reference Designator	Video
		External Connector Type	DB-15 pin female

[ Port Connectors / USB1 ]

	Port Connector Properties:
		Port Type	USB
		Internal Reference Designator	J3A1
		Internal Connector Type	None
		External Reference Designator	USB1
		External Connector Type	USB

[ Port Connectors / USB2 ]

	Port Connector Properties:
		Port Type	USB
		Internal Reference Designator	J3A1
		Internal Connector Type	None
		External Reference Designator	USB2
		External Connector Type	USB

[ Port Connectors / USB3 ]

	Port Connector Properties:
		Port Type	USB
		Internal Reference Designator	J3A1
		Internal Connector Type	None
		External Reference Designator	USB3
		External Connector Type	USB

[ Port Connectors / J9A1 - TPM HDR ]

	Port Connector Properties:
		Internal Reference Designator	J9A1 - TPM HDR
		External Connector Type	None

[ Port Connectors / J9C1 - PCIE DOCKING CONN ]

	Port Connector Properties:
		Internal Reference Designator	J9C1 - PCIE DOCKING CONN
		External Connector Type	None

[ Port Connectors / J2B3 - CPU FAN ]

	Port Connector Properties:
		Internal Reference Designator	J2B3 - CPU FAN
		External Connector Type	None

[ Port Connectors / J6C2 - EXT HDMI ]

	Port Connector Properties:
		Internal Reference Designator	J6C2 - EXT HDMI
		External Connector Type	None

[ Port Connectors / J3C1 - GMCH FAN ]

	Port Connector Properties:
		Internal Reference Designator	J3C1 - GMCH FAN
		External Connector Type	None

[ Port Connectors / J1D1 - ITP ]

	Port Connector Properties:
		Internal Reference Designator	J1D1 - ITP
		External Connector Type	None

[ Port Connectors / J9E2 - MDC INTPSR ]

	Port Connector Properties:
		Internal Reference Designator	J9E2 - MDC INTPSR
		External Connector Type	None

[ Port Connectors / J9E4 - MDC INTPSR ]

	Port Connector Properties:
		Internal Reference Designator	J9E4 - MDC INTPSR
		External Connector Type	None

[ Port Connectors / J9E3 - LPC HOT DOCKING ]

	Port Connector Properties:
		Internal Reference Designator	J9E3 - LPC HOT DOCKING
		External Connector Type	None

[ Port Connectors / J9E1 - SCAN MATRIX ]

	Port Connector Properties:
		Internal Reference Designator	J9E1 - SCAN MATRIX
		External Connector Type	None

[ Port Connectors / J9G1 - LPC SIDE BAND ]

	Port Connector Properties:
		Internal Reference Designator	J9G1 - LPC SIDE BAND
		External Connector Type	None

[ Port Connectors / J8F1 - UNIFIED ]

	Port Connector Properties:
		Internal Reference Designator	J8F1 - UNIFIED
		External Connector Type	None

[ Port Connectors / J6F1 - LVDS ]

	Port Connector Properties:
		Internal Reference Designator	J6F1 - LVDS
		External Connector Type	None

[ Port Connectors / J2F1 - LAI FAN ]

	Port Connector Properties:
		Internal Reference Designator	J2F1 - LAI FAN
		External Connector Type	None

[ Port Connectors / J2G1 - GFX VID ]

	Port Connector Properties:
		Internal Reference Designator	J2G1 - GFX VID
		External Connector Type	None

[ Port Connectors / J1G6 - AC JACK ]

	Port Connector Properties:
		Internal Reference Designator	J1G6 - AC JACK
		External Connector Type	None

[ On-Board Devices / To Be Filled By O.E.M. ]

	On-Board Device Properties:
		Description	To Be Filled By O.E.M.
		Type	Video
		Status	Enabled

[ Power Supplies / To Be Filled By O.E.M. ]

	Power Supply Properties:
		Device Name	To Be Filled By O.E.M.
		Manufacturer	To Be Filled By O.E.M.
		Serial Number	To Be Filled By O.E.M.
		Asset Tag	To Be Filled By O.E.M.
		Part Number	To Be Filled By O.E.M.
		Type	Switching
		Status	OK
		Hot Replaceable	No

[ Management Devices / LM78-1 ]

	Management Device Properties:
		Description	LM78-1

[ Miscellaneous ]

	Miscellaneous:
		OEM String	wSog-vi64VqRT
		OEM String	ja2j-wwwP0rjB
		OEM String	HZ0K-cvo0elGI
		OEM String	90N53A715A5E2800110C
		System Configuration Option	DSN: 9 Q2P2QATE
		System Configuration Option	DSN:8D3FC8E60680
		System Configuration Option	DSN:08606E8CF3D8
		System Configuration Option	SMI:00B2CA

Overclock


CPU Properties:
	CPU Type	Mobile DualCore Intel Core i3-3110M
	CPU Alias	Ivy Bridge-MB
	CPU Stepping	E1/L1/N0/P0
	CPUID CPU Name	Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
	CPUID Revision	000306A9h

CPU Speed:
	CPU Clock	2383.8 MHz (original: 2400 MHz)

CPU Cache:
	L1 Code Cache	32 KB per core
	L1 Data Cache	32 KB per core
	L2 Cache	256 KB per core (On-Die, ECC, Full-Speed)
	L3 Cache	3 MB (On-Die, ECC, Full-Speed)

Motherboard Properties:
	Motherboard ID	<DMI>
	Motherboard Name	Asus K45A Series Notebook

Chipset Properties:
	Motherboard Chipset	Intel Panther Point HM76, Intel Ivy Bridge

BIOS Properties:
	System BIOS Date	Unknown
	Video BIOS Date	Unknown

Graphics Processor Properties:
	Video Adapter	Intel Ivy Bridge-MB - Integrated Graphics Controller (MB GT2)
	GPU Code Name	Ivy Bridge-MB GT2 (Integrated 8086 / 0166, Rev 09)

Power Management


Power Management Properties:
	Current Power Source	AC Line
	Battery Status	99 % (High Level, Charging)
	Full Battery Lifetime	Unknown
	Remaining Battery Lifetime	Unknown

Battery Properties:
	Device Name	PABAS0241231
	Manufacturer	COMPAL
	Serial Number	41167
	Unique ID	41167COMPAL PABAS0241231
	Battery Type	Rechargeable Li-Ion
	Designed Capacity	50760 mWh
	Fully Charged Capacity	45166 mWh
	Current Capacity	44712 mWh (99 %)
	Battery Voltage	12.282 V
	Wear Level	11 %
	Power State	AC Line, Charging
	Charge Rate	706309 mW

Portable Computer


Centrino (Carmel) Platform Compliancy:
	CPU: Intel Pentium M (Banias/Dothan)	No (Mobile Intel Core i3-3110M)
	Chipset: Intel i855GM/PM	No (Intel Panther Point HM76, Intel Ivy Bridge)
	WLAN: Intel PRO/Wireless	No
	System: Centrino Compliant	No

Centrino (Sonoma) Platform Compliancy:
	CPU: Intel Pentium M (Dothan)	No (Mobile Intel Core i3-3110M)
	Chipset: Intel i915GM/PM	No (Intel Panther Point HM76, Intel Ivy Bridge)
	WLAN: Intel PRO/Wireless 2200/2915	No
	System: Centrino Compliant	No

Centrino (Napa) Platform Compliancy:
	CPU: Intel Core (Yonah) / Core 2 (Merom)	No (Mobile Intel Core i3-3110M)
	Chipset: Intel i945GM/PM	No (Intel Panther Point HM76, Intel Ivy Bridge)
	WLAN: Intel PRO/Wireless 3945/3965	No
	System: Centrino Compliant	No

Centrino (Santa Rosa) Platform Compliancy:
	CPU: Intel Core 2 (Merom/Penryn)	No (Mobile Intel Core i3-3110M)
	Chipset: Intel GM965/PM965	No (Intel Panther Point HM76, Intel Ivy Bridge)
	WLAN: Intel Wireless WiFi Link 4965	No
	System: Centrino Compliant	No

Centrino 2 (Montevina) Platform Compliancy:
	CPU: Intel Core 2 (Penryn)	No (Mobile Intel Core i3-3110M)
	Chipset: Mobile Intel 4 Series	No (Intel Panther Point HM76, Intel Ivy Bridge)
	WLAN: Intel WiFi Link 5000 Series	No
	System: Centrino 2 Compliant	No

Centrino (Calpella) Platform Compliancy:
	CPU: Intel Core i3/i5/i7 (Arrandale/Clarksfield)	No (Mobile Intel Core i3-3110M)
	Chipset: Mobile Intel 5 Series	No (Intel Panther Point HM76, Intel Ivy Bridge)
	WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N	No
	System: Centrino Compliant	No

Centrino (Huron River) Platform Compliancy:
	CPU: Intel Core i3/i5/i7 (Sandy Bridge-MB)	No (Mobile Intel Core i3-3110M)
	Chipset: Mobile Intel 6 Series	No (Intel Panther Point HM76, Intel Ivy Bridge)
	WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N	No
	System: Centrino Compliant	No

Centrino (Chief River) Platform Compliancy:
	CPU: Intel Core i3/i5/i7 (Ivy Bridge-MB)	Yes (Mobile Intel Core i3-3110M)
	Chipset: Mobile Intel 7 Series	Yes (Intel Panther Point HM76, Intel Ivy Bridge)
	WLAN: Intel Centrino Advanced-N / Ultimate-N / Wireless-N	No
	System: Centrino Compliant	No

Sensor


Sensor Properties:
	Sensor Type	HDD

Temperatures:
	INTEL SSDSC2BW120A4	33 �C (91 �F)
	TOSHIBA MQ01ABD050	29 �C (84 �F)

Voltage Values:
	Battery	12.282 V

Power Values:
	Battery Charge Rate	706.31 W

CPU


CPU Properties:
	CPU Type	Mobile DualCore Intel Core i3-3110M, 2366 MHz
	CPU Alias	Ivy Bridge-MB
	CPU Stepping	E1/L1/N0/P0
	Instruction Set	x86, x86-64, MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, AVX
	Original Clock	2400 MHz
	L1 Code Cache	32 KB per core
	L1 Data Cache	32 KB per core
	L2 Cache	256 KB per core (On-Die, ECC, Full-Speed)
	L3 Cache	3 MB (On-Die, ECC, Full-Speed)

CPU Manufacturer:
	Company Name	Intel Corporation
	Product Information	http://ark.intel.com/search.aspx?q=Intel Core i3-3110M
	Driver Update	http://www.aida64.com/driver-updates

Multi CPU:
	CPU #1	Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz, 2395 MHz
	CPU #2	Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz, 2395 MHz
	CPU #3	Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz, 2395 MHz
	CPU #4	Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz, 2395 MHz

CPU Utilization:
	CPU #1 / Core #1 / HTT Unit #1	0 %
	CPU #1 / Core #1 / HTT Unit #2	0 %
	CPU #1 / Core #2 / HTT Unit #1	25 %
	CPU #1 / Core #2 / HTT Unit #2	0 %

CPUID


CPUID Properties:
	CPUID Manufacturer	GenuineIntel
	CPUID CPU Name	Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
	CPUID Revision	000306A9h
	IA Brand ID	00h (Unknown)
	Platform ID	FFh (Unknown)
	HTT / CMP Units	2 / 2

Instruction Set:
	64-bit x86 Extension (AMD64, Intel64)	Supported
	AMD 3DNow!	Not Supported
	AMD 3DNow! Professional	Not Supported
	AMD 3DNowPrefetch	Not Supported
	AMD Enhanced 3DNow!	Not Supported
	AMD Extended MMX	Not Supported
	AMD FMA4	Not Supported
	AMD MisAligned SSE	Not Supported
	AMD SSE4A	Not Supported
	AMD XOP	Not Supported
	Cyrix Extended MMX	Not Supported
	Enhanced REP MOVSB/STOSB	Supported
	Float-16 Conversion Instructions	Supported, Enabled
	IA-64	Not Supported
	IA BMI1	Not Supported
	IA BMI2	Not Supported
	IA MMX	Supported
	IA SSE	Supported
	IA SSE2	Supported
	IA SSE3	Supported
	IA Supplemental SSE3	Supported
	IA SSE4.1	Supported
	IA SSE4.2	Supported
	IA AVX	Supported, Enabled
	IA AVX2	Not Supported
	IA FMA	Not Supported
	IA AES Extensions	Not Supported
	VIA Alternate Instruction Set	Not Supported
	ADCX / ADOX Instruction	Not Supported
	CLFLUSH Instruction	Supported
	CMPXCHG8B Instruction	Supported
	CMPXCHG16B Instruction	Supported
	Conditional Move Instruction	Supported
	INVPCID Instruction	Not Supported
	LZCNT Instruction	Not Supported
	MONITOR / MWAIT Instruction	Supported
	MOVBE Instruction	Not Supported
	PCLMULQDQ Instruction	Supported
	POPCNT Instruction	Supported
	RDFSBASE / RDGSBASE / WRFSBASE / WRGSBASE Instruction	Supported
	RDRAND Instruction	Not Supported
	RDSEED Instruction	Not Supported
	RDTSCP Instruction	Supported
	SKINIT / STGI Instruction	Not Supported
	SYSCALL / SYSRET Instruction	Not Supported
	SYSENTER / SYSEXIT Instruction	Supported
	Trailing Bit Manipulation Instructions	Not Supported
	VIA FEMMS Instruction	Not Supported

Security Features:
	Advanced Cryptography Engine (ACE)	Not Supported
	Advanced Cryptography Engine 2 (ACE2)	Not Supported
	Data Execution Prevention (DEP, NX, EDB)	Supported
	Hardware Random Number Generator (RNG)	Not Supported
	Hardware Random Number Generator 2 (RNG2)	Not Supported
	PadLock Hash Engine (PHE)	Not Supported
	PadLock Hash Engine 2 (PHE2)	Not Supported
	PadLock Montgomery Multiplier (PMM)	Not Supported
	PadLock Montgomery Multiplier 2 (PMM2)	Not Supported
	Processor Serial Number (PSN)	Not Supported

Power Management Features:
	Application Power Management (APM)	Not Supported
	Automatic Clock Control	Supported
	Core C6 State (CC6)	Not Supported
	Digital Thermometer	Supported
	Dynamic FSB Frequency Switching	Not Supported
	Enhanced Halt State (C1E)	Supported
	Enhanced SpeedStep Technology (EIST, ESS)	Supported
	Frequency ID Control	Not Supported
	Hardware P-State Control	Not Supported
	LongRun	Not Supported
	LongRun Table Interface	Not Supported
	Overstress	Not Supported
	Package C6 State (PC6)	Not Supported
	Parallax	Not Supported
	PowerSaver 1.0	Not Supported
	PowerSaver 2.0	Not Supported
	PowerSaver 3.0	Not Supported
	Processor Duty Cycle Control	Supported
	Software Thermal Control	Not Supported
	Temperature Sensing Diode	Not Supported
	Thermal Monitor 1	Supported
	Thermal Monitor 2	Supported
	Thermal Monitor 3	Not Supported
	Thermal Monitoring	Not Supported
	Thermal Trip	Not Supported
	Voltage ID Control	Not Supported

Virtualization Features:
	Hypervisor	Not Present
	Nested Paging (NPT, RVI)	Not Supported
	Secure Virtual Machine (SVM, Pacifica)	Not Supported
	Virtual Machine Extensions (VMX, Vanderpool)	Supported

CPUID Features:
	1 GB Page Size	Not Supported
	36-bit Page Size Extension	Supported
	Address Region Registers (ARR)	Not Supported
	Core Performance Boost (CPB)	Not Supported
	CPL Qualified Debug Store	Supported
	Debug Trace Store	Supported
	Debugging Extension	Supported
	Direct Cache Access	Not Supported
	Dynamic Acceleration Technology (IDA)	Not Supported
	Fast Save & Restore	Supported
	Hardware Lock Elision (HLE)	Not Supported
	Hyper-Threading Technology (HTT)	Supported, Enabled
	Instruction Based Sampling	Not Supported
	Invariant Time Stamp Counter	Supported
	L1 Context ID	Not Supported
	Lightweight Profiling	Not Supported
	Local APIC On Chip	Supported
	Machine Check Architecture (MCA)	Supported
	Machine Check Exception (MCE)	Supported
	Memory Configuration Registers (MCR)	Not Supported
	Memory Type Range Registers (MTRR)	Supported
	Model Specific Registers (MSR)	Supported
	Page Attribute Table (PAT)	Supported
	Page Global Extension	Supported
	Page Size Extension (PSE)	Supported
	Pending Break Event	Supported
	Physical Address Extension (PAE)	Supported
	Restricted Transactional Memory (RTM)	Not Supported
	Safer Mode Extensions (SMX)	Not Supported
	Self-Snoop	Supported
	Supervisor Mode Access Prevention (SMAP)	Not Supported
	Supervisor Mode Execution Protection (SMEP)	Supported
	Time Stamp Counter (TSC)	Supported
	Turbo Boost	Not Supported
	Virtual Mode Extension	Supported
	Watchdog Timer	Not Supported
	x2APIC	Supported
	XGETBV / XSETBV OS Enabled	Supported
	XSAVE / XRSTOR / XSETBV / XGETBV Extended States	Supported

CPUID Registers (CPU #1):
	CPUID 00000000	0000000D-756E6547-6C65746E-49656E69
	CPUID 00000001	000306A9-00100800-3DBAE3BF-BFEBFBFF
	CPUID 00000002	76035A01-00F0B2FF-00000000-00CA0000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C004121-01C0003F-0000003F-00000000
	CPUID 00000004	1C004122-01C0003F-0000003F-00000000
	CPUID 00000004	1C004143-01C0003F-000001FF-00000000
	CPUID 00000004	1C03C163-02C0003F-00000FFF-00000006
	CPUID 00000005	00000040-00000040-00000003-00021120
	CPUID 00000006	00000075-00000002-00000009-00000000
	CPUID 00000007	00000000-00000281-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07300403-00000000-00000000-00000603
	CPUID 0000000B	00000001-00000002-00000100-00000000
	CPUID 0000000B	00000004-00000004-00000201-00000000
	CPUID 0000000C	00000000-00000000-00000000-00000000
	CPUID 0000000D	00000007-00000340-00000340-00000000
	CPUID 0000000D	00000100-00000240-00000000-00000000
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000001-28100000
	CPUID 80000002	20202020-49202020-6C65746E-20295228
	CPUID 80000003	65726F43-294D5428-2D336920-30313133
	CPUID 80000004	5043204D-20402055-30342E32-007A4847
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-01006040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

CPUID Registers (CPU #2 Virtual):
	CPUID 00000000	0000000D-756E6547-6C65746E-49656E69
	CPUID 00000001	000306A9-01100800-3DBAE3BF-BFEBFBFF
	CPUID 00000002	76035A01-00F0B2FF-00000000-00CA0000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C004121-01C0003F-0000003F-00000000
	CPUID 00000004	1C004122-01C0003F-0000003F-00000000
	CPUID 00000004	1C004143-01C0003F-000001FF-00000000
	CPUID 00000004	1C03C163-02C0003F-00000FFF-00000006
	CPUID 00000005	00000040-00000040-00000003-00021120
	CPUID 00000006	00000075-00000002-00000009-00000000
	CPUID 00000007	00000000-00000281-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07300403-00000000-00000000-00000603
	CPUID 0000000B	00000001-00000002-00000100-00000001
	CPUID 0000000B	00000004-00000004-00000201-00000001
	CPUID 0000000C	00000000-00000000-00000000-00000000
	CPUID 0000000D	00000007-00000340-00000340-00000000
	CPUID 0000000D	00000100-00000240-00000000-00000000
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000001-28100000
	CPUID 80000002	20202020-49202020-6C65746E-20295228
	CPUID 80000003	65726F43-294D5428-2D336920-30313133
	CPUID 80000004	5043204D-20402055-30342E32-007A4847
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-01006040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

CPUID Registers (CPU #3):
	CPUID 00000000	0000000D-756E6547-6C65746E-49656E69
	CPUID 00000001	000306A9-02100800-3DBAE3BF-BFEBFBFF
	CPUID 00000002	76035A01-00F0B2FF-00000000-00CA0000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C004121-01C0003F-0000003F-00000000
	CPUID 00000004	1C004122-01C0003F-0000003F-00000000
	CPUID 00000004	1C004143-01C0003F-000001FF-00000000
	CPUID 00000004	1C03C163-02C0003F-00000FFF-00000006
	CPUID 00000005	00000040-00000040-00000003-00021120
	CPUID 00000006	00000075-00000002-00000009-00000000
	CPUID 00000007	00000000-00000281-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07300403-00000000-00000000-00000603
	CPUID 0000000B	00000001-00000002-00000100-00000002
	CPUID 0000000B	00000004-00000004-00000201-00000002
	CPUID 0000000C	00000000-00000000-00000000-00000000
	CPUID 0000000D	00000007-00000340-00000340-00000000
	CPUID 0000000D	00000100-00000240-00000000-00000000
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000001-28100000
	CPUID 80000002	20202020-49202020-6C65746E-20295228
	CPUID 80000003	65726F43-294D5428-2D336920-30313133
	CPUID 80000004	5043204D-20402055-30342E32-007A4847
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-01006040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

CPUID Registers (CPU #4 Virtual):
	CPUID 00000000	0000000D-756E6547-6C65746E-49656E69
	CPUID 00000001	000306A9-03100800-3DBAE3BF-BFEBFBFF
	CPUID 00000002	76035A01-00F0B2FF-00000000-00CA0000
	CPUID 00000003	00000000-00000000-00000000-00000000
	CPUID 00000004	1C004121-01C0003F-0000003F-00000000
	CPUID 00000004	1C004122-01C0003F-0000003F-00000000
	CPUID 00000004	1C004143-01C0003F-000001FF-00000000
	CPUID 00000004	1C03C163-02C0003F-00000FFF-00000006
	CPUID 00000005	00000040-00000040-00000003-00021120
	CPUID 00000006	00000075-00000002-00000009-00000000
	CPUID 00000007	00000000-00000281-00000000-00000000
	CPUID 00000008	00000000-00000000-00000000-00000000
	CPUID 00000009	00000000-00000000-00000000-00000000
	CPUID 0000000A	07300403-00000000-00000000-00000603
	CPUID 0000000B	00000001-00000002-00000100-00000003
	CPUID 0000000B	00000004-00000004-00000201-00000003
	CPUID 0000000C	00000000-00000000-00000000-00000000
	CPUID 0000000D	00000007-00000340-00000340-00000000
	CPUID 0000000D	00000100-00000240-00000000-00000000
	CPUID 80000000	80000008-00000000-00000000-00000000
	CPUID 80000001	00000000-00000000-00000001-28100000
	CPUID 80000002	20202020-49202020-6C65746E-20295228
	CPUID 80000003	65726F43-294D5428-2D336920-30313133
	CPUID 80000004	5043204D-20402055-30342E32-007A4847
	CPUID 80000005	00000000-00000000-00000000-00000000
	CPUID 80000006	00000000-00000000-01006040-00000000
	CPUID 80000007	00000000-00000000-00000000-00000100
	CPUID 80000008	00003024-00000000-00000000-00000000

Motherboard


Motherboard Properties:
	Motherboard ID	<DMI>
	Motherboard Name	Asus K45A Series Notebook

Motherboard Manufacturer:
	Company Name	ASUSTeK Computer Inc.
	Product Information	http://www.asus.com/Motherboard
	BIOS Download	http://support.asus.com/download/download.aspx?SLanguage=en-us
	Driver Update	http://www.aida64.com/driver-updates
	BIOS Upgrades	http://www.aida64.com/bios-updates

Memory


Physical Memory:
	Total	8071 MB
	Used	1535 MB
	Free	6536 MB
	Utilization	19 %

Swap Space:
	Total	9351 MB
	Used	1590 MB
	Free	7761 MB
	Utilization	17 %

Virtual Memory:
	Total	17423 MB
	Used	3125 MB
	Free	14297 MB
	Utilization	18 %

Paging File:
	Paging File	C:\pagefile.sys
	Current Size	1280 MB
	Current / Peak Usage	29 MB / 29 MB
	Utilization	2 %

Physical Address Extension (PAE):
	Supported by Operating System	Yes
	Supported by CPU	Yes
	Active	Yes

Chipset


[ North Bridge: Intel Ivy Bridge-MB IMC ]

	North Bridge Properties:
		North Bridge	Intel Ivy Bridge-MB IMC
		Intel Platform	Chief River
		Revision	09

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ South Bridge: Intel Panther Point HM76 ]

	South Bridge Properties:
		South Bridge	Intel Panther Point HM76
		Intel Platform	Chief River
		Revision / Stepping	04 / C1
		TDP	4.1 W

	High Definition Audio:
		Codec Name	Realtek ALC269
		Codec ID	10EC0269h / 104310ACh
		Codec Revision	1001h
		Codec Type	Audio

	High Definition Audio:
		Codec Name	Intel Panther Point HDMI
		Codec ID	80862806h / 80860101h
		Codec Revision	1000h
		Codec Type	Audio

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

BIOS


BIOS Properties:
	BIOS Type	Unknown
	System BIOS Date	Unknown
	Video BIOS Date	Unknown

ACPI


[ APIC: Multiple APIC Description Table ]

	ACPI Table Properties:
		ACPI Signature	APIC
		Table Description	Multiple APIC Description Table
		Table Length	114 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	AMI
		Creator Revision	00010013h
		Local APIC Address	FEE00000h

[ DSDT: Differentiated System Description Table ]

	ACPI Table Properties:
		ACPI Signature	DSDT
		Table Description	Differentiated System Description Table
		Table Length	61678 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	00000022h
		Creator ID	INTL
		Creator Revision	20091112h

[ FACP: Fixed ACPI Description Table ]

	ACPI Table Properties:
		ACPI Signature	FACP
		Table Description	Fixed ACPI Description Table
		Table Length	268 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	AMI
		Creator Revision	00010013h
		FACS Address	D9100080h / 00000000-00000000h
		DSDT Address	D8CB3188h / 00000000-D8CB3188h
		SMI Command Port	000000B2h
		PM Timer	00000408h

[ FACS: Firmware ACPI Control Structure ]

	ACPI Table Properties:
		ACPI Signature	FACS
		Table Description	Firmware ACPI Control Structure
		Table Length	64 bytes
		Hardware Signature	00000000h
		Waking Vector	00000000h
		Global Lock	00000000h

[ FPDT: Firmware Performance Data Table ]

	ACPI Table Properties:
		ACPI Signature	FPDT
		Table Description	Firmware Performance Data Table
		Table Length	68 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	AMI
		Creator Revision	00010013h

[ HPET: IA-PC High Precision Event Timer Table ]

	ACPI Table Properties:
		ACPI Signature	HPET
		Table Description	IA-PC High Precision Event Timer Table
		Table Length	56 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	AMI.
		Creator Revision	00000005h
		HPET Address	00000000-FED00000h
		Vendor ID	8086h
		Revision ID	01h
		Number of Timers	8
		Counter Size	64-bit
		Minimum Clock Ticks	14318
		Page Protection	No Guarantee
		OEM Attribute	0h
		LegacyReplacement IRQ Routing	Supported

[ MCFG: Memory Mapped Configuration Space Base Address Description Table ]

	ACPI Table Properties:
		ACPI Signature	MCFG
		Table Description	Memory Mapped Configuration Space Base Address Description Table
		Table Length	60 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	MSFT
		Creator Revision	00000097h
		Config Space Address	00000000-F8000000h
		PCI Segment	0000h
		Start Bus Number	00h
		End Bus Number	3Fh

[ SSDT: Secondary System Description Table ]

	ACPI Table Properties:
		ACPI Signature	SSDT
		Table Description	Secondary System Description Table
		Table Length	1769 bytes
		OEM ID	TrmRef
		OEM Table ID	PtidDevc
		OEM Revision	00001000h
		Creator ID	INTL
		Creator Revision	20091112h

[ XSDT: Extended System Description Table ]

	ACPI Table Properties:
		ACPI Signature	XSDT
		Table Description	Extended System Description Table
		Table Length	116 bytes
		OEM ID	_ASUS_
		OEM Table ID	Notebook
		OEM Revision	01072009h
		Creator ID	AMI
		Creator Revision	00010013h
		XSDT Entry #0	00000000-D8CC2278h
		XSDT Entry #1	00000000-D8CC2388h
		XSDT Entry #2	00000000-D8CC2400h
		XSDT Entry #3	00000000-D8CC2448h
		XSDT Entry #4	00000000-D8CC2488h
		XSDT Entry #5	00000000-D8CC2B78h
		XSDT Entry #6	00000000-D8CC2BB0h
		XSDT Entry #7	00000000-D8CC2EF8h
		XSDT Entry #8	00000000-D8CC37E0h
		XSDT Entry #9	00000000-D8CC4278h

Operating System


Operating System Properties:
	OS Name	Microsoft Windows 8 Professional
	OS Language	English (United States)
	OS Installer Language	English (United States)
	OS Kernel Type	Multiprocessor Free (64-bit)
	OS Version	6.2.9200.16463 (Win8 RTM)
	OS Service Pack	-
	OS Installation Date	18-7-2015
	OS Root	C:\WINDOWS

License Information:
	Registered Owner	truongvanbang@hotmail.com
	Registered Organization
	Product ID	00331-20020-00000-AA543
	Product Key	QJNXR-YD97Q-K7WH4-RYWQ8-6MT6Y
	Product Activation (WPA)	Not Required

Current Session:
	Computer Name	VANBANGIT
	User Name	Truong
	Logon Domain	VANBANGIT
	UpTime	194880 sec (2 days, 6 hours, 8 min, 0 sec)

Components Version:
	Common Controls	6.16
	Windows Mail	10.0.10240.16384 (th1.150709-1700)
	Windows Media Player	12.0.10240.16384 (th1.150709-1700)
	Windows Messenger	-
	MSN Messenger	-
	Internet Information Services (IIS)	-
	.NET Framework	4.6.79.0 built by: NETFXREL2
	Novell Client	-
	DirectX	DirectX 12.0
	OpenGL	10.0.10240.16384 (th1.150709-1700)
	ASPI	-

Operating System Features:
	Debug Version	No
	DBCS Version	No
	Domain Controller	No
	Security Present	No
	Network Present	Yes
	Remote Session	No
	Safe Mode	No
	Slow Processor	No
	Terminal Services	Yes

Processes


Process Name	Process File Name	Type	Used Memory	Used Swap
AAM Updates Notifier.exe	C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe	32-bit	19860 KB	5 KB
aida64.exe	C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe	32-bit	47008 KB	32 KB
AsLdrSrv.exe	C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe	32-bit	2472 KB	1 KB
AsusTPCenter.exe	C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe	64-bit	18472 KB	3 KB
AsusTPHelper.exe	C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe	64-bit	5640 KB	0 KB
AsusTPLoader.exe	C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe	64-bit	11544 KB	2 KB
ATKOSD2.exe	C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe	32-bit	7880 KB	1 KB
audiodg.exe		64-bit	18412 KB	14 KB
CHiLi-Keygen.___www.CD4pro.info.exe	E:\Soft\AIDA64 Extreme Edition 2.80.2300 Final\Keygen.CHiLi1\Keygen.CHiLi1\CHiLi-Keygen.___www.CD4pro.info.exe	32-bit	39792 KB	4 KB
CHiLi-Keygen.exe	C:\Users\Truong\AppData\Local\Temp\RarSFX0\CHiLi-Keygen.exe	32-bit	10200 KB	5 KB
csrss.exe		64-bit	1792 KB	1 KB
csrss.exe		64-bit	7512 KB	2 KB
dasHost.exe	C:\WINDOWS\system32\dashost.exe	64-bit	2812 KB	1 KB
dasHost.exe	C:\WINDOWS\system32\dashost.exe	64-bit	3720 KB	0 KB
dllhost.exe	C:\WINDOWS\system32\DllHost.exe	64-bit	4696 KB	1 KB
DMedia.exe	C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe	32-bit	6436 KB	1 KB
dwm.exe	C:\WINDOWS\System32\dwm.exe	64-bit	35376 KB	25 KB
explorer.exe	C:\WINDOWS\Explorer.EXE	64-bit	73008 KB	31 KB
explorer.exe	C:\WINDOWS\explorer.exe	64-bit	64860 KB	35 KB
GFNEXSrv.exe	C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe	32-bit	992 KB	0 KB
HControl.exe	C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe	32-bit	8492 KB	1 KB
HD-LogRotatorService.exe	C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe	32-bit	3780 KB	11 KB
HD-UpdaterService.exe	C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe	32-bit	7068 KB	18 KB
IDMan.exe	C:\Program Files (x86)\Internet Download Manager\IDMan.exe	32-bit	16948 KB	5 KB
IEMonitor.exe	C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe	32-bit	7296 KB	1 KB
igfxCUIService.exe	C:\WINDOWS\system32\igfxCUIService.exe	64-bit	4544 KB	1 KB
igfxEM.exe	C:\WINDOWS\system32\igfxEM.exe	64-bit	14160 KB	7 KB
igfxHK.exe	C:\WINDOWS\system32\igfxHK.exe	64-bit	10092 KB	5 KB
igfxTray.exe	C:\WINDOWS\system32\igfxTray.exe	64-bit	15544 KB	12 KB
jusched.exe	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	32-bit	5928 KB	1 KB
lsass.exe	C:\WINDOWS\system32\lsass.exe	64-bit	12320 KB	6 KB
mDNSResponder.exe	C:\Program Files (x86)\Bonjour\mDNSResponder.exe	32-bit	3044 KB	1 KB
MpCmdRun.exe	C:\Program Files\Windows Defender\MpCmdRun.exe	64-bit	11252 KB	3 KB
MsMpEng.exe		64-bit	177 MB	154 KB
NisSrv.exe		64-bit	9288 KB	11 KB
OneDrive.exe	C:\Users\Truong\AppData\Local\Microsoft\OneDrive\OneDrive.exe	32-bit	17388 KB	5 KB
PresentationFontCache.exe	C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	64-bit	7216 KB	26 KB
RAVCpl64.exe	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	64-bit	12516 KB	4 KB
RemindersServer.exe	C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe	64-bit	21396 KB	9 KB
RuntimeBroker.exe	C:\Windows\System32\RuntimeBroker.exe	64-bit	32564 KB	10 KB
ScreenCapture.exe	C:\Program Files (x86)\ScreenCaptureTool\ScreenCapture.exe	32-bit	32860 KB	20 KB
SearchFilterHost.exe	C:\WINDOWS\system32\SearchFilterHost.exe	64-bit	6096 KB	1 KB
SearchIndexer.exe	C:\WINDOWS\system32\SearchIndexer.exe	64-bit	25180 KB	25 KB
SearchProtocolHost.exe	C:\WINDOWS\system32\SearchProtocolHost.exe	64-bit	6660 KB	1 KB
SearchProtocolHost.exe	C:\WINDOWS\system32\SearchProtocolHost.exe	64-bit	11524 KB	2 KB
SearchUI.exe	C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe	64-bit	82044 KB	38 KB
services.exe		64-bit	4988 KB	2 KB
ShellExperienceHost.exe	C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe	64-bit	62204 KB	30 KB
sihost.exe	C:\WINDOWS\system32\sihost.exe	64-bit	19536 KB	4 KB
SkypeC2CAutoUpdateSvc.exe	C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe	32-bit	2544 KB	2 KB
SkypeC2CPNRSvc.exe	C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe	32-bit	1896 KB	1 KB
smss.exe		64-bit	520 KB	0 KB
soffice.bin	C:\Program Files (x86)\LibreOffice 5\program\soffice.bin	32-bit	35136 KB	17 KB
soffice.exe	C:\Program Files (x86)\LibreOffice 5\program\soffice.exe	32-bit	6492 KB	1 KB
SpeechRuntime.exe	C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe	64-bit	18136 KB	22 KB
splwow64.exe	C:\WINDOWS\splwow64.exe	64-bit	6164 KB	1 KB
spoolsv.exe	C:\WINDOWS\System32\spoolsv.exe	64-bit	7900 KB	5 KB
sppsvc.exe		64-bit	16620 KB	6 KB
svchost.exe	C:\WINDOWS\system32\svchost.exe	64-bit	15412 KB	8 KB
svchost.exe	C:\WINDOWS\system32\svchost.exe	64-bit	5992 KB	3 KB
svchost.exe	C:\WINDOWS\system32\svchost.exe	64-bit	23820 KB	11 KB
svchost.exe	C:\WINDOWS\System32\svchost.exe	64-bit	34072 KB	27 KB
svchost.exe	C:\WINDOWS\System32\svchost.exe	64-bit	12404 KB	6 KB
svchost.exe	C:\WINDOWS\system32\svchost.exe	64-bit	19432 KB	15 KB
svchost.exe	C:\WINDOWS\System32\svchost.exe	64-bit	15044 KB	7 KB
svchost.exe	C:\WINDOWS\system32\svchost.exe	64-bit	3968 KB	1 KB
svchost.exe	C:\WINDOWS\system32\svchost.exe	64-bit	14632 KB	5 KB
svchost.exe	C:\WINDOWS\system32\svchost.exe	64-bit	11472 KB	14 KB
svchost.exe	C:\WINDOWS\system32\svchost.exe	64-bit	97 MB	77 KB
svchost.exe	C:\WINDOWS\system32\svchost.exe	64-bit	14632 KB	9 KB
svchost.exe	C:\WINDOWS\System32\svchost.exe	64-bit	10852 KB	2 KB
svchost.exe	C:\WINDOWS\system32\svchost.exe	64-bit	7828 KB	5 KB
System Idle Process			4 KB	0 KB
System		64-bit	12412 KB	0 KB
taskeng.exe	C:\WINDOWS\system32\taskeng.exe	64-bit	6056 KB	1 KB
taskhostw.exe	C:\WINDOWS\system32\taskhostw.exe	64-bit	13324 KB	4 KB
taskhostw.exe	C:\WINDOWS\system32\taskhostw.exe	64-bit	18788 KB	9 KB
TeamViewer_Service.exe	C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe	32-bit	6216 KB	5 KB
UniKeyNT.exe	D:\appnotremove\unikey42RC4-140823-win64\UniKeyNT.exe	64-bit	7732 KB	1 KB
wininit.exe		64-bit	2928 KB	1 KB
winlogon.exe	C:\WINDOWS\System32\WinLogon.exe	64-bit	6724 KB	1 KB
WmiPrvSE.exe	C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe	64-bit	8568 KB	3 KB
WmiPrvSE.exe	C:\WINDOWS\system32\wbem\wmiprvse.exe	64-bit	10484 KB	3 KB

System Drivers


Driver Name	Driver Description	File Name	Version	Type	State
1394ohci	1394 OHCI Compliant Host Controller	1394ohci.sys	10.0.10240.16384	Kernel Driver	Stopped
3ware	3ware	3ware.sys	5.1.0.51	Kernel Driver	Stopped
ACPI	Microsoft ACPI Driver	ACPI.sys	10.0.10240.16397	Kernel Driver	Running
acpiex	Microsoft ACPIEx Driver	acpiex.sys	10.0.10240.16384	Kernel Driver	Running
acpipagr	ACPI Processor Aggregator Driver	acpipagr.sys	10.0.10240.16384	Kernel Driver	Stopped
AcpiPmi	ACPI Power Meter Driver	acpipmi.sys	10.0.10240.16384	Kernel Driver	Stopped
acpitime	ACPI Wake Alarm Driver	acpitime.sys	10.0.10240.16384	Kernel Driver	Stopped
ADP80XX	ADP80XX	ADP80XX.SYS	1.3.0.10769	Kernel Driver	Stopped
AFD	Ancillary Function Driver for Winsock	afd.sys	10.0.10240.16384	Kernel Driver	Running
agp440	Intel AGP Bus Filter	agp440.sys	10.0.10240.16384	Kernel Driver	Stopped
ahcache	Application Compatibility Cache	ahcache.sys	10.0.10240.16384	Kernel Driver	Running
AIDA64Driver	FinalWire AIDA64 Kernel Driver	AIDA64Driver.sys		Kernel Driver	Stopped
AmdK8	AMD K8 Processor Driver	amdk8.sys	10.0.10240.16384	Kernel Driver	Stopped
AmdPPM	AMD Processor Driver	amdppm.sys	10.0.10240.16384	Kernel Driver	Stopped
amdsata	amdsata	amdsata.sys	1.1.3.277	Kernel Driver	Stopped
amdsbs	amdsbs	amdsbs.sys	3.7.1540.43	Kernel Driver	Stopped
amdxata	amdxata	amdxata.sys	1.1.3.277	Kernel Driver	Stopped
androidusb	ADB Interface Driver	androidusb.sys	1.0.1.1	Kernel Driver	Stopped
AppID	AppID Driver	appid.sys	10.0.10240.16384	Kernel Driver	Stopped
arcsas	Adaptec SAS/SATA-II RAID Storport's Miniport Driver	arcsas.sys	7.5.0.32048	Kernel Driver	Stopped
ASMMAP64	ASMMAP64	ASMMAP64.sys	1.0.9.1	Kernel Driver	Running
AsyncMac	RAS Asynchronous Media Driver	asyncmac.sys	10.0.10240.16384	Kernel Driver	Stopped
atapi	IDE Channel	atapi.sys	10.0.10240.16384	Kernel Driver	Stopped
athr	Qualcomm Atheros Extensible Wireless LAN device driver	athwbx.sys	10.0.0.260	Kernel Driver	Running
ATKWMIACPIIO	ATKWMIACPI Driver	atkwmiacpi64.sys	1.0.6.1	Kernel Driver	Running
ATP	ASUS Input Device	AsusTP.sys	1.0.0.262	Kernel Driver	Running
b06bdrv	Broadcom NetXtreme II VBD	bxvbda.sys	7.4.14.0	Kernel Driver	Stopped
BasicDisplay	BasicDisplay	BasicDisplay.sys	10.0.10240.16384	Kernel Driver	Running
BasicRender	BasicRender	BasicRender.sys	10.0.10240.16384	Kernel Driver	Running
bcmfn2	bcmfn2 Service	bcmfn2.sys	6.3.9391.6	Kernel Driver	Stopped
Beep	Beep			Kernel Driver	Running
blackberryncm	BlackBerryNCM Service	blackberryncm6_AMD64.sys	1.0.0.26	Kernel Driver	Stopped
bowser	Browser Support Driver	bowser.sys	10.0.10240.16384	File System Driver	Running
BstHdDrv	BlueStacks Hypervisor	HD-Hypervisor-amd64.sys	0.9.30.4239	Kernel Driver	Running
BtFilter	BtFilter	btfilter.sys	8.0.1.242	Kernel Driver	Running
BthAvrcpTg	Bluetooth Audio/Video Remote Control HID	BthAvrcpTg.sys	10.0.10240.16384	Kernel Driver	Running
BthEnum	Bluetooth Enumerator Service	BthEnum.sys	10.0.10240.16384	Kernel Driver	Running
BthHFEnum	Bluetooth Hands-Free Audio and Call Control HID Enumerator	bthhfenum.sys	10.0.10240.16412	Kernel Driver	Stopped
bthhfhid	Bluetooth Hands-Free Call Control HID	BthHFHid.sys	10.0.10240.16384	Kernel Driver	Stopped
BTHMODEM	Bluetooth Serial Communications Driver	bthmodem.sys	10.0.10240.16384	Kernel Driver	Stopped
BthPan	Bluetooth Device (Personal Area Network)	bthpan.sys	10.0.10240.16384	Kernel Driver	Running
BTHPORT	Bluetooth Port Driver	BTHport.sys	10.0.10240.16463	Kernel Driver	Stopped
BTHUSB	Bluetooth Radio USB Driver	BTHUSB.sys	10.0.10240.16384	Kernel Driver	Running
buttonconverter	Service for Portable Device Control devices	buttonconverter.sys	10.0.10240.16384	Kernel Driver	Stopped
CapImg	HID driver for CapImg touch screen	capimg.sys	10.0.10240.16384	Kernel Driver	Stopped
cdfs	CD/DVD File System Reader	cdfs.sys	10.0.10240.16384	File System Driver	Stopped
cdrom	CD-ROM Driver	cdrom.sys	10.0.10240.16384	Kernel Driver	Stopped
circlass	Consumer IR Devices	circlass.sys	10.0.10240.16384	Kernel Driver	Stopped
CLFS	Common Log (CLFS)	CLFS.sys	10.0.10240.16384	Kernel Driver	Running
CmBatt	Microsoft ACPI Control Method Battery Driver	CmBatt.sys	10.0.10240.16384	Kernel Driver	Running
CNG	CNG	cng.sys	10.0.10240.16392	Kernel Driver	Running
cnghwassist	CNG Hardware Assist algorithm provider	cnghwassist.sys	10.0.10240.16384	Kernel Driver	Stopped
CompositeBus	Composite Bus Enumerator Driver	CompositeBus.sys	6.2.10240.16384	Kernel Driver	Running
condrv	Console Driver	condrv.sys	10.0.10240.16384	Kernel Driver	Running
CSC	Offline Files Driver	csc.sys	10.0.10240.16384	Kernel Driver	Running
dam	Desktop Activity Moderator Driver	dam.sys	10.0.10240.16391	Kernel Driver	Stopped
Dfsc	DFS Namespace Client Driver	dfsc.sys	10.0.10240.16384	File System Driver	Running
DHProtect	DHProtect	DHProtectX64.sys	1.3.2.1836	Kernel Driver	Stopped
disk	Disk Driver	disk.sys	10.0.10240.16384	Kernel Driver	Running
dmvsc	dmvsc	dmvsc.sys	10.0.10240.16384	Kernel Driver	Stopped
drmkaud	Microsoft Trusted Audio Drivers	drmkaud.sys	10.0.10240.16384	Kernel Driver	Stopped
DXGKrnl	LDDM Graphics Subsystem	dxgkrnl.sys	10.0.10240.16425	Kernel Driver	Running
ebdrv	QLogic 10 Gigabit Ethernet Adapter VBD	evbda.sys	7.12.2.3	Kernel Driver	Stopped
EhStorClass	Enhanced Storage Filter Driver	EhStorClass.sys	10.0.10240.16384	Kernel Driver	Running
EhStorTcgDrv	Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols	EhStorTcgDrv.sys	10.0.10240.16384	Kernel Driver	Stopped
ErrDev	Microsoft Hardware Error Device Driver	errdev.sys	10.0.10240.16384	Kernel Driver	Stopped
ETD	ASUS Input Device	ETD.sys	11.159.0.0	Kernel Driver	Stopped
exfat	exFAT File System Driver			File System Driver	Stopped
fastfat	FAT12/16/32 File System Driver			File System Driver	Running
fcvsc	fcvsc	fcvsc.sys	10.0.10240.16384	Kernel Driver	Stopped
fdc	Floppy Disk Controller Driver	fdc.sys	10.0.10240.16384	Kernel Driver	Stopped
FileCrypt	FileCrypt	filecrypt.sys	10.0.10240.16384	File System Driver	Running
FileInfo	File Information FS MiniFilter	fileinfo.sys	10.0.10240.16384	File System Driver	Running
Filetrace	Filetrace	filetrace.sys	10.0.10240.16384	File System Driver	Stopped
flpydisk	Floppy Disk Driver	flpydisk.sys	10.0.10240.16384	Kernel Driver	Stopped
FltMgr	FltMgr	fltmgr.sys	10.0.10240.16384	File System Driver	Running
FsDepends	File System Dependency Minifilter	FsDepends.sys	10.0.10240.16384	File System Driver	Stopped
fvevol	BitLocker Drive Encryption Filter Driver	fvevol.sys	10.0.10240.16384	Kernel Driver	Running
gagp30kx	Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms	gagp30kx.sys	10.0.10240.16384	Kernel Driver	Stopped
gencounter	Microsoft Hyper-V Generation Counter	vmgencounter.sys	10.0.10240.16384	Kernel Driver	Stopped
genericusbfn	Generic USB Function Class	genericusbfn.sys	10.0.10240.16384	Kernel Driver	Stopped
GPIOClx0101	Microsoft GPIO Class Extension Driver	msgpioclx.sys	10.0.10240.16384	Kernel Driver	Stopped
GpuEnergyDrv	GPU Energy Driver	gpuenergydrv.sys	10.0.10240.16384	Kernel Driver	Running
HDAudBus	Microsoft UAA Bus Driver for High Definition Audio	HDAudBus.sys	10.0.10240.16384	Kernel Driver	Running
HidBatt	HID UPS Battery Driver	HidBatt.sys	10.0.10240.16384	Kernel Driver	Stopped
HidBth	Microsoft Bluetooth HID Miniport	hidbth.sys	10.0.10240.16384	Kernel Driver	Stopped
hidi2c	Microsoft I2C HID Miniport Driver	hidi2c.sys	10.0.10240.16384	Kernel Driver	Stopped
hidinterrupt	Common Driver for HID Buttons implemented with interrupts	hidinterrupt.sys	10.0.10240.16384	Kernel Driver	Stopped
HidIr	Microsoft Infrared HID Driver	hidir.sys	10.0.10240.16384	Kernel Driver	Stopped
HIDSwitch	ASUS Wireless Radio Control	AsHIDSwitch64.sys	1.0.0.3	Kernel Driver	Running
HidUsb	Microsoft HID Class Driver	hidusb.sys	10.0.10240.16384	Kernel Driver	Running
HpSAMD	HpSAMD	HpSAMD.sys	8.0.4.0	Kernel Driver	Stopped
HTTP	HTTP Service	HTTP.sys	10.0.10240.16384	Kernel Driver	Running
hwpolicy	Hardware Policy Driver	hwpolicy.sys	10.0.10240.16384	Kernel Driver	Stopped
hyperkbd	hyperkbd	hyperkbd.sys	10.0.10240.16384	Kernel Driver	Stopped
HyperVideo	HyperVideo	HyperVideo.sys	10.0.10240.16384	Kernel Driver	Stopped
i8042prt	PS/2 Keyboard and Mouse Port Driver	i8042prt.sys	10.0.10240.16384	Kernel Driver	Running
iaLPSSi_GPIO	Intel(R) Serial IO GPIO Controller Driver	iaLPSSi_GPIO.sys	1.1.250.0	Kernel Driver	Stopped
iaLPSSi_I2C	Intel(R) Serial IO I2C Controller Driver	iaLPSSi_I2C.sys	1.1.250.0	Kernel Driver	Stopped
iaStorAV	Intel(R) SATA RAID Controller Windows	iaStorAV.sys	13.2.0.1022	Kernel Driver	Stopped
iaStorV	Intel RAID Controller Windows 7	iaStorV.sys	8.6.2.1019	Kernel Driver	Stopped
ibbus	Mellanox InfiniBand Bus/AL (Filter Driver)	ibbus.sys	4.91.10726.0	Kernel Driver	Stopped
IDMWFP	IDMWFP	idmwfp.sys	6.23.14.61	Kernel Driver	Running
igfx	igfx	igdkmd64.sys	10.18.10.4252	Kernel Driver	Running
intaud_WaveExtensible	Intel WiDi Audio Device	intelaud.sys	4.5.61.0	Kernel Driver	Stopped
IntcAzAudAddService	Service for Realtek HD Audio (WDM)	RTKVHD64.sys	6.0.1.6657	Kernel Driver	Running
IntcDAud	Intel(R) Display Audio	IntcDAud.sys	6.16.0.3123	Kernel Driver	Running
intelide	intelide	intelide.sys	10.0.10240.16384	Kernel Driver	Stopped
intelpep	Intel(R) Power Engine Plug-in Driver	intelpep.sys	10.0.10240.16384	Kernel Driver	Stopped
intelppm	Intel Processor Driver	intelppm.sys	10.0.10240.16384	Kernel Driver	Running
IoQos	IoQos	ioqos.sys	10.0.10240.16384	File System Driver	Stopped
IpFilterDriver	IP Traffic Filter Driver	ipfltdrv.sys	10.0.10240.16384	Kernel Driver	Stopped
IPMIDRV	IPMIDRV	IPMIDrv.sys	10.0.10240.16384	Kernel Driver	Stopped
IPNAT	IP Network Address Translator	ipnat.sys	10.0.10240.16384	Kernel Driver	Stopped
IRENUM	IR Bus Enumerator	irenum.sys	10.0.10240.16384	Kernel Driver	Stopped
isapnp	isapnp	isapnp.sys	10.0.10240.16384	Kernel Driver	Stopped
iScsiPrt	iScsiPort Driver	msiscsi.sys	10.0.10240.16384	Kernel Driver	Stopped
iwdbus	IWD Bus Enumerator	iwdbus.sys	4.5.61.0	Kernel Driver	Running
kbdclass	Keyboard Class Driver	kbdclass.sys	10.0.10240.16384	Kernel Driver	Running
kbdhid	Keyboard HID Driver	kbdhid.sys	10.0.10240.16384	Kernel Driver	Stopped
kbfiltr	Keyboard Filter	kbfiltr.sys	1.0.0.1	Kernel Driver	Running
kdnic	Microsoft Kernel Debug Network Miniport (NDIS 6.20)	kdnic.sys	6.1.0.0	Kernel Driver	Running
KSecDD	KSecDD	ksecdd.sys	10.0.10240.16384	Kernel Driver	Running
KSecPkg	KSecPkg	ksecpkg.sys	10.0.10240.16384	Kernel Driver	Running
ksthunk	Kernel Streaming Thunks	ksthunk.sys	10.0.10240.16384	Kernel Driver	Running
lltdio	Link-Layer Topology Discovery Mapper I/O Driver	lltdio.sys	10.0.10240.16384	Kernel Driver	Running
LSI_SAS	LSI_SAS	lsi_sas.sys	1.34.3.83	Kernel Driver	Stopped
LSI_SAS2i	LSI_SAS2i	lsi_sas2i.sys	2.0.76.80	Kernel Driver	Stopped
LSI_SAS3i	LSI_SAS3i	lsi_sas3i.sys	2.50.96.80	Kernel Driver	Stopped
LSI_SSS	LSI_SSS	lsi_sss.sys	2.10.61.81	Kernel Driver	Stopped
luafv	UAC File Virtualization	luafv.sys	10.0.10240.16384	File System Driver	Running
megasas	megasas	megasas.sys	6.706.6.0	Kernel Driver	Stopped
megasr	megasr	megasr.sys	15.2.2013.129	Kernel Driver	Stopped
MEIx64	Intel(R) Management Engine Interface	HECIx64.sys	8.1.0.1263	Kernel Driver	Running
mlx4_bus	Mellanox ConnectX Bus Enumerator	mlx4_bus.sys	4.91.10726.0	Kernel Driver	Stopped
MMCSS	Multimedia Class Scheduler	mmcss.sys	10.0.10240.16384	Kernel Driver	Running
Modem	Modem	modem.sys	10.0.10240.16384	Kernel Driver	Stopped
monitor	Microsoft Monitor Class Function Driver Service	monitor.sys	10.0.10240.16384	Kernel Driver	Running
mouclass	Mouse Class Driver	mouclass.sys	10.0.10240.16384	Kernel Driver	Running
mouhid	Mouse HID Driver	mouhid.sys	10.0.10240.16384	Kernel Driver	Running
mountmgr	Mount Point Manager	mountmgr.sys	10.0.10240.16426	Kernel Driver	Running
mpsdrv	Windows Firewall Authorization Driver	mpsdrv.sys	10.0.10240.16384	Kernel Driver	Running
MRxDAV	WebDav Client Redirector Driver	mrxdav.sys	10.0.10240.16384	File System Driver	Stopped
mrxsmb	SMB MiniRedirector Wrapper and Engine	mrxsmb.sys	10.0.10240.16384	File System Driver	Running
mrxsmb10	SMB 1.x MiniRedirector	mrxsmb10.sys	10.0.10240.16384	File System Driver	Running
mrxsmb20	SMB 2.0 MiniRedirector	mrxsmb20.sys	10.0.10240.16384	File System Driver	Running
MsBridge	Microsoft MAC Bridge	bridge.sys	10.0.10240.16384	Kernel Driver	Stopped
Msfs	Msfs			File System Driver	Running
msgpiowin32	Common Driver for Buttons, DockMode and Laptop/Slate Indicator	msgpiowin32.sys	10.0.10240.16425	Kernel Driver	Stopped
mshidkmdf	mshidkmdf	mshidkmdf.sys	10.0.10240.16384	Kernel Driver	Stopped
mshidumdf	Pass-through HID to UMDF Driver	mshidumdf.sys	10.0.10240.16384	Kernel Driver	Stopped
msisadrv	msisadrv	msisadrv.sys	10.0.10240.16384	Kernel Driver	Running
MSKSSRV	Microsoft Streaming Service Proxy	MSKSSRV.sys	10.0.10240.16384	Kernel Driver	Stopped
MsLldp	Microsoft Link-Layer Discovery Protocol	mslldp.sys	10.0.10240.16384	Kernel Driver	Running
MSPCLOCK	Microsoft Streaming Clock Proxy	MSPCLOCK.sys	10.0.10240.16384	Kernel Driver	Stopped
MSPQM	Microsoft Streaming Quality Manager Proxy	MSPQM.sys	10.0.10240.16384	Kernel Driver	Stopped
MsRPC	MsRPC			Kernel Driver	Stopped
mssmbios	Microsoft System Management BIOS Driver	mssmbios.sys	10.0.10240.16384	Kernel Driver	Running
MSTEE	Microsoft Streaming Tee/Sink-to-Sink Converter	MSTEE.sys	10.0.10240.16384	Kernel Driver	Stopped
MTConfig	Microsoft Input Configuration Driver	MTConfig.sys	10.0.10240.16384	Kernel Driver	Stopped
Mup	Mup	mup.sys	10.0.10240.16384	File System Driver	Running
mvumis	mvumis	mvumis.sys	1.0.5.1016	Kernel Driver	Stopped
NativeWifiP	NativeWiFi Filter	nwifi.sys	10.0.10240.16384	Kernel Driver	Running
ndfltr	NetworkDirect Service	ndfltr.sys	4.91.10726.0	Kernel Driver	Stopped
NDIS	NDIS System Driver	ndis.sys	10.0.10240.16394	Kernel Driver	Running
NdisCap	Microsoft NDIS Capture	ndiscap.sys	10.0.10240.16384	Kernel Driver	Stopped
NdisImPlatform	Microsoft Network Adapter Multiplexor Protocol	NdisImPlatform.sys	10.0.10240.16384	Kernel Driver	Stopped
NdisTapi	Remote Access NDIS TAPI Driver	ndistapi.sys	10.0.10240.16384	Kernel Driver	Stopped
Ndisuio	NDIS Usermode I/O Protocol	ndisuio.sys	10.0.10240.16384	Kernel Driver	Running
NdisVirtualBus	Microsoft Virtual Network Adapter Enumerator	NdisVirtualBus.sys	10.0.10240.16384	Kernel Driver	Running
NdisWan	Remote Access NDIS WAN Driver	ndiswan.sys	10.0.10240.16384	Kernel Driver	Stopped
ndiswanlegacy	Remote Access LEGACY NDIS WAN Driver	ndiswan.sys	10.0.10240.16384	Kernel Driver	Stopped
ndproxy	@%SystemRoot%\system32\drivers\todo.sys,-101;NDIS Proxy	NDProxy.sys	10.0.10240.16384	Kernel Driver	Stopped
Ndu	Windows Network Data Usage Monitoring Driver	Ndu.sys	10.0.10240.16384	Kernel Driver	Running
NetBIOS	NetBIOS Interface	netbios.sys	10.0.10240.16384	File System Driver	Running
NetBT	NetBT	netbt.sys	10.0.10240.16384	Kernel Driver	Running
netvsc	netvsc	netvsc.sys	10.0.10240.16384	Kernel Driver	Stopped
Npfs	Npfs			File System Driver	Running
npsvctrig	Named pipe service trigger provider	npsvctrig.sys	10.0.10240.16384	Kernel Driver	Running
nsiproxy	NSI Proxy Service Driver	nsiproxy.sys	10.0.10240.16384	Kernel Driver	Running
NTFS	NTFS			File System Driver	Running
Null	Null			Kernel Driver	Running
nv_agp	NVIDIA nForce AGP Bus Filter	nv_agp.sys	10.0.10240.16384	Kernel Driver	Stopped
nvraid	nvraid	nvraid.sys	10.6.0.23	Kernel Driver	Stopped
nvstor	nvstor	nvstor.sys	10.6.0.23	Kernel Driver	Stopped
Parport	Parallel port driver	parport.sys	10.0.10240.16384	Kernel Driver	Stopped
partmgr	Partition Manager	partmgr.sys	10.0.10240.16384	Kernel Driver	Running
pci	PCI Bus Driver	pci.sys	10.0.10240.16390	Kernel Driver	Running
pciide	pciide	pciide.sys	10.0.10240.16384	Kernel Driver	Stopped
pcmcia	pcmcia	pcmcia.sys	10.0.10240.16384	Kernel Driver	Stopped
pcw	Performance Counters for Windows Driver	pcw.sys	10.0.10240.16384	Kernel Driver	Running
pdc	pdc	pdc.sys	10.0.10240.16384	Kernel Driver	Running
PEAUTH	PEAUTH	peauth.sys	10.0.10240.16384	Kernel Driver	Running
percsas2i	percsas2i	percsas2i.sys	6.803.21.0	Kernel Driver	Stopped
percsas3i	percsas3i	percsas3i.sys	6.602.12.0	Kernel Driver	Stopped
PptpMiniport	WAN Miniport (PPTP)	raspptp.sys	10.0.10240.16384	Kernel Driver	Stopped
Processor	Processor Driver	processr.sys	10.0.10240.16384	Kernel Driver	Stopped
Psched	QoS Packet Scheduler	pacer.sys	10.0.10240.16384	Kernel Driver	Running
PSKTBUS	SK Telecom USB Composite Device Driver (SKY)	PSKTBUS.sys	4.14.1.0	Kernel Driver	Stopped
PSKTOBEX	SK Telecom USB OBEX Device (SKY)	PSKTOBEX.sys	4.14.1.0	Kernel Driver	Stopped
PSKYMDM	SKY Handset Modem Drivers	PSKYMDM.sys	4.14.1.0	Kernel Driver	Stopped
PSKYMDMVSP	SKY Handset MDM Diagnostic Serial Port	PSKYMDMVSP.sys	4.14.1.0	Kernel Driver	Stopped
PSKYMSMVSP	SKY Handset MSM Diagnostic Serial Port	PSKYMSMVSP.sys	4.14.1.0	Kernel Driver	Stopped
QWAVEdrv	QWAVE driver	qwavedrv.sys	10.0.10240.16384	Kernel Driver	Stopped
RasAcd	Remote Access Auto Connection Driver	rasacd.sys	10.0.10240.16384	Kernel Driver	Stopped
RasAgileVpn	WAN Miniport (IKEv2)	AgileVpn.sys	10.0.10240.16384	Kernel Driver	Stopped
Rasl2tp	WAN Miniport (L2TP)	rasl2tp.sys	10.0.10240.16384	Kernel Driver	Stopped
RasPppoe	Remote Access PPPOE Driver	raspppoe.sys	10.0.10240.16384	Kernel Driver	Stopped
RasSstp	WAN Miniport (SSTP)	rassstp.sys	10.0.10240.16384	Kernel Driver	Stopped
rdbss	Redirected Buffering Sub System	rdbss.sys	10.0.10240.16384	File System Driver	Running
rdpbus	Remote Desktop Device Redirector Bus Driver	rdpbus.sys	10.0.10240.16384	Kernel Driver	Running
RDPDR	Remote Desktop Device Redirector Driver	rdpdr.sys	10.0.10240.16384	Kernel Driver	Stopped
RdpVideoMiniport	Remote Desktop Video Miniport Driver	rdpvideominiport.sys	10.0.10240.16384	Kernel Driver	Running
rdyboost	ReadyBoost	rdyboost.sys	10.0.10240.16428	Kernel Driver	Running
ReFSv1	ReFSv1			File System Driver	Stopped
RFCOMM	Bluetooth Device (RFCOMM Protocol TDI)	rfcomm.sys	10.0.10240.16384	Kernel Driver	Running
RimUsb	BlackBerry Smartphone	RimUsb_AMD64.sys		Kernel Driver	Stopped
rimvndis	BlackBerry Virtual Private Network	rimvndis6_AMD64.sys	1.1.0.18	Kernel Driver	Stopped
RimVSerPort	RIM Virtual Serial Port v2	RimSerial_AMD64.sys	2.3.0.11	Kernel Driver	Stopped
rspndr	Link-Layer Topology Discovery Responder	rspndr.sys	10.0.10240.16384	Kernel Driver	Running
rt640x64	Realtek RT640 NT Driver	rt640x64.sys	9.1.401.2015	Kernel Driver	Running
RTSUER	Realtek USB Card Reader - UER	RtsUer.sys	10.0.10125.31214	Kernel Driver	Running
s3cap	s3cap	vms3cap.sys	10.0.10240.16384	Kernel Driver	Stopped
sbp2port	SBP-2 Transport/Protocol Bus Driver	sbp2port.sys	10.0.10240.16384	Kernel Driver	Stopped
SCDEmu	SCDEmu			Kernel Driver	Running
scfilter	Smart card PnP Class Filter Driver	scfilter.sys	10.0.10240.16384	Kernel Driver	Stopped
sdbus	sdbus	sdbus.sys	10.0.10240.16384	Kernel Driver	Stopped
sdstor	SD Storage Port Driver	sdstor.sys	10.0.10240.16384	Kernel Driver	Stopped
SerCx	Serial UART Support Library	SerCx.sys	10.0.10240.16384	Kernel Driver	Stopped
SerCx2	Serial UART Support Library	SerCx2.sys	10.0.10240.16384	Kernel Driver	Stopped
Serenum	Serenum Filter Driver	serenum.sys	10.0.10240.16384	Kernel Driver	Stopped
Serial	Serial port driver	serial.sys	10.0.10240.16384	Kernel Driver	Stopped
sermouse	Serial Mouse Driver	sermouse.sys	10.0.10240.16384	Kernel Driver	Stopped
sfloppy	High-Capacity Floppy Disk Drive	sfloppy.sys	10.0.10240.16384	Kernel Driver	Stopped
SiSRaid2	SiSRaid2	SiSRaid2.sys	5.1.1039.2600	Kernel Driver	Stopped
SiSRaid4	SiSRaid4	sisraid4.sys	5.1.1039.3600	Kernel Driver	Stopped
SmbDrvI	SmbDrvI	Smb_driver_Intel.sys	19.0.9.5	Kernel Driver	Running
spaceport	Storage Spaces Driver	spaceport.sys	10.0.10240.16384	Kernel Driver	Running
SpbCx	Simple Peripheral Bus Support Library	SpbCx.sys	10.0.10240.16384	Kernel Driver	Stopped
srv	Server SMB 1.xxx Driver	srv.sys	10.0.10240.16384	File System Driver	Running
srv2	Server SMB 2.xxx Driver	srv2.sys	10.0.10240.16384	File System Driver	Running
srvnet	srvnet	srvnet.sys	10.0.10240.16384	File System Driver	Running
stexstor	stexstor	stexstor.sys	5.1.0.10	Kernel Driver	Stopped
storahci	Microsoft Standard SATA AHCI Driver	storahci.sys	10.0.10240.16384	Kernel Driver	Running
storflt	Microsoft Hyper-V Storage Accelerator	vmstorfl.sys	10.0.10240.16384	Kernel Driver	Stopped
stornvme	Microsoft Standard NVM Express Driver	stornvme.sys	10.0.10240.16431	Kernel Driver	Stopped
storqosflt	Storage QoS Filter Driver	storqosflt.sys	10.0.10240.16384	File System Driver	Running
storufs	Microsoft Universal Flash Storage (UFS) Driver	storufs.sys	10.0.10240.16384	Kernel Driver	Stopped
storvsc	storvsc	storvsc.sys	10.0.10240.16384	Kernel Driver	Stopped
swenum	Software Bus Driver	swenum.sys	6.2.10240.16384	Kernel Driver	Running
Synth3dVsc	Synth3dVsc	Synth3dVsc.sys	10.0.10240.16384	Kernel Driver	Stopped
Tcpip	TCP/IP Protocol Driver	tcpip.sys	10.0.10240.16384	Kernel Driver	Running
Tcpip6	@todo.dll,-100;Microsoft IPv6 Protocol Driver	tcpip.sys	10.0.10240.16384	Kernel Driver	Stopped
tcpipreg	TCP/IP Registry Compatibility	tcpipreg.sys	10.0.10240.16384	Kernel Driver	Running
tdx	NetIO Legacy TDI Support Driver	tdx.sys	10.0.10240.16384	Kernel Driver	Running
terminpt	Microsoft Remote Desktop Input Driver	terminpt.sys	10.0.10240.16384	Kernel Driver	Stopped
TPM	TPM	tpm.sys	10.0.10240.16384	Kernel Driver	Stopped
TsUsbFlt	Remote Desktop USB Hub Class Filter Driver	TsUsbFlt.sys	10.0.10240.16384	Kernel Driver	Stopped
TsUsbGD	Remote Desktop Generic USB Device	TsUsbGD.sys	10.0.10240.16384	Kernel Driver	Stopped
tunnel	Microsoft Tunnel Miniport Adapter Driver	tunnel.sys	10.0.10240.16412	Kernel Driver	Running
uagp35	Microsoft AGPv3.5 Filter	uagp35.sys	10.0.10240.16384	Kernel Driver	Stopped
UASPStor	USB Attached SCSI (UAS) Driver	uaspstor.sys	10.0.10240.16384	Kernel Driver	Stopped
UcmCx0101	USB Connector Manager KMDF Class Extension	UcmCx.sys	10.0.10240.16384	Kernel Driver	Stopped
UcmUcsi	USB Connector Manager UCSI Client	UcmUcsi.sys	10.0.10240.16389	Kernel Driver	Stopped
Ucx01000	USB Host Support Library	ucx01000.sys	10.0.10240.16384	Kernel Driver	Running
UdeCx	USB Device Emulation Support Library	udecx.sys		Kernel Driver	Stopped
udfs	udfs	udfs.sys	10.0.10240.16384	File System Driver	Stopped
UEFI	Microsoft UEFI Driver	UEFI.sys	10.0.10240.16384	Kernel Driver	Stopped
Ufx01000	USB Function Class Extension	ufx01000.sys	10.0.10240.16384	Kernel Driver	Stopped
UfxChipidea	USB Chipidea Controller	UfxChipidea.sys	10.0.10240.16384	Kernel Driver	Stopped
ufxsynopsys	USB Synopsys Controller	ufxsynopsys.sys	10.0.10240.16384	Kernel Driver	Stopped
uliagpkx	Uli AGP Bus Filter	uliagpkx.sys	10.0.10240.16384	Kernel Driver	Stopped
umbus	UMBus Enumerator Driver	umbus.sys	10.0.10240.16384	Kernel Driver	Running
UmPass	Microsoft UMPass Driver	umpass.sys	10.0.10240.16384	Kernel Driver	Stopped
UrsChipidea	Chipidea USB Role-Switch Driver	urschipidea.sys	10.0.10240.16384	Kernel Driver	Stopped
UrsCx01000	USB Role-Switch Support Library	urscx01000.sys	10.0.10240.16384	Kernel Driver	Stopped
UrsSynopsys	Synopsys USB Role-Switch Driver	urssynopsys.sys	10.0.10240.16384	Kernel Driver	Stopped
usbccgp	Microsoft USB Generic Parent Driver	usbccgp.sys	10.0.10240.16384	Kernel Driver	Running
usbcir	eHome Infrared Receiver (USBCIR)	usbcir.sys	10.0.10240.16384	Kernel Driver	Stopped
usbehci	Microsoft USB 2.0 Enhanced Host Controller Miniport Driver	usbehci.sys	10.0.10240.16384	Kernel Driver	Running
usbhub	Microsoft USB Standard Hub Driver	usbhub.sys	10.0.10240.16401	Kernel Driver	Running
USBHUB3	SuperSpeed Hub	UsbHub3.sys	10.0.10240.16425	Kernel Driver	Running
usbohci	Microsoft USB Open Host Controller Miniport Driver	usbohci.sys	10.0.10240.16384	Kernel Driver	Stopped
usbprint	Microsoft USB PRINTER Class	usbprint.sys	10.0.10240.16384	Kernel Driver	Stopped
usbser	Microsoft USB Serial Driver	usbser.sys	10.0.10240.16401	Kernel Driver	Stopped
USBSTOR	USB Mass Storage Driver	USBSTOR.SYS	10.0.10240.16384	Kernel Driver	Stopped
usbuhci	Microsoft USB Universal Host Controller Miniport Driver	usbuhci.sys	10.0.10240.16384	Kernel Driver	Stopped
usbvideo	USB Video Device (WDM)	usbvideo.sys	10.0.10240.16384	Kernel Driver	Running
USBXHCI	USB xHCI Compliant Host Controller	USBXHCI.SYS	10.0.10240.16461	Kernel Driver	Running
VBoxDrv	VirtualBox Service	VBoxDrv.sys	5.0.0.1573	Kernel Driver	Running
VBoxNetAdp	VirtualBox NDIS 6.0 Miniport Service	VBoxNetAdp6.sys	5.0.0.1573	Kernel Driver	Stopped
VBoxNetLwf	VirtualBox NDIS6 Bridged Networking Service	VBoxNetLwf.sys	5.0.0.1573	Kernel Driver	Running
VBoxUSBMon	VirtualBox USB Monitor Driver	VBoxUSBMon.sys	5.0.0.1573	Kernel Driver	Running
vdrvroot	Microsoft Virtual Drive Enumerator	vdrvroot.sys	10.0.10240.16384	Kernel Driver	Running
VerifierExt	VerifierExt	VerifierExt.sys	10.0.10240.16384	Kernel Driver	Stopped
vhdmp	vhdmp	vhdmp.sys	10.0.10240.16384	Kernel Driver	Stopped
vhf	Virtual HID Framework (VHF) Driver	vhf.sys	10.0.10240.16384	Kernel Driver	Stopped
vmbus	Virtual Machine Bus	vmbus.sys	10.0.10240.16384	Kernel Driver	Stopped
VMBusHID	VMBusHID	VMBusHID.sys	10.0.10240.16384	Kernel Driver	Stopped
volmgr	Volume Manager Driver	volmgr.sys	10.0.10240.16384	Kernel Driver	Running
volmgrx	Dynamic Volume Manager	volmgrx.sys	10.0.10240.16384	Kernel Driver	Running
volsnap	Storage volumes	volsnap.sys	10.0.10240.16384	Kernel Driver	Running
vpci	Microsoft Hyper-V Virtual PCI Bus	vpci.sys	10.0.10240.16384	Kernel Driver	Stopped
vsmraid	vsmraid	vsmraid.sys	7.0.9600.6352	Kernel Driver	Stopped
VSTXRAID	VIA StorX Storage RAID Controller Windows Driver	vstxraid.sys	8.0.9200.8110	Kernel Driver	Stopped
vwifibus	Virtual WiFi Bus Driver	vwifibus.sys	10.0.10240.16384	Kernel Driver	Running
vwififlt	Virtual WiFi Filter Driver	vwififlt.sys	10.0.10240.16384	Kernel Driver	Running
vwifimp	Virtual WiFi Miniport Service	vwifimp.sys	10.0.10240.16384	Kernel Driver	Running
WacomPen	Wacom Serial Pen HID Driver	wacompen.sys	10.0.10240.16384	Kernel Driver	Stopped
wanarp	Remote Access IP ARP Driver	wanarp.sys	10.0.10240.16384	Kernel Driver	Stopped
wanarpv6	Remote Access IPv6 ARP Driver	wanarp.sys	10.0.10240.16384	Kernel Driver	Stopped
WdBoot	Windows Defender Boot Driver	WdBoot.sys	4.8.10240.16384	Kernel Driver	Stopped
WDC_SAM	WD SCSI Pass Thru driver	wdcsam64.sys	1.0.7.2	Kernel Driver	Stopped
Wdf01000	Kernel Mode Driver Frameworks service	Wdf01000.sys	1.15.10240.16384	Kernel Driver	Running
WdFilter	Windows Defender Mini-Filter Driver	WdFilter.sys	4.8.10240.16384	File System Driver	Running
wdiwifi	WDI Driver Framework	wdiwifi.sys	10.0.10240.16428	Kernel Driver	Stopped
WdNisDrv	Windows Defender Network Inspection System Driver	WdNisDrv.sys	4.8.10240.16384	Kernel Driver	Running
wfpcapture	Microsoft WFP Message Capture	wfpcapture.sys		Kernel Driver	Stopped
WFPLWFS	Microsoft Windows Filtering Platform	wfplwfs.sys	10.0.10240.16384	Kernel Driver	Running
WIMMount	WIMMount	wimmount.sys	10.0.10240.16384	File System Driver	Stopped
WindowsTrustedRT	Windows Trusted Execution Environment Class Extension	WindowsTrustedRT.sys	10.0.10240.16384	Kernel Driver	Running
WindowsTrustedRTProxy	Microsoft Windows Trusted Runtime Secure Service	WindowsTrustedRTProxy.sys	10.0.10240.16384	Kernel Driver	Running
WinMad	WinMad Service	winmad.sys	4.91.10726.0	Kernel Driver	Stopped
WINUSB	WinUsb Driver	WinUsb.sys	10.0.10240.16384	Kernel Driver	Stopped
WinVerbs	WinVerbs Service	winverbs.sys	4.91.10726.0	Kernel Driver	Stopped
WmiAcpi	Microsoft Windows Management Interface for ACPI	wmiacpi.sys	10.0.10240.16384	Kernel Driver	Running
Wof	Windows Overlay File System Filter Driver			File System Driver	Running
wpcfltr	Family Safety Filter Driver	wpcfltr.sys	10.0.10240.16425	Kernel Driver	Stopped
WpdUpFltr	WPD Upper Class Filter Driver	WpdUpFltr.sys	10.0.10240.16384	Kernel Driver	Stopped
ws2ifsl	Winsock IFS Driver	ws2ifsl.sys	10.0.10240.16384	Kernel Driver	Stopped
WudfPf	User Mode Driver Frameworks Platform Driver	WudfPf.sys	10.0.10240.16384	Kernel Driver	Running
WUDFRd	Windows Driver Foundation - User-mode Driver Framework Reflector	WUDFRd.sys	10.0.10240.16384	Kernel Driver	Stopped
WUDFWpdFs	WUDFWpdFs	WUDFRd.sys	10.0.10240.16384	Kernel Driver	Stopped
WUDFWpdMtp	WUDFWpdMtp	WUDFRd.sys	10.0.10240.16384	Kernel Driver	Stopped
xboxgip	Xbox Game Input Protocol Driver	xboxgip.sys	10.0.10240.16384	Kernel Driver	Stopped
xinputhid	XINPUT HID Filter Driver	xinputhid.sys	10.0.10240.16384	Kernel Driver	Stopped

Services


Service Name	Service Description	File Name	Version	Type	State	Account
AJRouter	AllJoyn Router Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
ALG	Application Layer Gateway Service	alg.exe	10.0.10240.16384	Own Process	Stopped	NT AUTHORITY\LocalService
AppIDSvc	Application Identity	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT Authority\LocalService
Appinfo	Application Information	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
AppMgmt	Application Management	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
AppReadiness	App Readiness	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
AppXSvc	AppX Deployment Service (AppXSVC)	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
ASLDRService	ASLDR Service	AsLdrSrv.exe	1.0.81.2	Own Process	Running	LocalSystem
ATKGFNEXSrv	ATKGFNEX Service	GFNEXSrv.exe	1.0.11.1	Own Process	Running	LocalSystem
AudioEndpointBuilder	Windows Audio Endpoint Builder	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
Audiosrv	Windows Audio	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
AxInstSV	ActiveX Installer (AxInstSV)	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
BDESVC	BitLocker Drive Encryption Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	localSystem
BFE	Base Filtering Engine	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
BITS	Background Intelligent Transfer Service	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
Bonjour Service	Bonjour Service	mDNSResponder.exe	1.0.6.2	Own Process	Running	LocalSystem
BrokerInfrastructure	Background Tasks Infrastructure Service	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
Browser	Computer Browser	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
BstHdAndroidSvc	BlueStacks Android Service	HD-Service.exe	0.9.30.4239	Own Process	Stopped	LocalSystem
BstHdLogRotatorSvc	BlueStacks Log Rotator Service	HD-LogRotatorService.exe	0.9.30.4239	Own Process	Running	LocalSystem
BstHdUpdaterSvc	BlueStacks Updater Service;gadgetDataDir=C:\ProgramData\BlueStacks\UserData\Gadget"	HD-UpdaterService.exe	0.9.30.9239	Own Process	Running	LocalSystem
BthHFSrv	Bluetooth Handsfree Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
bthserv	Bluetooth Support Service	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
c2cautoupdatesvc	Skype Click to Call Updater	SkypeC2CAutoUpdateSvc.exe	7.4.0.9058	Own Process	Running	LocalSystem
c2cpnrsvc	Skype Click to Call PNR Service	SkypeC2CPNRSvc.exe	7.4.0.9058	Own Process	Running	NT AUTHORITY\NetworkService
CDPSvc	CDPSvc	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
CertPropSvc	Certificate Propagation	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
ClipSVC	Client License Service (ClipSVC)	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
COMSysApp	COM+ System Application	dllhost.exe	6.2.10240.16384	Own Process	Stopped	LocalSystem
CoreMessagingRegistrar	CoreMessaging	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
cphs	Intel(R) Content Protection HECI Service	IntelCpHeciSvc.exe	9.0.20.9000	Own Process	Stopped	LocalSystem
CryptSvc	Cryptographic Services	svchost.exe	6.2.10240.16384	Share Process	Running	NT Authority\NetworkService
CscService	Offline Files	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
DcomLaunch	DCOM Server Process Launcher	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
DcpSvc	DataCollectionPublishingService	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
defragsvc	Optimize drives	svchost.exe	6.2.10240.16384	Own Process	Stopped	localSystem
DeviceAssociationService	Device Association Service	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
DeviceInstall	Device Install Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
DevQueryBroker	DevQuery Background Discovery Broker	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
Dhcp	DHCP Client	svchost.exe	6.2.10240.16384	Share Process	Running	NT Authority\LocalService
diagnosticshub.standardcollector.service	Microsoft (R) Diagnostics Hub Standard Collector Service	DiagnosticsHub.StandardCollector.Service.exe	11.0.10240.16384	Own Process	Stopped	LocalSystem
DiagTrack	Diagnostics Tracking Service	svchost.exe	6.2.10240.16384	Own Process	Running	LocalSystem
DmEnrollmentSvc	Device Management Enrollment Service	svchost.exe	6.2.10240.16384	Own Process	Stopped	LocalSystem
dmwappushservice	dmwappushsvc	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
Dnscache	DNS Client	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\NetworkService
DoSvc	Delivery Optimization	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
dot3svc	Wired AutoConfig	svchost.exe	6.2.10240.16384	Share Process	Stopped	localSystem
DPS	Diagnostic Policy Service	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
DsmSvc	Device Setup Manager	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
DsSvc	Data Sharing Service	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
Eaphost	Extensible Authentication Protocol	svchost.exe	6.2.10240.16384	Share Process	Stopped	localSystem
EFS	Encrypting File System (EFS)	lsass.exe	10.0.10240.16384	Share Process	Running	LocalSystem
embeddedmode	embeddedmode	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
EntAppSvc	Enterprise App Management Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
EventLog	Windows Event Log	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
EventSystem	COM+ Event System	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
Fax	Fax	fxssvc.exe	10.0.10240.16384	Own Process	Stopped	NT AUTHORITY\NetworkService
fdPHost	Function Discovery Provider Host	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
FDResPub	Function Discovery Resource Publication	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
fhsvc	File History Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
FontCache	Windows Font Cache Service	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
FontCache3.0.0.0	Windows Presentation Foundation Font Cache 3.0.0.0	PresentationFontCache.exe	3.0.6920.8674	Own Process	Running	NT Authority\LocalService
gpsvc	Group Policy Client	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
gupdate	Google Update Service (gupdate)	GoogleUpdate.exe	1.3.26.9	Own Process	Stopped	LocalSystem
gupdatem	Google Update Service (gupdatem)	GoogleUpdate.exe	1.3.26.9	Own Process	Stopped	LocalSystem
hidserv	Human Interface Device Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
HomeGroupListener	HomeGroup Listener	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
HomeGroupProvider	HomeGroup Provider	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
ICCS	Intel(R) Integrated Clock Controller Service - Intel(R) ICCS	ICCProxy.exe	1.0.0.1	Own Process	Stopped	LocalSystem
icssvc	Windows Mobile Hotspot Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT Authority\LocalService
IEEtwCollectorService	Internet Explorer ETW Collector Service	IEEtwCollector.exe	11.0.10240.16384	Own Process	Stopped	LocalSystem
igfxCUIService1.0.0.0	Intel(R) HD Graphics Control Panel Service	igfxCUIService.exe	6.15.10.4252	Own Process	Running	LocalSystem
IKEEXT	IKE and AuthIP IPsec Keying Modules	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
iphlpsvc	IP Helper	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
KeyIso	CNG Key Isolation	lsass.exe	10.0.10240.16384	Share Process	Running	LocalSystem
KtmRm	KtmRm for Distributed Transaction Coordinator	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\NetworkService
LanmanServer	Server	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
LanmanWorkstation	Workstation	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\NetworkService
lfsvc	Geolocation Service	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
LicenseManager	Windows License Manager Service	svchost.exe	6.2.10240.16384	Share Process	Running	NT Authority\LocalService
lltdsvc	Link-Layer Topology Discovery Mapper	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
lmhosts	TCP/IP NetBIOS Helper	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
LSM	Local Session Manager	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
MapsBroker	Downloaded Maps Manager	svchost.exe	6.2.10240.16384	Own Process	Stopped	NT AUTHORITY\NetworkService
MozillaMaintenance	Mozilla Maintenance Service	maintenanceservice.exe	40.0.0.5697	Own Process	Stopped	LocalSystem
MpsSvc	Windows Firewall	svchost.exe	6.2.10240.16384	Share Process	Running	NT Authority\LocalService
MSDTC	Distributed Transaction Coordinator	msdtc.exe	2001.12.10941.16384	Own Process	Stopped	NT AUTHORITY\NetworkService
MSiSCSI	Microsoft iSCSI Initiator Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
msiserver	Windows Installer	msiexec.exe	5.0.10240.16386	Own Process	Stopped	LocalSystem
NcaSvc	Network Connectivity Assistant	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
NcbService	Network Connection Broker	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
NcdAutoSetup	Network Connected Devices Auto-Setup	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
Netlogon	Netlogon	lsass.exe	10.0.10240.16384	Share Process	Stopped	LocalSystem
Netman	Network Connections	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
netprofm	Network List Service	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
NetSetupSvc	Network Setup Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
NetTcpPortSharing	Net.Tcp Port Sharing Service	SMSvcHost.exe	4.6.79.0	Share Process	Stopped	NT AUTHORITY\LocalService
NgcCtnrSvc	Microsoft Passport Container	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
NgcSvc	Microsoft Passport	lsass.exe	10.0.10240.16384	Share Process	Running	LocalSystem
NlaSvc	Network Location Awareness	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\NetworkService
nsi	Network Store Interface Service	svchost.exe	6.2.10240.16384	Share Process	Running	NT Authority\LocalService
p2pimsvc	Peer Networking Identity Manager	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
p2psvc	Peer Networking Grouping	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
PcaSvc	Program Compatibility Assistant Service	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
PeerDistSvc	BranchCache	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\NetworkService
PerfHost	Performance Counter DLL Host	perfhost.exe	6.2.10240.16384	Own Process	Stopped	NT AUTHORITY\LocalService
pla	Performance Logs & Alerts	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
PlugPlay	Plug and Play	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
PNRPAutoReg	PNRP Machine Name Publication Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
PNRPsvc	Peer Name Resolution Protocol	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
PolicyAgent	IPsec Policy Agent	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT Authority\NetworkService
Power	Power	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
PrintNotify	Printer Extensions and Notifications	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
ProfSvc	User Profile Service	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
QWAVE	Quality Windows Audio Video Experience	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
RasAuto	Remote Access Auto Connection Manager	svchost.exe	6.2.10240.16384	Share Process	Stopped	localSystem
RasMan	Remote Access Connection Manager	svchost.exe	6.2.10240.16384	Share Process	Stopped	localSystem
RemoteAccess	Routing and Remote Access	svchost.exe	6.2.10240.16384	Share Process	Stopped	localSystem
RemoteRegistry	Remote Registry	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
RetailDemo	Retail Demo Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
RpcEptMapper	RPC Endpoint Mapper	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\NetworkService
RpcLocator	Remote Procedure Call (RPC) Locator	locator.exe	10.0.10240.16384	Own Process	Stopped	NT AUTHORITY\NetworkService
RpcSs	Remote Procedure Call (RPC)	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\NetworkService
SamSs	Security Accounts Manager	lsass.exe	10.0.10240.16384	Share Process	Running	LocalSystem
SCardSvr	Smart Card	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
ScDeviceEnum	Smart Card Device Enumeration Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
Schedule	Task Scheduler	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
SCPolicySvc	Smart Card Removal Policy	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
SDRSVC	Windows Backup	svchost.exe	6.2.10240.16384	Own Process	Stopped	localSystem
seclogon	Secondary Logon	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
SENS	System Event Notification Service	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
SensorDataService	Sensor Data Service	SensorDataService.exe	10.0.10240.16387	Own Process	Stopped	LocalSystem
SensorService	Sensor Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
SensrSvc	Sensor Monitoring Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
SessionEnv	Remote Desktop Configuration	svchost.exe	6.2.10240.16384	Share Process	Stopped	localSystem
SharedAccess	Internet Connection Sharing (ICS)	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
ShellHWDetection	Shell Hardware Detection	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
SkypeUpdate	Skype Updater	Updater.exe	7.0.0.415	Own Process	Stopped	LocalSystem
smphost	Microsoft Storage Spaces SMP	svchost.exe	6.2.10240.16384	Own Process	Running	NT AUTHORITY\NetworkService
SmsRouter	Microsoft Windows SMS Router Service.	svchost.exe	6.2.10240.16384	Share Process	Stopped	localSystem
SNMPTRAP	SNMP Trap	snmptrap.exe	10.0.10240.16384	Own Process	Stopped	NT AUTHORITY\LocalService
Spooler	Print Spooler	spoolsv.exe	10.0.10240.16384	Own Process	Running	LocalSystem
sppsvc	Software Protection	sppsvc.exe	10.0.10240.16384	Own Process	Running	NT AUTHORITY\NetworkService
SSDPSRV	SSDP Discovery	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
SstpSvc	Secure Socket Tunneling Protocol Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT Authority\LocalService
StateRepository	State Repository Service	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
Steam Client Service	Steam Client Service	SteamService.exe	2.92.69.85	Own Process	Stopped	LocalSystem
stisvc	Windows Image Acquisition (WIA)	svchost.exe	6.2.10240.16384	Own Process	Running	NT Authority\LocalService
StorSvc	Storage Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
svsvc	Spot Verifier	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
swprv	Microsoft Software Shadow Copy Provider	svchost.exe	6.2.10240.16384	Own Process	Stopped	LocalSystem
SysMain	Superfetch	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
SystemEventsBroker	System Events Broker	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
TabletInputService	Touch Keyboard and Handwriting Panel Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
TapiSrv	Telephony	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\NetworkService
TeamViewer	TeamViewer 10	TeamViewer_Service.exe	10.0.43879.0	Own Process	Running	LocalSystem
TermService	Remote Desktop Services	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT Authority\NetworkService
Themes	Themes	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
tiledatamodelsvc	Tile Data model server	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
TimeBroker	Time Broker	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
TrkWks	Distributed Link Tracking Client	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
TrustedInstaller	Windows Modules Installer	TrustedInstaller.exe	6.2.10240.16384	Own Process	Stopped	localSystem
UI0Detect	Interactive Services Detection	UI0Detect.exe	10.0.10240.16384	Own Process	Stopped	LocalSystem
UmRdpService	Remote Desktop Services UserMode Port Redirector	svchost.exe	6.2.10240.16384	Share Process	Stopped	localSystem
upnphost	UPnP Device Host	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
UserManager	User Manager	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
UsoSvc	Update Orchestrator Service	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
VaultSvc	Credential Manager	lsass.exe	10.0.10240.16384	Share Process	Running	LocalSystem
vds	Virtual Disk	vds.exe	10.0.10240.16384	Own Process	Stopped	LocalSystem
vmicguestinterface	Hyper-V Guest Service Interface	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
vmicheartbeat	Hyper-V Heartbeat Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
vmickvpexchange	Hyper-V Data Exchange Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
vmicrdv	Hyper-V Remote Desktop Virtualization Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
vmicshutdown	Hyper-V Guest Shutdown Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
vmictimesync	Hyper-V Time Synchronization Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
vmicvmsession	Hyper-V VM Session Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
vmicvss	Hyper-V Volume Shadow Copy Requestor	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
VSS	Volume Shadow Copy	vssvc.exe	10.0.10240.16384	Own Process	Stopped	LocalSystem
W32Time	Windows Time	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
WalletService	WalletService	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
wampapache64	wampapache64	httpd.exe	2.4.9.0	Own Process	Stopped	LocalSystem
wampmysqld64	wampmysqld64	mysqld.exe	5.6.17.0	Own Process	Stopped	LocalSystem
wbengine	Block Level Backup Engine Service	wbengine.exe	10.0.10240.16384	Own Process	Stopped	localSystem
WbioSrvc	Windows Biometric Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
Wcmsvc	Windows Connection Manager	svchost.exe	6.2.10240.16384	Share Process	Running	NT Authority\LocalService
wcncsvc	Windows Connect Now - Config Registrar	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
WcsPlugInService	Windows Color System	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
WdiServiceHost	Diagnostic Service Host	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
WdiSystemHost	Diagnostic System Host	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
WdNisSvc	Windows Defender Network Inspection Service	NisSrv.exe		Own Process	Running	NT AUTHORITY\LocalService
WebClient	WebClient	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
Wecsvc	Windows Event Collector	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\NetworkService
WEPHOSTSVC	Windows Encryption Provider Host Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
wercplsupport	Problem Reports and Solutions Control Panel Support	svchost.exe	6.2.10240.16384	Share Process	Stopped	localSystem
WerSvc	Windows Error Reporting Service	svchost.exe	6.2.10240.16384	Own Process	Stopped	localSystem
WiaRpc	Still Image Acquisition Events	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
WinDefend	Windows Defender Service	MsMpEng.exe		Own Process	Running	LocalSystem
WinHttpAutoProxySvc	WinHTTP Web Proxy Auto-Discovery Service	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
Winmgmt	Windows Management Instrumentation	svchost.exe	6.2.10240.16384	Share Process	Running	localSystem
WinRM	Windows Remote Management (WS-Management)	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\NetworkService
WlanSvc	WLAN AutoConfig	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
wlidsvc	Microsoft Account Sign-in Assistant	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
wmiApSrv	WMI Performance Adapter	WmiApSrv.exe	10.0.10240.16384	Own Process	Stopped	localSystem
WMPNetworkSvc	Windows Media Player Network Sharing Service	wmpnetwk.exe		Own Process	Stopped	NT AUTHORITY\NetworkService
workfolderssvc	Work Folders	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT AUTHORITY\LocalService
WPDBusEnum	Portable Device Enumerator Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
WpnService	Windows Push Notifications Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
wscsvc	Security Center	svchost.exe	6.2.10240.16384	Share Process	Running	NT AUTHORITY\LocalService
WSearch	Windows Search	SearchIndexer.exe	7.0.10240.16392	Own Process	Running	LocalSystem
WSService	Windows Store Service (WSService)	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
wuauserv	Windows Update	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
wudfsvc	Windows Driver Foundation - User-mode Driver Framework	svchost.exe	6.2.10240.16384	Share Process	Running	LocalSystem
WwanSvc	WWAN AutoConfig	svchost.exe	6.2.10240.16384	Share Process	Stopped	NT Authority\LocalService
XblAuthManager	Xbox Live Auth Manager	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
XblGameSave	Xbox Live Game Save	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem
XboxNetApiSvc	Xbox Live Networking Service	svchost.exe	6.2.10240.16384	Share Process	Stopped	LocalSystem

AX Files


AX File	Version	Description
bdaplgin.ax	6.2.10240.16384	Microsoft BDA Device Control Plug-in for MPEG2 based networks.
g711codc.ax	6.2.10240.16384	Intel G711 CODEC
iac25_32.ax	2.0.5.53	Indeo� audio software
ir41_32.ax	6.2.10240.16384	IR41_32 WRAPPER DLL
ivfsrc.ax	5.10.2.51	Intel Indeo� video IVF Source Filter 5.10
ksproxy.ax	6.2.10240.16384	WDM Streaming ActiveMovie Proxy
kstvtune.ax	6.2.10240.16384	WDM Streaming TvTuner
kswdmcap.ax	6.2.10240.16384	WDM Streaming Video Capture
ksxbar.ax	6.2.10240.16384	WDM Streaming Crossbar
mpeg2data.ax	6.2.10240.16384	Microsoft MPEG-2 Section and Table Acquisition Module
mpg2splt.ax	6.2.10240.16384	DirectShow MPEG-2 Splitter.
msdvbnp.ax	6.2.10240.16384	Microsoft Network Provider for MPEG2 based networks.
msnp.ax	6.2.10240.16384	Microsoft Network Provider for MPEG2 based networks.
psisrndr.ax	6.2.10240.16384	Microsoft Transport Information Filter for MPEG2 based networks.
vbicodec.ax	6.2.10240.16384	Microsoft VBI Codec
vbisurf.ax	6.2.10240.16384	VBI Surface Allocator Filter
vidcap.ax	6.2.10240.16384	Video Capture Interface Server
wstpager.ax	6.2.10240.16384	Microsoft Teletext Server

DLL Files


DLL File	Version	Description
abovelockapphost.dll	6.2.10240.16384	AboveLockAppHost
accessibilitycpl.dll	6.2.10240.16384	Ease of access control panel
accountscontrolinternal.dll	6.2.10240.16384	Accounts Control Broker Objects
acctres.dll	6.2.10240.16384	Microsoft Internet Account Manager Resources
acledit.dll	6.2.10240.16384	Access Control List Editor
aclui.dll	6.2.10240.16384	Security Descriptor Editor
acppage.dll	6.2.10240.16384	Compatibility Tab Shell Extension Library
actioncenter.dll	6.2.10240.16427	Security and Maintenance
actioncentercpl.dll	6.2.10240.16384	Security and Maintenance Control Panel
activationclient.dll	6.2.10240.16384	Activation Client
activeds.dll	6.2.10240.16384	ADs Router Layer DLL
actxprxy.dll	6.2.10240.16390	ActiveX Interface Marshaling Library
addressparser.dll	6.2.10240.16384	ADDRESSPARSER
admtmpl.dll	6.2.10240.16384	Administrative Templates Extension
adprovider.dll	6.2.10240.16384	adprovider DLL
adrclient.dll	6.2.10240.16384	Microsoft� Access Denied Remediation Client
adsldp.dll	6.2.10240.16384	ADs LDAP Provider DLL
adsldpc.dll	6.2.10240.16384	ADs LDAP Provider C DLL
adsmsext.dll	6.2.10240.16384	ADs LDAP Provider DLL
adsnt.dll	6.2.10240.16384	ADs Windows NT Provider DLL
adtschema.dll	6.2.10240.16384	Security Audit Schema DLL
advapi32.dll	6.2.10240.16384	Advanced Windows 32 Base API
advapi32res.dll	6.2.10240.16384	Advanced Windows 32 Base API
advpack.dll	11.0.10240.16384	ADVPACK
aeevts.dll	6.2.10240.16384	Application Experience Event Resources
amsi.dll	4.8.10240.16384	Anti-Malware Scan Interface
amstream.dll	6.2.10240.16384	DirectShow Runtime.
apds.dll	6.2.10240.16384	Microsoft� Help Data Services Module
appcapture.dll	6.2.10240.16384	Windows Runtime AppCapture DLL
appcontracts.dll	6.2.10240.16387	Windows AppContracts API Server
apphelp.dll	6.2.10240.16384	Application Compatibility Client Library
apphlpdm.dll	6.2.10240.16384	Application Compatibility Help Module
appidapi.dll	6.2.10240.16384	Application Identity APIs Dll
appidpolicyengineapi.dll	6.2.10240.16384	AppId Policy Engine API Module
applockercsp.dll	6.2.10240.16384	AppLockerCSP
appmgmts.dll	6.2.10240.16384	Software installation Service
appmgr.dll	6.2.10240.16384	Software Installation Snapin Extenstion
appointmentactivation.dll	6.2.10240.16384	DLL for AppointmentActivation
appointmentapis.dll	6.2.10240.16384	DLL for CalendarRT
apprepapi.dll	6.2.10240.16384	Application Reputation APIs Dll
apprepsync.dll	6.2.10240.16384	AppRepSync Task
appxalluserstore.dll	6.2.10240.16389	AppX All User Store DLL
appxapplicabilityengine.dll	6.2.10240.16384	AppX Applicability Engine
appxdeploymentclient.dll	6.2.10240.16445	AppX Deployment Client DLL
appxpackaging.dll	6.2.10240.16384	Native Code Appx Packaging Library
appxsip.dll	6.2.10240.16384	Appx Subject Interface Package
asferror.dll	12.0.10240.16384	ASF Error Definitions
aspnet_counters.dll	4.6.79.0	Microsoft ASP.NET Performance Counter Shim DLL
asycfilt.dll	6.2.10240.16384
atl.dll	3.5.2284.0	ATL Module for Windows XP (Unicode)
atl100.dll	10.0.40219.325	ATL Module for Windows
atl110.dll	11.0.60610.1	ATL Module for Windows
atlthunk.dll	6.2.10240.16384	atlthunk.dll
atmfd.dll	5.1.2.246	Windows NT OpenType/Type 1 Font Driver
atmlib.dll	5.1.2.246	Windows NT OpenType/Type 1 API Library.
audiodev.dll	6.2.10240.16384	Portable Media Devices Shell Extension
audioeng.dll	6.2.10240.16412	Audio Engine
audiokse.dll	6.2.10240.16384	Audio Ks Endpoint
audioses.dll	6.2.10240.16412	Audio Session
auditnativesnapin.dll	6.2.10240.16384	Audit Policy Group Policy Editor Extension
auditpolicygpinterop.dll	6.2.10240.16384	Audit Policy GP Module
auditpolmsg.dll	6.2.10240.16384	Audit Policy MMC SnapIn Messages
authbroker.dll	6.2.10240.16384	Web Authentication WinRT API
authbrokerui.dll	6.2.10240.16384	AuthBroker UI
authext.dll	6.2.10240.16384	Authentication Extensions
authfwcfg.dll	6.2.10240.16384	Windows Firewall with Advanced Security Configuration Helper
authfwgp.dll	6.2.10240.16384	Windows Firewall with Advanced Security Group Policy Editor Extension
authfwsnapin.dll	6.2.10240.16384	Microsoft.WindowsFirewall.SnapIn
authfwwizfwk.dll	6.2.10240.16384	Wizard Framework
authui.dll	6.2.10240.16485	Windows Authentication UI
authz.dll	6.2.10240.16384	Authorization Framework
autoplay.dll	6.2.10240.16384	AutoPlay Control Panel
avicap32.dll	6.2.10240.16384	AVI Capture window class
avifil32.dll	6.2.10240.16384	Microsoft AVI File support library
avrt.dll	6.2.10240.16384	Multimedia Realtime Runtime
azroles.dll	6.2.10240.16384	azroles Module
azroleui.dll	6.2.10240.16384	Authorization Manager
azsqlext.dll	6.2.10240.16384	AzMan Sql Audit Extended Stored Procedures Dll
azuresettingsyncprovider.dll	6.2.10240.16384	Azure Setting Sync Provider
backgroundmediapolicy.dll	6.2.10240.16384	<d> Background Media Policy DLL
basecsp.dll	6.2.10240.16384	Microsoft Base Smart Card Crypto Provider
batmeter.dll	6.2.10240.16384	Battery Meter Helper DLL
bcastdvr.proxy.dll	6.2.10240.16384	Broadcast DVR Proxy
bcd.dll	6.2.10240.16393	BCD DLL
bcp47langs.dll	6.2.10240.16384	BCP47 Language Classes
bcrypt.dll	6.2.10240.16384	Windows Cryptographic Primitives Library
bcryptprimitives.dll	6.2.10240.16384	Windows Cryptographic Primitives Library
bidispl.dll	6.2.10240.16384	Bidispl DLL
bingmaps.dll	6.2.10240.16392	Bing Map Control
bingonlineservices.dll	6.2.10240.16384	Bing online services
biocredprov.dll	6.2.10240.16384	WinBio Credential Provider
bitsperf.dll	7.8.10240.16384	Perfmon Counter Access
bitsproxy.dll	7.8.10240.16384	Background Intelligent Transfer Service Proxy
biwinrt.dll	6.2.10240.16384	Windows Background Broker Infrastructure
blackbox.dll	11.0.10240.16384	BlackBox DLL
bluetoothapis.dll	6.2.10240.16384	Bluetooth Usermode Api host
bootvid.dll	6.2.10240.16384	VGA Boot Driver
browcli.dll	6.2.10240.16384	Browser Service Client DLL
browsersettingsync.dll	6.2.10240.16384	Browser Setting Synchronization
browseui.dll	6.2.10240.16384	Shell Browser UI Library
btpanui.dll	6.2.10240.16384	Bluetooth PAN User Interface
bwcontexthandler.dll	1.0.0.1	ContextH Application
c_g18030.dll	6.2.10240.16384	GB18030 DBCS-Unicode Conversion DLL
c_gsm7.dll	6.2.10240.16384	GSM 7bit Code Page Translation DLL for SMS
c_is2022.dll	6.2.10240.16384	ISO-2022 Code Page Translation DLL
c_iscii.dll	6.2.10240.16384	ISCII Code Page Translation DLL
cabinet.dll	6.2.10240.16384	Microsoft� Cabinet File API
cabview.dll	6.2.10240.16384	Cabinet File Viewer Shell Extension
callbuttons.dll	6.2.10240.16384	Windows Runtime CallButtonsServer DLL
callbuttons.proxystub.dll	6.2.10240.16384	Windows Runtime CallButtonsServer ProxyStub DLL
callhistoryclient.dll	6.2.10240.16384	Client DLL for accessing CallHistory information
cameracaptureui.dll	6.2.10240.16384	Microsoft� Windows� Operating System
capiprovider.dll	6.2.10240.16384	capiprovider DLL
capisp.dll	6.2.10240.16384	Sysprep cleanup dll for CAPI
catsrv.dll	2001.12.10941.16384	COM+ Configuration Catalog Server
catsrvps.dll	2001.12.10941.16384	COM+ Configuration Catalog Server Proxy/Stub
catsrvut.dll	2001.12.10941.16384	COM+ Configuration Catalog Server Utilities
cca.dll	6.2.10240.16384	CCA DirectShow Filter.
cdosys.dll	6.6.10240.16384	Microsoft CDO for Windows Library
cdp.dll	6.2.10240.16384	Microsoft (R) CDP Client API
cemapi.dll	6.2.10240.16384	CEMAPI
certca.dll	6.2.10240.16384	Microsoft� Active Directory Certificate Services CA
certcli.dll	6.2.10240.16384	Microsoft� Active Directory Certificate Services Client
certcredprovider.dll	6.2.10240.16384	Cert Credential Provider
certenc.dll	6.2.10240.16384	Active Directory Certificate Services Encoding
certenroll.dll	6.2.10240.16384	Microsoft� Active Directory Certificate Services Enrollment Client
certenrollui.dll	6.2.10240.16384	X509 Certificate Enrollment UI
certmgr.dll	6.2.10240.16384	Certificates snap-in
certpoleng.dll	6.2.10240.16384	Certificate Policy Engine
cewmdm.dll	12.0.10240.16384	Windows CE WMDM Service Provider
cfgbkend.dll	6.2.10240.16384	Configuration Backend Interface
cfgmgr32.dll	6.2.10240.16384	Configuration Manager DLL
cfmifs.dll	6.2.10240.16384	FmIfs Engine
cfmifsproxy.dll	6.2.10240.16384	Microsoft� FmIfs Proxy Library
chakra.dll	11.0.10240.16431	Microsoft � JScript
chakradiag.dll	11.0.10240.16384	Microsoft � JScript Diagnostics
chartv.dll	6.2.10240.16384	Chart View
chatapis.dll	6.2.10240.16384	DLL for ChatRT
chxreadingstringime.dll	6.2.10240.16384	CHxReadingStringIME
cic.dll	6.2.10240.16384	CIC - MMC controls for Taskpad
clb.dll	6.2.10240.16384	Column List Box
clbcatq.dll	2001.12.10941.16384	COM+ Configuration Catalog
clfsw32.dll	6.2.10240.16384	Common Log Marshalling Win32 DLL
cliconfg.dll	6.2.10240.16384	SQL Client Configuration Utility DLL
clipboardserver.dll	6.2.10240.16384	Modern Clipboard API Server
clipc.dll	6.2.10240.16384	Client Licensing Platform Client
clrhost.dll	6.2.10240.16384	In Proc server for managed servers in the Windows Runtime
clusapi.dll	6.2.10240.16384	Cluster API Library
cmcfg32.dll	7.2.10240.16384	Microsoft Connection Manager Configuration Dll
cmdext.dll	6.2.10240.16384	cmd.exe Extension DLL
cmdial32.dll	7.2.10240.16384	Microsoft Connection Manager
cmifw.dll	6.2.10240.16384	Windows Firewall rule configuration plug-in
cmipnpinstall.dll	6.2.10240.16384	PNP plugin installer for CMI
cmlua.dll	7.2.10240.16384	Connection Manager Admin API Helper
cmpbk32.dll	7.2.10240.16384	Microsoft Connection Manager Phonebook
cmstplua.dll	7.2.10240.16384	Connection Manager Admin API Helper for Setup
cmutil.dll	7.2.10240.16384	Microsoft Connection Manager Utility Lib
cngcredui.dll	6.2.10240.16384	Microsoft CNG CredUI Provider
cngprovider.dll	6.2.10240.16384	cngprovider DLL
cnvfat.dll	6.2.10240.16384	FAT File System Conversion Utility DLL
colbact.dll	2001.12.10941.16384	COM+
colorcnv.dll	6.2.10240.16384	Windows Media Color Conversion
colorui.dll	6.2.10240.16384	Microsoft Color Control Panel
combase.dll	6.2.10240.16384	Microsoft COM for Windows
comcat.dll	6.2.10240.16384	Microsoft Component Category Manager Library
comctl32.dll	5.82.10240.16384	User Experience Controls Library
comdlg32.dll	6.2.10240.16405	Common Dialogs DLL
coml2.dll	6.2.10240.16384	Microsoft COM for Windows
commstypehelperutil_ca.dll	6.2.10240.16384	Comms Type Helper Util
compobj.dll	3.10.0.103	Windows Win16 Application Launcher
comppkgsup.dll	12.0.10240.16384	Component Package Support DLL
compstui.dll	6.2.10240.16384	Common Property Sheet User Interface DLL
comrepl.dll	2001.12.10941.16384	COM+
comres.dll	2001.12.10941.16384	COM+ Resources
comsnap.dll	2001.12.10941.16384	COM+ Explorer MMC Snapin
comsvcs.dll	2001.12.10941.16384	COM+ Services
comuid.dll	2001.12.10941.16384	COM+ Explorer UI
configureexpandedstorage.dll	6.2.10240.16384	ConfigureExpandedStorage
connect.dll	6.2.10240.16384	Get Connected Wizards
connectedaccountstate.dll	6.2.10240.16384	ConnectedAccountState.dll
console.dll	6.2.10240.16384	Control Panel Console Applet
contactactivation.dll	6.2.10240.16384	DLL for ContactActivation
contactapis.dll	6.2.10240.16397	DLL for ContactsRT
coremessaging.dll	6.2.10240.16397	Microsoft CoreMessaging Dll
coremmres.dll	6.2.10240.16384	General Core Multimedia Resources
coreuicomponents.dll
cortana.persona.dll	6.2.10240.16384	Cortana.Persona
cortanamapihelper.dll	6.2.10240.16384	CortanaMapiHelper
cortanamapihelper.proxystub.dll	6.2.10240.16384	CortanaMapiHelper.ProxyStub
cpfilters.dll	6.2.10240.16384	PTFilter & Encypter/Decrypter Tagger Filters.
credentialmigrationhandler.dll	6.2.10240.16384	Credential Migration Handler
credprovdatamodel.dll	6.2.10240.16412	Cred Prov Data Model
credprovhost.dll	6.2.10240.16384	Credential Provider Framework Host
credprovs.dll	6.2.10240.16384	Credential Providers
credssp.dll	6.2.10240.16384	Credential Delegation Security Package
credui.dll	6.2.10240.16384	Credential Manager User Interface
crtdll.dll	4.0.1183.1	Microsoft C Runtime Library
crypt32.dll	6.2.10240.16384	Crypto API32
cryptbase.dll	6.2.10240.16384	Base cryptographic API DLL
cryptdlg.dll	6.2.10240.16384	Microsoft Common Certificate Dialogs
cryptdll.dll	6.2.10240.16384	Cryptography Manager
cryptext.dll	6.2.10240.16384	Crypto Shell Extensions
cryptnet.dll	6.2.10240.16384	Crypto Network Related API
cryptngc.dll	6.2.10240.16384	Microsoft Passport API
cryptowinrt.dll	6.2.10240.16384	Crypto WinRT Library
cryptsp.dll	6.2.10240.16384	Cryptographic Service Provider API
crypttpmeksvc.dll	6.2.10240.16384	Cryptographic TPM Endorsement Key Services
cryptui.dll	6.2.10240.16384	Microsoft Trust UI Provider
cryptuiwizard.dll	6.2.10240.16384	Microsoft Trust UI Provider
cryptxml.dll	6.2.10240.16384	XML DigSig API
cscapi.dll	6.2.10240.16384	Offline Files Win32 API
cscdll.dll	6.2.10240.16384	Offline Files Temporary Shim
cscobj.dll	6.2.10240.16384	In-proc COM object used by clients of CSC API
csver.dll	9.3.0.1021	CSVer
ctl3d32.dll	2.31.0.0	Ctl3D 3D Windows Controls
d2d1.dll	6.2.10240.16384	Microsoft D2D Library
d3d10.dll	6.2.10240.16384	Direct3D 10 Runtime
d3d10_1.dll	6.2.10240.16384	Direct3D 10.1 Runtime
d3d10_1core.dll	6.2.10240.16384	Direct3D 10.1 Runtime
d3d10core.dll	6.2.10240.16384	Direct3D 10 Runtime
d3d10level9.dll	6.2.10240.16384	Direct3D 10 to Direct3D9 Translation Runtime
d3d10warp.dll	6.2.10240.16384	Direct3D 10 Rasterizer
d3d11.dll	6.2.10240.16384	Direct3D 11 Runtime
d3d12.dll	6.2.10240.16384	Direct3D 12 Runtime
d3d8.dll	6.2.10240.16384	Microsoft Direct3D
d3d8thk.dll	6.2.10240.16384	Microsoft Direct3D OS Thunk Layer
d3d9.dll	6.2.10240.16412	Direct3D 9 Runtime
d3dcompiler_47.dll	6.2.10240.16384	Direct3D HLSL Compiler
d3dim.dll	6.2.10240.16384	Microsoft Direct3D
d3dim700.dll	6.2.10240.16384	Microsoft Direct3D
d3dramp.dll	6.2.10240.16384	Microsoft Direct3D
d3dxof.dll	6.2.10240.16384	DirectX Files DLL
dabapi.dll	6.2.10240.16384	Desktop Activity Broker API
dafcdp.dll	6.2.10240.16384	DAF CDP Provider
dafprintprovider.dll	6.2.10240.16384	DAF Print Provider DLL
daotpcredentialprovider.dll	6.2.10240.16384	DirectAccess One-Time Password Credential Provider
dataclen.dll	6.2.10240.16384	Disk Space Cleaner for Windows
dataexchange.dll	6.2.10240.16384	Data exchange
davclnt.dll	6.2.10240.16384	Web DAV Client DLL
davhlpr.dll	6.2.10240.16384	DAV Helper DLL
dbgcore.dll	6.2.10240.16384	Windows Core Debugging Helpers
dbgeng.dll	6.2.10240.16384	Windows Symbolic Debugger Engine
dbghelp.dll	6.2.10240.16384	Windows Image Helper
dbgmodel.dll	6.2.10240.16384	Windows Debugger Data Model
dbnetlib.dll	6.2.10240.16384	Winsock Oriented Net DLL for SQL Clients
dbnmpntw.dll	6.2.10240.16384	Named Pipes Net DLL for SQL Clients
dciman32.dll	6.2.10240.16384	DCI Manager
dcomp.dll	6.2.10240.16384	Microsoft DirectComposition Library
ddaclsys.dll	6.2.10240.16384	SysPrep module for Resetting Data Drive ACL
ddoiproxy.dll	6.2.10240.16384	DDOI Interface Proxy
ddores.dll	6.2.10240.16384	Device Category information and resources
ddraw.dll	6.2.10240.16384	Microsoft DirectDraw
ddrawex.dll	6.2.10240.16384	Direct Draw Ex
defaultdevicemanager.dll	6.2.10240.16384	Default Device Manager
defaultprinterprovider.dll	6.2.10240.16384	Microsoft Windows Default Printer Provider
delegatorprovider.dll	6.2.10240.16384	WMI PassThru Provider for Storage Management
deskadp.dll	6.2.10240.16384	Advanced display adapter properties
deskmon.dll	6.2.10240.16384	Advanced display monitor properties
devdispitemprovider.dll	6.2.10240.16384	DeviceItem inproc devquery subsystem
devenum.dll	6.2.10240.16384	Device enumeration.
deviceaccess.dll	6.2.10240.16384	Device Broker And Policy COM Server
deviceassociation.dll	6.2.10240.16384	Device Association Client DLL
devicecenter.dll	6.2.10240.16384	Device Center
devicedisplaystatusmanager.dll	6.2.10240.16384	Device Display Status Manager
devicepairing.dll	6.2.10240.16384	Shell extensions for Device Pairing
devicepairingfolder.dll	6.2.10240.16384	Device Pairing Folder
devicepairingproxy.dll	6.2.10240.16384	Device Pairing Proxy Dll
devicesetupstatusprovider.dll	6.2.10240.16384	Device Setup Status Provider Dll
deviceuxres.dll	6.2.10240.16384	Windows Device User Experience Resource File
devmgr.dll	6.2.10240.16384	Device Manager MMC Snapin
devobj.dll	6.2.10240.16384	Device Information Set DLL
devrtl.dll	6.2.10240.16384	Device Management Run Time Library
dfscli.dll	6.2.10240.16384	Windows NT Distributed File System Client DLL
dfshim.dll	6.2.10240.16384	ClickOnce Application Deployment Support Library
dfsshlex.dll	6.2.10240.16384	Distributed File System shell extension
dhcpcmonitor.dll	6.2.10240.16384	DHCP Client Monitor Dll
dhcpcore.dll	6.2.10240.16384	DHCP Client Service
dhcpcore6.dll	6.2.10240.16384	DHCPv6 Client
dhcpcsvc.dll	6.2.10240.16384	DHCP Client Service
dhcpcsvc6.dll	6.2.10240.16384	DHCPv6 Client
dhcpsapi.dll	6.2.10240.16384	DHCP Server API Stub DLL
dialclient.dll	12.0.10240.16384	DIAL DLL
dictationmanager.dll	6.2.0.1	Dictation Manager
difxapi.dll	2.1.0.0	Driver Install Frameworks for API library module
dimsjob.dll	6.2.10240.16384	DIMS Job DLL
dimsroam.dll	6.2.10240.16384	Key Roaming DIMS Provider DLL
dinput.dll	6.2.10240.16384	Microsoft DirectInput
dinput8.dll	6.2.10240.16384	Microsoft DirectInput
directdb.dll	6.2.10240.16384	Microsoft Direct Database API
directmanipulation.dll	6.2.10240.16431	Microsoft Direct Manipulation Component
dismapi.dll	6.2.10240.16384	DISM API Framework
dispex.dll	5.812.10240.16384	Microsoft � DispEx
display.dll	6.2.10240.16384	Display Control Panel
displaymanager.dll	6.2.10240.16386	DisplayManager
dlnashext.dll	12.0.10240.16384	DLNA Namespace DLL
dmband.dll	6.2.10240.16384	Microsoft DirectMusic Band
dmcmnutils.dll	6.2.10240.16384	dmcmnutils
dmcompos.dll	6.2.10240.16384	Microsoft DirectMusic Composer
dmdlgs.dll	6.2.10240.16384	Disk Management Snap-in Dialogs
dmdskmgr.dll	6.2.10240.16384	Disk Management Snap-in Support Library
dmdskres.dll	6.2.10240.16384	Disk Management Snap-in Resources
dmdskres2.dll	6.2.10240.16384	Disk Management Snap-in Resources
dmime.dll	6.2.10240.16384	Microsoft DirectMusic Interactive Engine
dmintf.dll	6.2.10240.16384	Disk Management DCOM Interface Stub
dmloader.dll	6.2.10240.16384	Microsoft DirectMusic Loader
dmocx.dll	6.2.10240.16384	TreeView OCX
dmscript.dll	6.2.10240.16384	Microsoft DirectMusic Scripting
dmstyle.dll	6.2.10240.16384	Microsoft DirectMusic Style Engline
dmsynth.dll	6.2.10240.16384	Microsoft DirectMusic Software Synthesizer
dmusic.dll	6.2.10240.16384	Microsoft DirectMusic Core Services
dmutil.dll	6.2.10240.16384	Logical Disk Manager Utility Library
dmvdsitf.dll	6.2.10240.16384	Disk Management Snap-in Support Library
dnsapi.dll	6.2.10240.16384	DNS Client API DLL
dnscmmc.dll	6.2.10240.16384	DNS Client MMC Snap-in DLL
dnssd.dll	1.0.6.2	Bonjour Client Library
docprop.dll	6.2.10240.16384	OLE DocFile Property Page
dolbydecmft.dll	6.2.10240.16384	Media Foundation Dolby Digital Decoders
dot3api.dll	6.2.10240.16384	802.3 Autoconfiguration API
dot3cfg.dll	6.2.10240.16384	802.3 Netsh Helper
dot3dlg.dll	6.2.10240.16384	802.3 UI Helper
dot3gpclnt.dll	6.2.10240.16384	802.3 Group Policy Client
dot3gpui.dll	6.2.10240.16384	802.3 Network Policy Management Snap-in
dot3hc.dll	6.2.10240.16384	Dot3 Helper Class
dot3msm.dll	6.2.10240.16384	802.3 Media Specific Module
dot3ui.dll	6.2.10240.16384	802.3 Advanced UI
dpapi.dll	6.2.10240.16384	Data Protection API
dpapiprovider.dll	6.2.10240.16384	dpapiprovider DLL
dplayx.dll	10.0.10240.16384	DirectPlay Stub
dpmodemx.dll	10.0.10240.16384	DirectPlay Stub
dpnaddr.dll	10.0.10240.16384	DirectPlay Stub
dpnathlp.dll	10.0.10240.16384	DirectPlay Stub
dpnet.dll	10.0.10240.16384	DirectPlay Stub
dpnhpast.dll	10.0.10240.16384	DirectPlay Stub
dpnhupnp.dll	10.0.10240.16384	DirectPlay Stub
dpnlobby.dll	10.0.10240.16384	DirectPlay Stub
dpwsockx.dll	10.0.10240.16384	DirectPlay Stub
dpx.dll	6.2.10240.16384	Microsoft(R) Delta Package Expander
drmmgrtn.dll	11.0.10240.16384	DRM Migration DLL
drmv2clt.dll	11.0.10100.0	DRMv2 Client DLL
drprov.dll	6.2.10240.16384	Microsoft Remote Desktop Session Host Server Network Provider
drt.dll	6.2.10240.16384	Distributed Routing Table
drtprov.dll	6.2.10240.16384	Distributed Routing Table Providers
drttransport.dll	6.2.10240.16384	Distributed Routing Table Transport Provider
drvstore.dll	6.2.10240.16384	Driver Store API
dsauth.dll	6.2.10240.16384	DS Authorization for Services
dsccoreconfprov.dll	6.2.9200.16384	DSC
dsclient.dll	6.2.10240.16384	Data Sharing Service Client DLL
dsdmo.dll	6.2.10240.16384	DirectSound Effects
dskquota.dll	6.2.10240.16384	Windows Shell Disk Quota Support DLL
dskquoui.dll	6.2.10240.16384	Windows Shell Disk Quota UI DLL
dsound.dll	6.2.10240.16384	DirectSound
dsparse.dll	6.2.10240.16384	Active Directory Domain Services API
dsprop.dll	6.2.10240.16384	Windows Active Directory Property Pages
dsquery.dll	6.2.10240.16384	Directory Service Find
dsreg.dll	6.2.10240.16384	AD/AAD User Device Registration
dsrole.dll	6.2.10240.16384	DS Setup Client DLL
dssec.dll	6.2.10240.16384	Directory Service Security UI
dssenh.dll	6.2.10240.16384	Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
dsui.dll	6.2.10240.16384	Device Setup UI Pages
dsuiext.dll	6.2.10240.16384	Directory Service Common UI
dswave.dll	6.2.10240.16384	Microsoft DirectMusic Wave
dtsh.dll	6.2.10240.16384	Detection and Sharing Status API
dui70.dll	6.2.10240.16384	Windows DirectUI Engine
duser.dll	6.2.10240.16384	Windows DirectUser Engine
dwmapi.dll	6.2.10240.16392	Microsoft Desktop Window Manager API
dwmcore.dll	6.2.10240.16461	Microsoft DWM Core Library
dwrite.dll	6.2.10240.16430	Microsoft DirectX Typography Services
dxdiagn.dll	6.2.10240.16384	Microsoft DirectX Diagnostic Tool
dxgi.dll	6.2.10240.16412	DirectX Graphics Infrastructure
dxmasf.dll	12.0.10240.16384	Microsoft Windows Media Component Removal File.
dxptasksync.dll	6.2.10240.16384	Microsoft Windows DXP Sync.
dxtmsft.dll	11.0.10240.16384	DirectX Media -- Image DirectX Transforms
dxtrans.dll	11.0.10240.16384	DirectX Media -- DirectX Transform Core
dxva2.dll	6.2.10240.16384	DirectX Video Acceleration 2.0 DLL
eapp3hst.dll	6.2.10240.16384	Microsoft ThirdPartyEapDispatcher
eappcfg.dll	6.2.10240.16384	Eap Peer Config
eappgnui.dll	6.2.10240.16384	EAP Generic UI
eapphost.dll	6.2.10240.16384	Microsoft EAPHost Peer service
eappprxy.dll	6.2.10240.16384	Microsoft EAPHost Peer Client DLL
eapprovp.dll	6.2.10240.16384	EAP extension DLL
easwrt.dll	6.2.10240.16384	Exchange ActiveSync Windows Runtime DLL
edgehtml.dll	11.0.10240.16485	Microsoft (R) HTML Viewer
editbuffertesthook.dll
edpauditapi.dll	6.2.10240.16384	EDP Audit API
edputil.dll	6.2.10240.16384	EDP util
efsadu.dll	6.2.10240.16384	File Encryption Utility
efscore.dll	6.2.10240.16392	EFS Core Library
efsext.dll
efsutil.dll	6.2.10240.16384	EFS Utility Library
efswrt.dll	6.2.10240.16384	Storage Protection Windows Runtime DLL
ehstorapi.dll	6.2.10240.16384	Windows Enhanced Storage API
ehstorpwdmgr.dll	6.2.10240.16384	Microsoft Enhanced Storage Password Manager
els.dll	6.2.10240.16384	Event Viewer Snapin
elscore.dll	6.2.10240.16384	Els Core Platform DLL
elshyph.dll	6.2.10240.16384	ELS Hyphenation Service
elslad.dll	6.2.10240.16384	ELS Language Detection
elstrans.dll	6.2.10240.16384	ELS Transliteration Service
emailapis.dll	6.2.10240.16384	DLL for EmailRT
embeddedmodesvcapi.dll	6.2.10240.16384	Embedded Mode Service Client DLL
encapi.dll	6.2.10240.16384	Encoder API
encdec.dll	6.2.10240.16384	XDSCodec & Encypter/Decrypter Tagger Filters.
eqossnap.dll	6.2.10240.16384	EQoS Snapin extension
errordetails.dll	6.2.10240.16384	Microsoft Windows operating system.
es.dll	2001.12.10941.16384	COM+
esdsip.dll	6.2.10240.16384	Crypto SIP provider for signing and verifying .esd Electronic Software Distribution files
esent.dll	6.2.10240.16384	Extensible Storage Engine for Microsoft(R) Windows(R)
esentprf.dll	6.2.10240.16384	Extensible Storage Engine Performance Monitoring Library for Microsoft(R) Windows(R)
esevss.dll	6.2.10240.16384	Microsoft(R) ESENT shadow utilities
etwcoreuicomponentsresources.dll	6.2.10240.16384	Microsoft CoreComponents UI ETW manifest Dll
etweseproviderresources.dll	6.2.10240.16384	Microsoft ESE ETW
eventcls.dll	6.2.10240.16384	Microsoft� Volume Shadow Copy Service event class
evr.dll	6.2.10240.16384	Enhanced Video Renderer DLL
execmodelclient.dll	6.2.10240.16384	ExecModelClient
execmodelproxy.dll	6.2.10240.16384	ExecModelProxy
explorerframe.dll	6.2.10240.16405	ExplorerFrame
expsrv.dll	6.0.72.9589	Visual Basic for Applications Runtime - Expression Service
exsmime.dll	6.2.10240.16384	LExsmime
extrasxmlparser.dll	6.2.10240.16384	Extras XML parser used to extract extension information from XML
f3ahvoas.dll	6.2.10240.16384	JP Japanese Keyboard Layout for Fujitsu FMV oyayubi-shift keyboard
familysafetyext.dll	6.2.10240.16384	FamilySafety ChildAccount Extensions
faultrep.dll	6.2.10240.16384	Windows User Mode Crash Reporting DLL
fdbth.dll	6.2.10240.16384	Function Discovery Bluetooth Provider Dll
fdbthproxy.dll	6.2.10240.16384	Bluetooth Provider Proxy Dll
fddevquery.dll	6.2.10240.16384	Microsoft Windows Device Query Helper
fde.dll	6.2.10240.16384	Folder Redirection Snapin Extension
fdeploy.dll	6.2.10240.16384	Folder Redirection Group Policy Extension
fdpnp.dll	6.2.10240.16384	Pnp Provider Dll
fdprint.dll	6.2.10240.16384	Function Discovery Print Provider Dll
fdproxy.dll	6.2.10240.16384	Function Discovery Proxy Dll
fdssdp.dll	6.2.10240.16384	Function Discovery SSDP Provider Dll
fdwcn.dll	6.2.10240.16461	Windows Connect Now - Config Function Discovery Provider DLL
fdwnet.dll	6.2.10240.16384	Function Discovery WNet Provider Dll
fdwsd.dll	6.2.10240.16384	Function Discovery WS Discovery Provider Dll
feclient.dll	6.2.10240.16384	Windows NT File Encryption Client Interfaces
filemgmt.dll	6.2.10240.16384	Services and Shared Folders
findnetprinters.dll	6.2.10240.16384	Find Network Printers COM Component
fingerprintcredential.dll	6.2.10240.16384	WinBio Fingerprint Credential
firewallapi.dll	6.2.10240.16384	Windows Firewall API
firewallcontrolpanel.dll	6.2.10240.16384	Windows Firewall Control Panel
fltlib.dll	6.2.10240.16384	Filter Library
fm20.dll	12.0.6723.5000	Microsoft� Forms DLL
fm20enu.dll	12.0.4518.1014	Microsoft� Forms International DLL
fmifs.dll	6.2.10240.16384	FM IFS Utility DLL
fms.dll	6.2.10240.16384	Font Management Services
fontext.dll	6.2.10240.16384	Windows Font Folder
fontsub.dll	6.2.10240.16384	Font Subsetting DLL
fphc.dll	6.2.10240.16384	Filtering Platform Helper Class
framedyn.dll	6.2.10240.16384	WMI SDK Provider Framework
framedynos.dll	6.2.10240.16384	WMI SDK Provider Framework
frprov.dll	6.2.10240.16384	Folder Redirection WMI Provider
fsutilext.dll	6.2.10240.16384	FS Utility Extension DLL
fundisc.dll	6.2.10240.16384	Function Discovery Dll
fwbase.dll	6.2.10240.16384	Firewall Base DLL
fwcfg.dll	6.2.10240.16384	Windows Firewall Configuration Helper
fwpolicyiomgr.dll	6.2.10240.16412	FwPolicyIoMgr DLL
fwpuclnt.dll	6.2.10240.16384	FWP/IPsec User-Mode API
fwremotesvr.dll	6.2.10240.16384	Windows Firewall Remote APIs Server
fxsapi.dll	6.2.10240.16384	Microsoft Fax API Support DLL
fxscom.dll	6.2.10240.16384	Microsoft Fax Server COM Client Interface
fxscomex.dll	6.2.10240.16384	Microsoft Fax Server Extended COM Client Interface
fxsext32.dll	6.2.10240.16384	Microsoft Fax Exchange Command Extension
fxsresm.dll	6.2.10240.16384	Microsoft Fax Resource DLL
fxsxp32.dll	6.2.10240.16384	Microsoft Fax Transport Provider
gameux.dll	6.2.10240.16384	Games Explorer
gameuxlegacygdfs.dll	1.0.0.1	Legacy GDF resource DLL
gamingtcui.dll	6.2.10240.16384	Windows Gaming Internal CallableUI dll
gcdef.dll	6.2.10240.16384	Game Controllers Default Sheets
gdi32.dll	6.2.10240.16390	GDI Client DLL
gdiplus.dll	6.2.10240.16384	Microsoft GDI+
geocommon.dll	6.2.10240.16384	Geocommon
geolocation.dll	6.2.10240.16384	Geolocation Runtime DLL
geolocatorhelper.dll	6.2.10240.16384	GeoLocatorHelper
getuname.dll	6.2.10240.16384	Unicode name Dll for UCE
glmf32.dll	6.2.10240.16384	OpenGL Metafiling DLL
globcollationhost.dll	6.2.10240.16384	GlobCollationHost
globinputhost.dll	6.2.10240.16384	Windows Globalization Extension API for Input
glu32.dll	6.2.10240.16384	OpenGL Utility Library DLL
gpapi.dll	6.2.10240.16384	Group Policy Client API
gpedit.dll	6.2.10240.16384	GPEdit
gpprefcl.dll	6.2.10240.16384	Group Policy Preference Client
gpprnext.dll	6.2.10240.16384	Group Policy Printer Extension
gpscript.dll	6.2.10240.16384	Script Client Side Extension
gptext.dll	6.2.10240.16384	GPTExt
hbaapi.dll	6.2.10240.16384	HBA API data interface dll for HBA_API_Rev_2-18_2002MAR1.doc
hcproviders.dll	6.2.10240.16384	Security and Maintenance Providers
helppaneproxy.dll	6.2.10240.16384	Microsoft� Help Proxy
hevcdecoder.dll	6.2.10240.16384	Windows H265 Video Decoder
hgcpl.dll	6.2.10240.16384	HomeGroup Control Panel
hhsetup.dll	6.2.10240.16384	Microsoft� HTML Help
hid.dll	6.2.10240.16384	Hid User Library
hidserv.dll	6.2.10240.16384	Human Interface Device Service
hlink.dll	6.2.10240.16384	Microsoft Office 2000 component
hmkd.dll	6.2.10240.16385	Windows HMAC Key Derivation API
hnetcfg.dll	6.2.10240.16384	Home Networking Configuration Manager
hnetmon.dll	6.2.10240.16384	Home Networking Monitor DLL
hrtfapo.dll
httpapi.dll	6.2.10240.16384	HTTP Protocol Stack API
htui.dll	6.2.10240.16384	Common halftone Color Adjustment Dialogs
ias.dll	6.2.10240.16384	Network Policy Server
iasacct.dll	6.2.10240.16384	NPS Accounting Provider
iasads.dll	6.2.10240.16384	NPS Active Directory Data Store
iasdatastore.dll	6.2.10240.16384	NPS Datastore server
iashlpr.dll	6.2.10240.16384	NPS Surrogate Component
iasmigplugin.dll	6.2.10240.16384	NPS Migration DLL
iasnap.dll	6.2.10240.16384	NPS NAP Provider
iaspolcy.dll	6.2.10240.16384	NPS Pipeline
iasrad.dll	6.2.10240.16384	NPS RADIUS Protocol Component
iasrecst.dll	6.2.10240.16384	NPS XML Datastore Access
iassam.dll	6.2.10240.16384	NPS NT SAM Provider
iassdo.dll	6.2.10240.16384	NPS SDO Component
iassvcs.dll	6.2.10240.16384	NPS Services Component
iccvid.dll	1.10.0.12	Cinepak� Codec
icm32.dll	6.2.10240.16384	Microsoft Color Management Module (CMM)
icmp.dll	6.2.10240.16384	ICMP DLL
icmui.dll	6.2.10240.16384	Microsoft Color Matching System User Interface DLL
iconcodecservice.dll	6.2.10240.16384	Converts a PNG part of the icon to a legacy bmp icon
icsigd.dll	6.2.10240.16384	Internet Gateway Device properties
idctrls.dll	6.2.10240.16384	Identity Controls
idndl.dll	6.2.10240.16384	Downlevel DLL
idstore.dll	6.2.10240.16384	Identity Store
ieadvpack.dll	11.0.10240.16384	ADVPACK
ieapfltr.dll	11.0.10240.16384	Microsoft SmartScreen Filter
iedkcs32.dll	18.0.10240.16384	IEAK branding
ieetwproxystub.dll	11.0.10240.16384	IE ETW Collector Proxy Stub Resources
ieframe.dll	11.0.10240.16485	Internet Browser
iepeers.dll	11.0.10240.16384	Internet Explorer Peer Objects
ieproxy.dll	11.0.10240.16386	IE ActiveX Interface Marshaling Library
iernonce.dll	11.0.10240.16384	Extended RunOnce processing with UI
iertutil.dll	11.0.10240.16485	Run time utility for Internet Explorer
iesetup.dll	11.0.10240.16384	IOD Version Map
iesysprep.dll	11.0.10240.16384	IE Sysprep Provider
ieui.dll	11.0.10240.16384	Internet Explorer UI Engine
ifmon.dll	6.2.10240.16384	IF Monitor DLL
ifsutil.dll	6.2.10240.16384	IFS Utility DLL
ifsutilx.dll	6.2.10240.16384	IFS Utility Extension DLL
ig7icd32.dll	10.18.10.4252	OpenGL(R) Driver for Intel(R) Graphics Accelerator
igd10iumd32.dll	10.18.10.4252	User Mode Driver for Intel(R) Graphics Technology
igd10umd32.dll	9.17.10.2843	LDDM User Mode Driver for Intel(R) Graphics Technology
igdail32.dll
igdbcl32.dll	10.18.10.4252	OpenCL User Mode Driver for Intel(R) Graphics Technology
igdde32.dll
igdfcl32.dll	10.18.10.4252	OpenCL User Mode Driver for Intel(R) Graphics Technology
igdmd32.dll	10.18.10.4252	Metrics Discovery API for Intel(R) Graphics Accelerator
igdrcl32.dll	10.18.10.4252	OpenCL User Mode Driver for Intel(R) Graphics Technology
igdumd32.dll	9.17.10.2843	LDDM User Mode Driver for Intel(R) Graphics Technology
igdumdim32.dll	10.18.10.4252	User Mode Driver for Intel(R) Graphics Technology
igdusc32.dll	10.18.10.4252	Unified Shader Compiler for Intel(R) Graphics Accelerator
igfx11cmrt32.dll	3.0.0.1284	MDF(CM) Runtime DX11 Dynamic Link Library
igfxcmjit32.dll	3.0.0.1284	MDF(CM) JIT Dynamic Link Library
igfxcmrt32.dll	3.0.0.1284	MDF(CM) Runtime Dynamic Link Library
igfxexps32.dll	6.15.10.4252	igfxext Module
iglhcp32.dll	9.0.20.9000	iglhcp32 Dynamic Link Library
iglhsip32.dll	9.0.20.9000	iglhsip32 Dynamic Link Library
imagehlp.dll	6.2.10240.16384	Windows NT Image Helper
imageres.dll	6.2.10240.16384	Windows Image Resource
imagesp1.dll	6.2.10240.16384	Windows SP1 Image Resource
imapi.dll	6.2.10240.16384	Image Mastering API
imapi2.dll	6.2.10240.16384	Image Mastering API v2
imapi2fs.dll	6.2.10240.16384	Image Mastering File System Imaging API v2
imgutil.dll	11.0.10240.16384	IE plugin image decoder support DLL
imm32.dll	6.2.10240.16384	Multi-User Windows IMM32 API Client DLL
inetcomm.dll	6.2.10240.16384	Microsoft Internet Messaging API Resources
inetmib1.dll	6.2.10240.16384	Microsoft MIB-II subagent
inetres.dll	6.2.10240.16384	Microsoft Internet Messaging API Resources
inkanalysis.dll	6.2.10240.16384	InkAnalysis DLL
inked.dll	6.2.10240.16384	Microsoft Tablet PC InkEdit Control
inkobjcore.dll	6.2.10240.16384	Microsoft Tablet PC Ink Platform Component
input.dll	6.2.10240.16384	InputSetting DLL
inputinjectionbroker.dll	6.2.10240.16384	Broker for WinRT input injection.
inputlocalemanager.dll
inputservice.dll
inputswitch.dll	6.2.10240.16384	Microsoft Windows Input Switcher
inseng.dll	11.0.10240.16384	Install engine
intel_opencl_icd32.dll	1.2.11.0	OpenCL Client DLL
intelopencl32.dll	10.18.10.4252	Intel(R) OpenCL(TM) Common Runtime Driver
iologmsg.dll	6.2.10240.16384	IO Logging DLL
iotassignedaccesslockframework.dll	6.2.10240.16384	Windows Runtime Assigned Access Management DLL
ipeloggingdictationhelper.dll	1.0.0.1	IPE Logging Library Helper
iphlpapi.dll	6.2.10240.16384	IP Helper API
iprop.dll	6.2.10240.16384	OLE PropertySet Implementation
iprtprio.dll	6.2.10240.16384	IP Routing Protocol Priority DLL
iprtrmgr.dll	6.2.10240.16384	IP Router Manager
ipsecsnp.dll	6.2.10240.16384	IP Security Policy Management Snap-in
ipsmsnap.dll	6.2.10240.16384	IP Security Monitor Snap-in
ir32_32.dll	6.2.10240.16384	IR32_32 WRAPPER DLL
ir32_32original.dll	3.24.15.3	Intel Indeo(R) Video R3.2 32-bit Driver
ir41_32original.dll	4.51.16.3	Intel Indeo� Video 4.5
ir41_qc.dll	6.2.10240.16384	IR41_QC WRAPPER DLL
ir41_qcoriginal.dll	4.30.62.2	Intel Indeo� Video Interactive Quick Compressor
ir41_qcx.dll	6.2.10240.16384	IR41_QCX WRAPPER DLL
ir41_qcxoriginal.dll	4.30.64.1	Intel Indeo� Video Interactive Quick Compressor
ir50_32.dll	6.2.10240.16384	IR50_32 WRAPPER DLL
ir50_32original.dll	5.2562.15.55	Intel Indeo� video 5.10
ir50_qc.dll	6.2.10240.16384	IR50_QC WRAPPER DLL
ir50_qcoriginal.dll	5.0.63.48	Intel Indeo� video 5.10 Quick Compressor
ir50_qcx.dll	6.2.10240.16384	IR50_QCX WRAPPER DLL
ir50_qcxoriginal.dll	5.0.64.48	Intel Indeo� video 5.10 Quick Compressor
irclass.dll	6.2.10240.16384	Infrared Class Coinstaller
iscsicpl.dll	5.2.3790.1830	iSCSI Initiator Control Panel Applet
iscsidsc.dll	6.2.10240.16384	iSCSI Discovery api
iscsied.dll	6.2.10240.16384	iSCSI Extension DLL
iscsium.dll	6.2.10240.16384	iSCSI Discovery api
iscsiwmi.dll	6.2.10240.16384	MS iSCSI Initiator WMI Provider
iscsiwmiv2.dll	6.2.10240.16384	WMI Provider for iSCSI
itircl.dll	6.2.10240.16384	Microsoft� InfoTech IR Local DLL
itss.dll	6.2.10240.16384	Microsoft� InfoTech Storage System Library
iyuv_32.dll	6.2.10240.16384	Intel Indeo(R) Video YUV Codec
javascriptcollectionagent.dll	11.0.10240.16384	JavaScript Performance Collection Agent
jdns_sd.dll	1.0.6.2	Bonjour support for Java
joinproviderol.dll	6.2.10240.16384	Online Join Provider DLL
joinutil.dll	6.2.10240.16384	Join Utility DLL
jpmapcontrol.dll	6.2.10240.16384	Jupiter Map Control
jscript.dll	5.812.10240.16485	Microsoft � JScript
jscript9.dll	11.0.10240.16386	Microsoft � JScript
jscript9diag.dll	11.0.10240.16384	Microsoft � JScript Diagnostics
jsproxy.dll	11.0.10240.16384	JScript Proxy Auto-Configuration
kbd101.dll	6.2.10240.16384	JP Japanese Keyboard Layout for 101
kbd101a.dll	6.2.10240.16384	KO Hangeul Keyboard Layout for 101 (Type A)
kbd101b.dll	6.2.10240.16384	KO Hangeul Keyboard Layout for 101(Type B)
kbd101c.dll	6.2.10240.16384	KO Hangeul Keyboard Layout for 101(Type C)
kbd103.dll	6.2.10240.16384	KO Hangeul Keyboard Layout for 103
kbd106.dll	6.2.10240.16384	JP Japanese Keyboard Layout for 106
kbd106n.dll	6.2.10240.16384	JP Japanese Keyboard Layout for 106
kbda1.dll	6.2.10240.16384	Arabic_English_101 Keyboard Layout
kbda2.dll	6.2.10240.16384	Arabic_2 Keyboard Layout
kbda3.dll	6.2.10240.16384	Arabic_French_102 Keyboard Layout
kbdal.dll	6.2.10240.16384	Albania Keyboard Layout
kbdarme.dll	6.2.10240.16384	Eastern Armenian Keyboard Layout
kbdarmph.dll	6.2.10240.16384	Armenian Phonetic Keyboard Layout
kbdarmty.dll	6.2.10240.16384	Armenian Typewriter Keyboard Layout
kbdarmw.dll	6.2.10240.16384	Western Armenian Keyboard Layout
kbdax2.dll	6.2.10240.16384	JP Japanese Keyboard Layout for AX2
kbdaze.dll	6.2.10240.16384	Azerbaijan_Cyrillic Keyboard Layout
kbdazel.dll	6.2.10240.16384	Azeri-Latin Keyboard Layout
kbdazst.dll	6.2.10240.16384	Azerbaijani (Standard) Keyboard Layout
kbdbash.dll	6.2.10240.16384	Bashkir Keyboard Layout
kbdbe.dll	6.2.10240.16384	Belgian Keyboard Layout
kbdbene.dll	6.2.10240.16384	Belgian Dutch Keyboard Layout
kbdbgph.dll	6.2.10240.16384	Bulgarian Phonetic Keyboard Layout
kbdbgph1.dll	6.2.10240.16384	Bulgarian (Phonetic Traditional) Keyboard Layout
kbdbhc.dll	6.2.10240.16384	Bosnian (Cyrillic) Keyboard Layout
kbdblr.dll	6.2.10240.16384	Belarusian Keyboard Layout
kbdbr.dll	6.2.10240.16384	Brazilian Keyboard Layout
kbdbu.dll	6.2.10240.16384	Bulgarian (Typewriter) Keyboard Layout
kbdbug.dll	6.2.10240.16384	Buginese Keyboard Layout
kbdbulg.dll	6.2.10240.16384	Bulgarian Keyboard Layout
kbdca.dll	6.2.10240.16384	Canadian Multilingual Keyboard Layout
kbdcan.dll	6.2.10240.16384	Canadian Multilingual Standard Keyboard Layout
kbdcher.dll	6.2.10240.16384	Cherokee Nation Keyboard Layout
kbdcherp.dll	6.2.10240.16384	Cherokee Phonetic Keyboard Layout
kbdcr.dll	6.2.10240.16384	Croatian/Slovenian Keyboard Layout
kbdcz.dll	6.2.10240.16384	Czech Keyboard Layout
kbdcz1.dll	6.2.10240.16384	Czech_101 Keyboard Layout
kbdcz2.dll	6.2.10240.16384	Czech_Programmer's Keyboard Layout
kbdda.dll	6.2.10240.16384	Danish Keyboard Layout
kbddiv1.dll	6.2.10240.16384	Divehi Phonetic Keyboard Layout
kbddiv2.dll	6.2.10240.16384	Divehi Typewriter Keyboard Layout
kbddv.dll	6.2.10240.16384	Dvorak US English Keyboard Layout
kbddzo.dll	6.2.10240.16384	Dzongkha Keyboard Layout
kbdes.dll	6.2.10240.16384	Spanish Alernate Keyboard Layout
kbdest.dll	6.2.10240.16384	Estonia Keyboard Layout
kbdfa.dll	6.2.10240.16384	Persian Keyboard Layout
kbdfar.dll	6.2.10240.16384	Persian Standard Keyboard Layout
kbdfc.dll	6.2.10240.16384	Canadian French Keyboard Layout
kbdfi.dll	6.2.10240.16384	Finnish Keyboard Layout
kbdfi1.dll	6.2.10240.16384	Finnish-Swedish with Sami Keyboard Layout
kbdfo.dll	6.2.10240.16384	F�roese Keyboard Layout
kbdfr.dll	6.2.10240.16384	French Keyboard Layout
kbdfthrk.dll	6.2.10240.16384	Futhark Keyboard Layout
kbdgae.dll	6.2.10240.16384	Scottish Gaelic (United Kingdom) Keyboard Layout
kbdgeo.dll	6.2.10240.16384	Georgian Keyboard Layout
kbdgeoer.dll	6.2.10240.16384	Georgian (Ergonomic) Keyboard Layout
kbdgeome.dll	6.2.10240.16384	Georgian (MES) Keyboard Layout
kbdgeooa.dll	6.2.10240.16384	Georgian (Old Alphabets) Keyboard Layout
kbdgeoqw.dll	6.2.10240.16384	Georgian (QWERTY) Keyboard Layout
kbdgkl.dll	6.2.10240.16384	Greek_Latin Keyboard Layout
kbdgn.dll	6.2.10240.16384	Guarani Keyboard Layout
kbdgr.dll	6.2.10240.16384	German Keyboard Layout
kbdgr1.dll	6.2.10240.16384	German_IBM Keyboard Layout
kbdgrlnd.dll	6.2.10240.16384	Greenlandic Keyboard Layout
kbdgthc.dll	6.2.10240.16384	Gothic Keyboard Layout
kbdhau.dll	6.2.10240.16384	Hausa Keyboard Layout
kbdhaw.dll	6.2.10240.16384	Hawaiian Keyboard Layout
kbdhe.dll	6.2.10240.16384	Greek Keyboard Layout
kbdhe220.dll	6.2.10240.16384	Greek IBM 220 Keyboard Layout
kbdhe319.dll	6.2.10240.16384	Greek IBM 319 Keyboard Layout
kbdheb.dll	6.2.10240.16384	KBDHEB Keyboard Layout
kbdhebl3.dll	6.2.10240.16384	Hebrew Standard Keyboard Layout
kbdhela2.dll	6.2.10240.16384	Greek IBM 220 Latin Keyboard Layout
kbdhela3.dll	6.2.10240.16384	Greek IBM 319 Latin Keyboard Layout
kbdhept.dll	6.2.10240.16384	Greek_Polytonic Keyboard Layout
kbdhu.dll	6.2.10240.16384	Hungarian Keyboard Layout
kbdhu1.dll	6.2.10240.16384	Hungarian 101-key Keyboard Layout
kbdibm02.dll	6.2.10240.16384	JP Japanese Keyboard Layout for IBM 5576-002/003
kbdibo.dll	6.2.10240.16384	Igbo Keyboard Layout
kbdic.dll	6.2.10240.16384	Icelandic Keyboard Layout
kbdinasa.dll	6.2.10240.16384	Assamese (Inscript) Keyboard Layout
kbdinbe1.dll	6.2.10240.16384	Bengali - Inscript (Legacy) Keyboard Layout
kbdinbe2.dll	6.2.10240.16384	Bengali (Inscript) Keyboard Layout
kbdinben.dll	6.2.10240.16384	Bengali Keyboard Layout
kbdindev.dll	6.2.10240.16384	Devanagari Keyboard Layout
kbdinen.dll	6.2.10240.16384	English (India) Keyboard Layout
kbdinguj.dll	6.2.10240.16384	Gujarati Keyboard Layout
kbdinhin.dll	6.2.10240.16384	Hindi Keyboard Layout
kbdinkan.dll	6.2.10240.16384	Kannada Keyboard Layout
kbdinmal.dll	6.2.10240.16384	Malayalam Keyboard Layout Keyboard Layout
kbdinmar.dll	6.2.10240.16384	Marathi Keyboard Layout
kbdinori.dll	6.2.10240.16384	Odia Keyboard Layout
kbdinpun.dll	6.2.10240.16384	Punjabi/Gurmukhi Keyboard Layout
kbdintam.dll	6.2.10240.16384	Tamil Keyboard Layout
kbdintel.dll	6.2.10240.16384	Telugu Keyboard Layout
kbdinuk2.dll	6.2.10240.16384	Inuktitut Naqittaut Keyboard Layout
kbdir.dll	6.2.10240.16384	Irish Keyboard Layout
kbdit.dll	6.2.10240.16384	Italian Keyboard Layout
kbdit142.dll	6.2.10240.16384	Italian 142 Keyboard Layout
kbdiulat.dll	6.2.10240.16384	Inuktitut Latin Keyboard Layout
kbdjav.dll	6.2.10240.16384	Javanese Keyboard Layout
kbdjpn.dll	6.2.10240.16384	JP Japanese Keyboard Layout Stub driver
kbdkaz.dll	6.2.10240.16384	Kazak_Cyrillic Keyboard Layout
kbdkhmr.dll	6.2.10240.16384	Cambodian Standard Keyboard Layout
kbdkni.dll	6.2.10240.16384	Khmer (NIDA) Keyboard Layout
kbdkor.dll	6.2.10240.16384	KO Hangeul Keyboard Layout Stub driver
kbdkurd.dll	6.2.10240.16384	Central Kurdish Keyboard Layout
kbdkyr.dll	6.2.10240.16384	Kyrgyz Keyboard Layout
kbdla.dll	6.2.10240.16384	Latin-American Spanish Keyboard Layout
kbdlao.dll	6.2.10240.16384	Lao Standard Keyboard Layout
kbdlisub.dll	6.2.10240.16384	Lisu Basic Keyboard Layout
kbdlisus.dll	6.2.10240.16384	Lisu Standard Keyboard Layout
kbdlk41a.dll	6.2.10240.16384	DEC LK411-AJ Keyboard Layout
kbdlt.dll	6.2.10240.16384	Lithuania Keyboard Layout
kbdlt1.dll	6.2.10240.16384	Lithuanian Keyboard Layout
kbdlt2.dll	6.2.10240.16384	Lithuanian Standard Keyboard Layout
kbdlv.dll	6.2.10240.16384	Latvia Keyboard Layout
kbdlv1.dll	6.2.10240.16384	Latvia-QWERTY Keyboard Layout
kbdlvst.dll	6.2.10240.16384	Latvian (Standard) Keyboard Layout
kbdmac.dll	6.2.10240.16384	Macedonian (FYROM) Keyboard Layout
kbdmacst.dll	6.2.10240.16384	Macedonian (FYROM) - Standard Keyboard Layout
kbdmaori.dll	6.2.10240.16384	Maori Keyboard Layout
kbdmlt47.dll	6.2.10240.16384	Maltese 47-key Keyboard Layout
kbdmlt48.dll	6.2.10240.16384	Maltese 48-key Keyboard Layout
kbdmon.dll	6.2.10240.16384	Mongolian Keyboard Layout
kbdmonmo.dll	6.2.10240.16384	Mongolian (Mongolian Script) Keyboard Layout
kbdmonst.dll	6.2.10240.16384	Traditional Mongolian (Standard) Keyboard Layout
kbdmyan.dll	6.2.10240.16384	Myanmar Keyboard Layout
kbdne.dll	6.2.10240.16384	Dutch Keyboard Layout
kbdnec.dll	6.2.10240.16384	JP Japanese Keyboard Layout for (NEC PC-9800)
kbdnec95.dll	6.2.10240.16384	JP Japanese Keyboard Layout for (NEC PC-9800 Windows 95)
kbdnecat.dll	6.2.10240.16384	JP Japanese Keyboard Layout for (NEC PC-9800 on PC98-NX)
kbdnecnt.dll	6.2.10240.16384	JP Japanese NEC PC-9800 Keyboard Layout
kbdnepr.dll	6.2.10240.16384	Nepali Keyboard Layout
kbdnko.dll	6.2.10240.16384	N'Ko Keyboard Layout
kbdno.dll	6.2.10240.16384	Norwegian Keyboard Layout
kbdno1.dll	6.2.10240.16384	Norwegian with Sami Keyboard Layout
kbdnso.dll	6.2.10240.16384	Sesotho sa Leboa Keyboard Layout
kbdntl.dll	6.2.10240.16384	New Tai Leu Keyboard Layout
kbdogham.dll	6.2.10240.16384	Ogham Keyboard Layout
kbdolch.dll	6.2.10240.16384	Ol Chiki Keyboard Layout
kbdoldit.dll	6.2.10240.16384	Old Italic Keyboard Layout
kbdosm.dll	6.2.10240.16384	Osmanya Keyboard Layout
kbdpash.dll	6.2.10240.16384	Pashto (Afghanistan) Keyboard Layout
kbdphags.dll	6.2.10240.16384	Phags-pa Keyboard Layout
kbdpl.dll	6.2.10240.16384	Polish Keyboard Layout
kbdpl1.dll	6.2.10240.16384	Polish Programmer's Keyboard Layout
kbdpo.dll	6.2.10240.16384	Portuguese Keyboard Layout
kbdro.dll	6.2.10240.16384	Romanian (Legacy) Keyboard Layout
kbdropr.dll	6.2.10240.16384	Romanian (Programmers) Keyboard Layout
kbdrost.dll	6.2.10240.16384	Romanian (Standard) Keyboard Layout
kbdru.dll	6.2.10240.16384	Russian Keyboard Layout
kbdru1.dll	6.2.10240.16384	Russia(Typewriter) Keyboard Layout
kbdrum.dll	6.2.10240.16384	Russian - Mnemonic Keyboard Layout
kbdsf.dll	6.2.10240.16384	Swiss French Keyboard Layout
kbdsg.dll	6.2.10240.16384	Swiss German Keyboard Layout
kbdsl.dll	6.2.10240.16384	Slovak Keyboard Layout
kbdsl1.dll	6.2.10240.16384	Slovak(QWERTY) Keyboard Layout
kbdsmsfi.dll	6.2.10240.16384	Sami Extended Finland-Sweden Keyboard Layout
kbdsmsno.dll	6.2.10240.16384	Sami Extended Norway Keyboard Layout
kbdsn1.dll	6.2.10240.16384	Sinhala Keyboard Layout
kbdsora.dll	6.2.10240.16384	Sora Keyboard Layout
kbdsorex.dll	6.2.10240.16384	Sorbian Extended Keyboard Layout
kbdsors1.dll	6.2.10240.16384	Sorbian Standard Keyboard Layout
kbdsorst.dll	6.2.10240.16384	Sorbian Standard (Legacy) Keyboard Layout
kbdsp.dll	6.2.10240.16384	Spanish Keyboard Layout
kbdsw.dll	6.2.10240.16384	Swedish Keyboard Layout
kbdsw09.dll	6.2.10240.16384	Sinhala - Wij 9 Keyboard Layout
kbdsyr1.dll	6.2.10240.16384	Syriac Standard Keyboard Layout
kbdsyr2.dll	6.2.10240.16384	Syriac Phoenetic Keyboard Layout
kbdtaile.dll	6.2.10240.16384	Tai Le Keyboard Layout
kbdtajik.dll	6.2.10240.16384	Tajik Keyboard Layout
kbdtat.dll	6.2.10240.16384	Tatar (Legacy) Keyboard Layout
kbdth0.dll	6.2.10240.16384	Thai Kedmanee Keyboard Layout
kbdth1.dll	6.2.10240.16384	Thai Pattachote Keyboard Layout
kbdth2.dll	6.2.10240.16384	Thai Kedmanee (non-ShiftLock) Keyboard Layout
kbdth3.dll	6.2.10240.16384	Thai Pattachote (non-ShiftLock) Keyboard Layout
kbdtifi.dll	6.2.10240.16384	Tifinagh (Basic) Keyboard Layout
kbdtifi2.dll	6.2.10240.16384	Tifinagh (Extended) Keyboard Layout
kbdtiprc.dll	6.2.10240.16384	Tibetan (PRC) Keyboard Layout
kbdtiprd.dll	6.2.10240.16384	Tibetan (PRC) - Updated Keyboard Layout
kbdtt102.dll	6.2.10240.16384	Tatar Keyboard Layout
kbdtuf.dll	6.2.10240.16384	Turkish F Keyboard Layout
kbdtuq.dll	6.2.10240.16384	Turkish Q Keyboard Layout
kbdturme.dll	6.2.10240.16384	Turkmen Keyboard Layout
kbdtzm.dll	6.2.10240.16384	Central Atlas Tamazight Keyboard Layout
kbdughr.dll	6.2.10240.16384	Uyghur (Legacy) Keyboard Layout
kbdughr1.dll	6.2.10240.16384	Uyghur Keyboard Layout
kbduk.dll	6.2.10240.16384	United Kingdom Keyboard Layout
kbdukx.dll	6.2.10240.16384	United Kingdom Extended Keyboard Layout
kbdur.dll	6.2.10240.16384	Ukrainian Keyboard Layout
kbdur1.dll	6.2.10240.16384	Ukrainian (Enhanced) Keyboard Layout
kbdurdu.dll	6.2.10240.16384	Urdu Keyboard Layout
kbdus.dll	6.2.10240.16384	United States Keyboard Layout
kbdusa.dll	6.2.10240.16384	US IBM Arabic 238_L Keyboard Layout
kbdusl.dll	6.2.10240.16384	Dvorak Left-Hand US English Keyboard Layout
kbdusr.dll	6.2.10240.16384	Dvorak Right-Hand US English Keyboard Layout
kbdusx.dll	6.2.10240.16384	US Multinational Keyboard Layout
kbduzb.dll	6.2.10240.16384	Uzbek_Cyrillic Keyboard Layout
kbdvntc.dll	6.2.10240.16384	Vietnamese Keyboard Layout
kbdwol.dll	6.2.10240.16384	Wolof Keyboard Layout
kbdyak.dll	6.2.10240.16384	Sakha - Russia Keyboard Layout
kbdyba.dll	6.2.10240.16384	Yoruba Keyboard Layout
kbdycc.dll	6.2.10240.16384	Serbian (Cyrillic) Keyboard Layout
kbdycl.dll	6.2.10240.16384	Serbian (Latin) Keyboard Layout
kerbclientshared.dll	6.2.10240.16384	Kerberos Client Shared Functionality
kerberos.dll	6.2.10240.16384	Kerberos Security Package
kernel.appcore.dll	6.2.10240.16384	AppModel API Host
kernel32.dll	6.2.10240.16384	Windows NT BASE API Client DLL
kernelbase.dll	6.2.10240.16384	Windows NT BASE API Client DLL
keyiso.dll	6.2.10240.16384	CNG Key Isolation Service
keymgr.dll	6.2.10240.16384	Stored User Names and Passwords
ksuser.dll	6.2.10240.16384	User CSA Library
ktmw32.dll	6.2.10240.16384	Windows KTM Win32 Client DLL
l2gpstore.dll	6.2.10240.16384	Policy Storage dll
l2nacp.dll	6.2.10240.16384	Windows Onex Credential Provider
l2sechc.dll	6.2.10240.16384	Layer 2 Security Diagnostics Helper Classes
laprxy.dll	12.0.10240.16384	Windows Media Logagent Proxy
lfsvc.dll	6.2.10240.16384	Geolocation Service
licensemanager.dll	6.2.10240.16461	LicenseManager
licmgr10.dll	11.0.10240.16384	Microsoft� License Manager DLL
linkinfo.dll	6.2.10240.16384	Windows Volume Tracking
loadperf.dll	6.2.10240.16384	Load & Unload Performance Counters
localsec.dll	6.2.10240.16384	Local Users and Groups MMC Snapin
locationapi.dll	6.2.10240.16384	Microsoft Windows Location API
locationframework.dll	6.2.10240.16384	Windows Geolocation Framework
locationframeworkinternalps.dll	6.2.10240.16384	Windows Geolocation Framework Internal PS
locationframeworkps.dll	6.2.10240.16384	Windows Geolocation Framework PS
lockappbroker.dll	6.2.10240.16425	Windows Lock App Broker DLL
loghours.dll	6.2.10240.16384	Schedule Dialog
logoncli.dll	6.2.10240.16384	Net Logon Client DLL
logoncontroller.dll	6.2.10240.16425	Logon UX Controller
lpk.dll	6.2.10240.16384	Language Pack
lsmproxy.dll	6.2.10240.16384	LSM interfaces proxy Dll
luainstall.dll	6.2.10240.16384	Lua manifest install
lz32.dll	6.2.10240.16384	LZ Expand/Compress API DLL
magnification.dll	6.2.10240.16384	Microsoft Magnification API
mapconfiguration.dll	6.2.10240.16392	MapConfiguration
mapcontrolcore.dll	6.2.10240.16384	Map Control Core
mapcontrolstringsres.dll	6.2.10240.16384	Map control resource strings
mapi32.dll	1.0.2536.0	Extended MAPI 1.0 for Windows NT
mapistub.dll	1.0.2536.0	Extended MAPI 1.0 for Windows NT
mapsbtsvc.dll	6.2.10240.16384	Maps Background Transfer Service
mbaeapi.dll	6.2.10240.16431	Mobile Broadband Account Experience API
mbaeapipublic.dll	6.2.10240.16431	Mobile Broadband Account API
mbsmsapi.dll	6.2.10240.16384	Microsoft Windows Mobile Broadband SMS API
mbussdapi.dll	6.2.10240.16384	Microsoft Windows Mobile Broadband USSD API
mcewmdrmndbootstrap.dll	1.3.2310.10	Windows� Media Center WMDRM-ND Receiver Bridge Bootstrap DLL
mciavi32.dll	6.2.10240.16384	Video For Windows MCI driver
mcicda.dll	6.2.10240.16384	MCI driver for cdaudio devices
mciqtz32.dll	6.2.10240.16384	DirectShow MCI Driver
mciseq.dll	6.2.10240.16384	MCI driver for MIDI sequencer
mciwave.dll	6.2.10240.16384	MCI driver for waveform audio
mcrecvsrc.dll	12.0.10240.16385	Miracast Media Foundation Source DLL
mdminst.dll	6.2.10240.16384	Modem Class Installer
mdmregistration.dll	6.2.10240.16384	MDM Registration DLL
messagingdatamodel2.dll	6.2.10240.16394	MessagingDataModel2
mf.dll	12.0.10240.16384	Media Foundation DLL
mf3216.dll	6.2.10240.16384	32-bit to 16-bit Metafile Conversion DLL
mfaacenc.dll	6.2.10240.16384	Media Foundation AAC Encoder
mfasfsrcsnk.dll	12.0.10240.16384	Media Foundation ASF Source and Sink DLL
mfc100.dll	10.0.40219.325	MFCDLL Shared Library - Retail Version
mfc100chs.dll	10.0.40219.325	MFC Language Specific Resources
mfc100cht.dll	10.0.40219.325	MFC Language Specific Resources
mfc100deu.dll	10.0.40219.325	MFC Language Specific Resources
mfc100enu.dll	10.0.40219.325	MFC Language Specific Resources
mfc100esn.dll	10.0.40219.325	MFC Language Specific Resources
mfc100fra.dll	10.0.40219.325	MFC Language Specific Resources
mfc100ita.dll	10.0.40219.325	MFC Language Specific Resources
mfc100jpn.dll	10.0.40219.325	MFC Language Specific Resources
mfc100kor.dll	10.0.40219.325	MFC Language Specific Resources
mfc100rus.dll	10.0.40219.325	MFC Language Specific Resources
mfc100u.dll	10.0.40219.325	MFCDLL Shared Library - Retail Version
mfc110.dll	11.0.60610.1	MFCDLL Shared Library - Retail Version
mfc110chs.dll	11.0.60610.1	MFC Language Specific Resources
mfc110cht.dll	11.0.60610.1	MFC Language Specific Resources
mfc110deu.dll	11.0.60610.1	MFC Language Specific Resources
mfc110enu.dll	11.0.60610.1	MFC Language Specific Resources
mfc110esn.dll	11.0.60610.1	MFC Language Specific Resources
mfc110fra.dll	11.0.60610.1	MFC Language Specific Resources
mfc110ita.dll	11.0.60610.1	MFC Language Specific Resources
mfc110jpn.dll	11.0.60610.1	MFC Language Specific Resources
mfc110kor.dll	11.0.60610.1	MFC Language Specific Resources
mfc110rus.dll	11.0.60610.1	MFC Language Specific Resources
mfc110u.dll	11.0.60610.1	MFCDLL Shared Library - Retail Version
mfc40.dll	4.1.0.6140	MFCDLL Shared Library - Retail Version
mfc40u.dll	4.1.0.6140	MFCDLL Shared Library - Retail Version
mfc42.dll	6.6.8063.0	MFCDLL Shared Library - Retail Version
mfc42u.dll	6.6.8063.0	MFCDLL Shared Library - Retail Version
mfcaptureengine.dll	12.0.10240.16384	Media Foundation CaptureEngine DLL
mfcm100.dll	10.0.40219.325	MFC Managed Library - Retail Version
mfcm100u.dll	10.0.40219.325	MFC Managed Library - Retail Version
mfcm110.dll	11.0.60610.1	MFC Managed Library - Retail Version
mfcm110u.dll	11.0.60610.1	MFC Managed Library - Retail Version
mfcore.dll	12.0.10240.16431	Media Foundation Core DLL
mfcsubs.dll	2001.12.10941.16384	COM+
mfds.dll	12.0.10240.16384	Media Foundation Direct Show wrapper DLL
mfdvdec.dll	6.2.10240.16384	Media Foundation DV Decoder
mferror.dll	12.0.10240.16384	Media Foundation Error DLL
mfh263enc.dll	6.2.10240.16384	Media Foundation h263 Encoder
mfh264enc.dll	6.2.10240.16384	Media Foundation H264 Encoder
mfh265enc.dll	6.2.10240.16384	Media Foundation H265 Encoder
mfmediaengine.dll	6.2.10240.16431	Media Foundation Media Engine DLL
mfmjpegdec.dll	6.2.10240.16384	Media Foundation MJPEG Decoder
mfmkvsrcsnk.dll	6.2.10240.16412	Media Foundation MKV Media Source and Sink DLL
mfmp4srcsnk.dll	12.0.10240.16412	Media Foundation MPEG4 Source and Sink DLL
mfmpeg2srcsnk.dll	12.0.10240.16412	Media Foundation MPEG2 Source and Sink DLL
mfnetcore.dll	12.0.10240.16384	Media Foundation Net Core DLL
mfnetsrc.dll	12.0.10240.16384	Media Foundation Net Source DLL
mfperfhelper.dll	12.0.10240.16384	MFPerf DLL
mfplat.dll	12.0.10240.16431	Media Foundation Platform DLL
mfplay.dll	12.0.10240.16412	Media Foundation Playback API DLL
mfps.dll	12.0.10240.16384	Media Foundation Proxy DLL
mfreadwrite.dll	12.0.10240.16384	Media Foundation ReadWrite DLL
mfsrcsnk.dll	12.0.10240.16412	Media Foundation Source and Sink DLL
mfsvr.dll	6.2.10240.16427	Media Foundation Simple Video Renderer DLL
mftranscode.dll	12.0.10240.16384	Media Foundation Transcode DLL
mfvdsp.dll	6.2.10240.16384	Windows Media Foundation Video DSP Components
mfwmaaec.dll	6.2.10240.16384	Windows Media Audio AEC for Media Foundation
mgmtapi.dll	6.2.10240.16384	Microsoft SNMP Manager API (uses WinSNMP)
mi.dll	6.2.10240.16384	Management Infrastructure
mibincodec.dll	6.2.10240.16384	Management Infrastructure binary codec component
microsoft.management.infrastructure.native.unmanaged.dll	6.2.10240.16384	Microsoft.Management.Infrastructure.Native.Unmanaged.dll
microsoftaccountextension.dll	6.2.10240.16384	Microsoft Account Extension DLL
microsoftaccounttokenprovider.dll	6.2.10240.16384	Microsoft� Account Token Provider
microsoft-windows-mapcontrols.dll	6.2.10240.16384	Map Event Resources
microsoft-windows-moshost.dll	6.2.10240.16384	MosHost Event Resources
microsoft-windows-mostrace.dll	6.2.10240.16384	MOS Event Resources
midimap.dll	6.2.10240.16384	Microsoft MIDI Mapper
migisol.dll	6.2.10240.16384	Migration System Isolation Layer
miguiresource.dll	6.2.10240.16384	MIG wini32 resources
mimefilt.dll	2008.0.10240.16384	MIME Filter
mimofcodec.dll	6.2.10240.16384	Management Infrastructure mof codec component
minstoreevents.dll	6.2.10240.16384	Minstore Event Resource
miracastreceiver.dll	12.0.10240.16384	Miracast Receiver API
mirrordrvcompat.dll	6.2.10240.16384	Mirror Driver Compatibility Helper
mispace.dll	6.2.10240.16384	Storage Management Provider for Spaces
miutils.dll	6.2.10240.16384	Management Infrastructure
mlang.dll	6.2.10240.16384	Multi Language Support DLL
mmcbase.dll	6.2.10240.16384	MMC Base DLL
mmci.dll	6.2.10240.16384	Media class installer
mmcico.dll	6.2.10240.16384	Media class co-installer
mmcndmgr.dll	6.2.10240.16384	MMC Node Manager DLL
mmcshext.dll	6.2.10240.16384	MMC Shell Extension DLL
mmdevapi.dll	6.2.10240.16384	MMDevice API
mmres.dll	6.2.10240.16384	General Audio Resources
modemui.dll	6.2.10240.16384	Windows Modem Properties
moricons.dll	6.2.10240.16384	Windows NT Setup Icon Resources Library
mos.dll	6.2.10240.16392	mos
moshostclient.dll	6.2.10240.16384	MosHostClient
mp3dmod.dll	6.2.10240.16384	Microsoft MP3 Decoder DMO
mp43decd.dll	6.2.10240.16384	Windows Media MPEG-4 Video Decoder
mp4sdecd.dll	6.2.10240.16384	Windows Media MPEG-4 S Video Decoder
mpg4decd.dll	6.2.10240.16384	Windows Media MPEG-4 Video Decoder
mpr.dll	6.2.10240.16384	Multiple Provider Router DLL
mprapi.dll	6.2.10240.16384	Windows NT MP Router Administration DLL
mprddm.dll	6.2.10240.16384	Demand Dial Manager Supervisor
mprdim.dll	6.2.10240.16384	Dynamic Interface Manager
mprext.dll	6.2.10240.16384	Multiple Provider Router Extension DLL
mprmsg.dll	6.2.10240.16384	Multi-Protocol Router Service Messages DLL
mrmcorer.dll	6.2.10240.16385	Microsoft Windows MRM
mrmindexer.dll	6.2.10240.16384	Microsoft Windows MRM
mrt_map.dll	1.0.22929.0	Microsoft .NET Native Error Reporting Helper
mrt100.dll	1.0.22929.0	Microsoft .NET Native Runtime
ms3dthumbnailprovider.dll	6.2.10240.16384	3MF Metadata Handler
msaatext.dll	2.0.10413.0	Active Accessibility text support
msac3enc.dll	6.2.10240.16384	Microsoft AC-3 Encoder
msacm32.dll	6.2.10240.16384	Microsoft ACM Audio Filter
msadce.dll	6.2.10240.16384	OLE DB Cursor Engine
msadcer.dll	6.2.10240.16384	OLE DB Cursor Engine Resources
msadco.dll	6.2.10240.16384	Remote Data Services Data Control
msadcor.dll	6.2.10240.16384	Remote Data Services Data Control Resources
msadds.dll	6.2.10240.16384	OLE DB Data Shape Provider
msaddsr.dll	6.2.10240.16384	OLE DB Data Shape Provider Resources
msader15.dll	6.2.10240.16384	ActiveX Data Objects Resources
msado15.dll	6.2.10240.16384	ActiveX Data Objects
msadomd.dll	6.2.10240.16384	ActiveX Data Objects (Multi-Dimensional)
msador15.dll	6.2.10240.16384	Microsoft ActiveX Data Objects Recordset
msadox.dll	6.2.10240.16384	ActiveX Data Objects Extensions
msadrh15.dll	6.2.10240.16384	ActiveX Data Objects Rowset Helper
msafd.dll	6.2.10240.16384	Microsoft Windows Sockets 2.0 Service Provider
msajapi.dll	6.2.10240.16384	AllJoyn API Library
msalacdecoder.dll	6.2.10240.16384	Media Foundation ALAC Decoder
msalacencoder.dll	6.2.10240.16384	Media Foundation ALAC Encoder
msamrnbdecoder.dll	6.2.10240.16384	AMR Narrowband Decoder DLL
msamrnbencoder.dll	6.2.10240.16384	AMR Narrowband Encoder DLL
msamrnbsink.dll	6.2.10240.16384	AMR Narrowband Sink DLL
msamrnbsource.dll	6.2.10240.16384	AMR Narrowband Source DLL
msasn1.dll	6.2.10240.16384	ASN.1 Runtime APIs
msauddecmft.dll	6.2.10240.16384	Media Foundation Audio Decoders
msaudite.dll	6.2.10240.16384	Security Audit Events DLL
msauserext.dll	6.2.10240.16384	MSA USER Extension DLL
mscandui.dll	6.2.10240.16384	MSCANDUI Server DLL
mscat32.dll	6.2.10240.16384	MSCAT32 Forwarder DLL
msclmd.dll	10.0.10240.16384	Microsoft Class Mini-driver
mscms.dll	6.2.10240.16384	Microsoft Color Matching System DLL
mscoree.dll	6.2.10240.16384	Microsoft .NET Runtime Execution Engine
mscorier.dll	6.2.10240.16384	Microsoft .NET Runtime IE resources
mscories.dll	2.0.50727.8662	Microsoft .NET IE SECURITY REGISTRATION
mscpx32r.dll	6.2.10240.16384	ODBC Code Page Translator Resources
mscpxl32.dll	6.2.10240.16384	ODBC Code Page Translator
msctf.dll	6.2.10240.16384	MSCTF Server DLL
msctfmonitor.dll	6.2.10240.16384	MsCtfMonitor DLL
msctfp.dll	6.2.10240.16384	MSCTFP Server DLL
msctfui.dll	6.2.10240.16384	MSCTFUI Server DLL
msctfuimanager.dll	6.2.10240.16425	Microsoft UIManager DLL
msdadc.dll	6.2.10240.16384	OLE DB Data Conversion Stub
msdadiag.dll	6.2.10240.16384	Built-In Diagnostics
msdaenum.dll	6.2.10240.16384	OLE DB Root Enumerator Stub
msdaer.dll	6.2.10240.16384	OLE DB Error Collection Stub
msdaora.dll	6.2.10240.16384	OLE DB Provider for Oracle
msdaorar.dll	6.2.10240.16384	OLE DB Provider for Oracle Resources
msdaosp.dll	6.2.10240.16384	OLE DB Simple Provider
msdaprsr.dll	6.2.10240.16384	OLE DB Persistence Services Resources
msdaprst.dll	6.2.10240.16384	OLE DB Persistence Services
msdaps.dll	6.2.10240.16384	OLE DB Interface Proxies/Stubs
msdarem.dll	6.2.10240.16384	OLE DB Remote Provider
msdaremr.dll	6.2.10240.16384	OLE DB Remote Provider Resources
msdart.dll	6.2.10240.16384	OLE DB Runtime Routines
msdasc.dll	6.2.10240.16384	OLE DB Service Components Stub
msdasql.dll	6.2.10240.16384	OLE DB Provider for ODBC Drivers
msdasqlr.dll	6.2.10240.16384	OLE DB Provider for ODBC Drivers Resources
msdatl3.dll	6.2.10240.16384	OLE DB Implementation Support Routines
msdatt.dll	6.2.10240.16384	OLE DB Temporary Table Services
msdaurl.dll	6.2.10240.16384	OLE DB RootBinder Stub
msdelta.dll	6.2.10240.16384	Microsoft Patch Engine
msdfmap.dll	6.2.10240.16384	Data Factory Handler
msdmeng.dll	8.0.2039.0	Microsoft Data Mining Engine
msdmine.dll	8.0.2039.0	Microsoft OLE DB Provider for Data Mining Services
msdmo.dll	6.2.10240.16384	DMO Runtime
msdrm.dll	6.2.10240.16384	Windows Rights Management client
msdtcprx.dll	2001.12.10941.16384	Microsoft Distributed Transaction Coordinator OLE Transactions Interface Proxy DLL
msdtcuiu.dll	2001.12.10941.16384	Microsoft Distributed Transaction Coordinator Administrative DLL
msdtcvsp1res.dll	2001.12.10941.16384	Microsoft Distributed Transaction Coordinator Resources for Vista SP1
msexch40.dll	4.0.9756.0	Microsoft Jet Exchange Isam
msexcl40.dll	4.0.9756.0	Microsoft Jet Excel Isam
msfeeds.dll	11.0.10240.16384	Microsoft Feeds Manager
msfeedsbs.dll	11.0.10240.16384	Microsoft Feeds Background Sync
msflacdecoder.dll	6.2.10240.16384	Media Foundation FLAC Decoder
msflacencoder.dll	6.2.10240.16384	Media Foundation FLAC Encoder
msftedit.dll	6.2.10240.16386	Rich Text Edit Control, v7.5
mshtml.dll	11.0.10240.16485	Microsoft (R) HTML Viewer
mshtmldac.dll	11.0.10240.16384	DAC for Trident DOM
mshtmled.dll	11.0.10240.16384	Microsoft� HTML Editing Component
mshtmler.dll	11.0.10240.16384	Microsoft� HTML Editing Component's Resource DLL
msi.dll	5.0.10240.16386	Windows Installer
msidcrl40.dll	6.2.10240.16384	Microsoft� Account Dynamic Link Library
msident.dll	6.2.10240.16384	Microsoft Identity Manager
msidle.dll	6.2.10240.16384	User Idle Monitor
msidntld.dll	6.2.10240.16384	Microsoft Identity Manager
msieftp.dll	6.2.10240.16384	Microsoft Internet Explorer FTP Folder Shell Extension
msihnd.dll	5.0.10240.16384	Windows� installer
msiltcfg.dll	5.0.10240.16384	Windows Installer Configuration API Stub
msimg32.dll	6.2.10240.16384	GDIEXT Client DLL
msimsg.dll	5.0.10240.16384	Windows� Installer International Messages
msimtf.dll	6.2.10240.16384	Active IMM Server DLL
msisip.dll	5.0.10240.16384	MSI Signature SIP Provider
msiwer.dll	5.0.10240.16384	MSI Windows Error Reporting
msjet40.dll	4.0.9765.0	Microsoft Jet Engine Library
msjetoledb40.dll	4.0.9756.0
msjint40.dll	4.0.9765.0	Microsoft Jet Database Engine International DLL
msjro.dll	6.2.10240.16384	Jet and Replication Objects
msjter40.dll	4.0.9756.0	Microsoft Jet Database Engine Error DLL
msjtes40.dll	4.0.9756.0	Microsoft Jet Expression Service
mskeyprotcli.dll	6.2.10240.16384	Windows Client Key Protection Provider
mskeyprotect.dll	6.2.10240.16384	Microsoft Key Protection Provider
msls31.dll	3.10.349.0	Microsoft Line Services library file
msltus40.dll	4.0.9756.0	Microsoft Jet Lotus 1-2-3 Isam
msmdcb80.dll	8.0.2278.0	PivotTable Service dll
msmdgd80.dll	8.0.2039.0	Microsoft SQL Server Analysis Services driver
msmdun80.dll	2000.80.2039.0	String Function .DLL for SQL Enterprise Components
msmpeg2adec.dll	12.0.10133.0	Microsoft DTV-DVD Audio Decoder
msmpeg2enc.dll	12.0.10240.16384	Microsoft MPEG-2 Encoder
msmpeg2vdec.dll	12.0.10133.0	Microsoft DTV-DVD Video Decoder
msnetobj.dll	11.0.10240.16384	DRM ActiveX Network Object
msobjs.dll	6.2.10240.16384	System object audit names
msoeacct.dll	6.2.10240.16384	Microsoft Internet Account Manager
msoert2.dll	6.2.10240.16384	Microsoft Windows Mail RT Lib
msolap80.dll	8.0.2216.0	Microsoft OLE DB Provider for Analysis Services 8.0
msolui80.dll	8.0.0.2039	Microsoft OLE DB provider for Analysis Services connection dialog 8.0
msorc32r.dll	6.2.10240.16384	ODBC Driver for Oracle Resources
msorcl32.dll	6.2.10240.16384	ODBC Driver for Oracle
mspatcha.dll	6.2.10240.16384	Microsoft File Patch Application API
mspatchc.dll	6.2.10240.16384	Microsoft Patch Creation Engine
mspbde40.dll	4.0.9756.0	Microsoft Jet Paradox Isam
msphotography.dll	6.2.10240.16384	MS Photography DLL
msports.dll	6.2.10240.16384	Ports Class Installer
msrating.dll	11.0.10240.16384	Internet Ratings and Local User Management DLL
msrd2x40.dll	4.0.9756.0	Microsoft (R) Red ISAM
msrd3x40.dll	4.0.9756.0	Microsoft (R) Red ISAM
msrdc.dll	6.2.10240.16384	Remote Differential Compression COM server
msrdpwebaccess.dll	6.2.10240.16384	Microsoft Remote Desktop Services Web Access Control
msrepl40.dll	4.0.9756.0	Microsoft Replication Library
msrle32.dll	6.2.10240.16384	Microsoft RLE Compressor
msscntrs.dll	7.0.10240.16384	PKM Perfmon Counter DLL
msscp.dll	11.0.10240.16384	Windows Media Secure Content Provider
msshooks.dll	7.0.10240.16384	Microsoft Search Hooks
mssign32.dll	6.2.10240.16384	Microsoft Trust Signing APIs
mssip32.dll	6.2.10240.16384	MSSIP32 Forwarder DLL
mssitlb.dll	7.0.10240.16384	mssitlb
msspellcheckingfacility.dll	6.2.10240.16384	Microsoft Spell Checking Facility
mssph.dll	7.0.10240.16384	Microsoft Search Protocol Handler
mssphtb.dll	7.0.10240.16384	Outlook MSSearch Connector
mssprxy.dll	7.0.10240.16384	Microsoft Search Proxy
mssrch.dll	7.0.10240.16431	Microsoft Embedded Search
mssvp.dll	7.0.10240.16384	MSSearch Vista Platform
mstask.dll	6.2.10240.16384	Task Scheduler interface DLL
mstext40.dll	4.0.9756.0	Microsoft Jet Text Isam
mstscax.dll	6.2.10240.16384	Remote Desktop Services ActiveX Client
msutb.dll	6.2.10240.16384	MSUTB Server DLL
msv1_0.dll	6.2.10240.16384	Microsoft Authentication Package v1.0
msvbvm60.dll	6.0.98.15	Visual Basic Virtual Machine
msvcirt.dll	7.0.10240.16384	Windows NT IOStreams DLL
msvcp_win.dll	6.2.10240.16384	Microsoft� C Runtime Library
msvcp100.dll	10.0.40219.325	Microsoft� C Runtime Library
msvcp110.dll	11.0.51106.1	Microsoft� C Runtime Library
msvcp110_win.dll	6.2.10240.16384	Microsoft� STL110 C++ Runtime Library
msvcp120.dll	12.0.21005.1	Microsoft� C Runtime Library
msvcp120_clr0400.dll	12.0.52512.0	Microsoft� C Runtime Library
msvcp60.dll	7.0.10240.16384	Windows NT C++ Runtime Library DLL
msvcr100.dll	10.0.40219.325	Microsoft� C Runtime Library
msvcr100_clr0400.dll	14.0.79.0	Microsoft� .NET Framework
msvcr110.dll	11.0.51106.1	Microsoft� C Runtime Library
msvcr120.dll	12.0.21005.1	Microsoft� C Runtime Library
msvcr120_clr0400.dll	12.0.52512.0	Microsoft� C Runtime Library
msvcrt.dll	7.0.10240.16384	Windows NT CRT DLL
msvcrt20.dll	2.12.0.0	Microsoft� C Runtime Library
msvcrt40.dll	6.2.10240.16384	VC 4.x CRT DLL (Forwarded to msvcrt.dll)
msvfw32.dll	6.2.10240.16384	Microsoft Video for Windows DLL
msvidc32.dll	6.2.10240.16384	Microsoft Video 1 Compressor
msvidctl.dll	6.5.10240.16384	ActiveX control for streaming video
msvideodsp.dll	6.2.10240.16384	Video Stabilization MFT
msvproc.dll	12.0.10240.16384	Media Foundation Video Processor
mswb7.dll	6.2.10240.16384	MSWB7 DLL
mswdat10.dll	4.0.9756.0	Microsoft Jet Sort Tables
mswmdm.dll	12.0.10240.16384	Windows Media Device Manager Core
mswsock.dll	6.2.10240.16384	Microsoft Windows Sockets 2.0 Service Provider
mswstr10.dll	4.0.9765.0	Microsoft Jet Sort Library
msxactps.dll	6.2.10240.16384	OLE DB Transaction Proxies/Stubs
msxbde40.dll	4.0.9756.0	Microsoft Jet xBASE Isam
msxml3.dll	8.110.10240.16384	MSXML 3.0
msxml3r.dll	8.110.10240.16384	XML Resources
msxml6.dll	6.30.10240.16384	MSXML 6.0
msxml6r.dll	6.30.10240.16384	XML Resources
msyuv.dll	6.2.10240.16384	Microsoft UYVY Video Decompressor
mtf.dll
mtxclu.dll	2001.12.10941.16384	Microsoft Distributed Transaction Coordinator Failover Clustering Support DLL
mtxdm.dll	2001.12.10941.16384	COM+
mtxex.dll	2001.12.10941.16384	COM+
mtxlegih.dll	2001.12.10941.16384	COM+
mtxoci.dll	2001.12.10941.16384	Microsoft Distributed Transaction Coordinator Database Support DLL for Oracle
muifontsetup.dll	6.2.10240.16384	MUI Callback for font registry settings
mycomput.dll	6.2.10240.16384	Computer Management
mydocs.dll	6.2.10240.16384	My Documents Folder UI
napcrypt.dll	6.2.10240.16384	NAP Cryptographic API helper
napinsp.dll	6.2.10240.16384	E-mail Naming Shim Provider
naturallanguage6.dll	6.2.10240.16384	Natural Language Development Platform 6
ncaapi.dll	6.2.10240.16384	Microsoft Network Connectivity Assistant API
ncdprop.dll	6.2.10240.16384	Advanced network device properties
nci.dll	6.2.10240.16384	CoInstaller: NET
ncobjapi.dll	6.2.10240.16384	Microsoft� Windows� Operating System
ncrypt.dll	6.2.10240.16384	Windows NCrypt Router
ncryptprov.dll	6.2.10240.16384	Microsoft KSP
ncryptsslp.dll	6.2.10240.16384	Microsoft SChannel Provider
nddeapi.dll	6.2.10240.16384	Network DDE Share Management APIs
ndfapi.dll	6.2.10240.16384	Network Diagnostic Framework Client API
ndfetw.dll	6.2.10240.16384	Network Diagnostic Engine Event Interface
ndfhcdiscovery.dll	6.2.10240.16384	Network Diagnostic Framework HC Discovery API
ndiscapcfg.dll	6.2.10240.16384	NdisCap Notify Object
ndishc.dll	6.2.10240.16384	NDIS Helper Classes
ndproxystub.dll	6.2.10240.16384	Network Diagnostic Engine Proxy/Stub
negoexts.dll	6.2.10240.16384	NegoExtender Security Package
netapi32.dll	6.2.10240.16384	Net Win32 API DLL
netbios.dll	6.2.10240.16384	NetBIOS Interface Library
netcenter.dll	6.2.10240.16384	Network Center control panel
netcfgx.dll	6.2.10240.16384	Network Configuration Objects
netcorehc.dll	6.2.10240.16384	Networking Core Diagnostics Helper Classes
netdiagfx.dll	6.2.10240.16384	Network Diagnostic Framework
netevent.dll	6.2.10240.16384	Net Event Handler
netfxperf.dll	6.2.10240.16384	Extensible Performance Counter Shim
neth.dll	6.2.10240.16384	Net Help Messages DLL
netid.dll	6.2.10240.16384	System Control Panel Applet; Network ID Page
netiohlp.dll	6.2.10240.16384	Netio Helper DLL
netjoin.dll	6.2.10240.16384	Domain Join DLL
netlogon.dll	6.2.10240.16384	Net Logon Services DLL
netmsg.dll	6.2.10240.16384	Net Messages DLL
netplwiz.dll	6.2.10240.16384	Map Network Drives/Network Places Wizard
netprofm.dll	6.2.10240.16384	Network List Manager
netprovfw.dll	6.2.10240.16384	Provisioning Service Framework DLL
netprovisionsp.dll	6.2.10240.16384	Provisioning Service Provider DLL
netsetupapi.dll	6.2.10240.16384	Network Configuration API
netsetupengine.dll	6.2.10240.16384	Network Configuration Engine
netsetupshim.dll	6.2.10240.16461	Network Configuration API
netshell.dll	6.2.10240.16384	Network Connections Shell
netutils.dll	6.2.10240.16384	Net Win32 API Helpers DLL
networkcollectionagent.dll	11.0.10240.16384	Network Collection Agent
networkexplorer.dll	6.2.10240.16384	Network Explorer
networkitemfactory.dll	6.2.10240.16384	NetworkItem Factory
newdev.dll	6.0.5054.0	Add Hardware Device Library
ngcksp.dll	6.2.10240.16384	Microsoft Passport Key Storage Provider
ninput.dll	6.2.10240.16384	Microsoft Pen and Touch Input Component
nlaapi.dll	6.2.10240.16384	Network Location Awareness 2
nlhtml.dll	2008.0.10240.16384	HTML filter
nlmgp.dll	6.2.10240.16384	Network List Manager Snapin
nlmproxy.dll	6.2.10240.16384	Network List Manager Public Proxy
nlmsprep.dll	6.2.10240.16384	Network List Manager Sysprep Module
nlsbres.dll	6.2.10240.16384	NLSBuild resource DLL
nlsdata0000.dll	6.2.10240.16384	Microsoft Neutral Natural Language Server Data and Code
nlsdata0009.dll	6.2.10240.16384	Microsoft English Natural Language Server Data and Code
nlsdl.dll	6.2.10240.16384	Nls Downlevel DLL
nlslexicons0009.dll	6.2.10240.16384	Microsoft English Natural Language Server Data and Code
nmaa.dll	6.2.10240.16384	NMAA
nmadirect.dll	8.1.0.65535	master branch
normaliz.dll	6.2.10240.16384	Unicode Normalization DLL
notificationobjfactory.dll	6.2.10240.16425	Notifications Object Factory
npmproxy.dll	6.2.10240.16384	Network List Manager Proxy
npsmdesktopprovider.dll	6.2.10240.16384	<d> NPSM Desktop Local Provider DLL
nshhttp.dll	6.2.10240.16384	HTTP netsh DLL
nshipsec.dll	6.2.10240.16384	Net Shell IP Security helper DLL
nshwfp.dll	6.2.10240.16384	Windows Filtering Platform Netsh Helper
nsi.dll	6.2.10240.16384	NSI User-mode interface DLL
ntasn1.dll	6.2.10240.16384	Microsoft ASN.1 API
ntdll.dll	6.2.10240.16430	NT Layer DLL
ntdsapi.dll	6.2.10240.16384	Active Directory Domain Services API
ntlanman.dll	6.2.10240.16384	Microsoft� Lan Manager
ntlanui2.dll	6.2.10240.16384	Network object shell UI
ntlmshared.dll	6.2.10240.16384	NTLM Shared Functionality
ntmarta.dll	6.2.10240.16384	Windows NT MARTA provider
ntprint.dll	6.2.10240.16384	Spooler Setup DLL
ntshrui.dll	6.2.10240.16405	Shell extensions for sharing
ntvdm64.dll	6.2.10240.16384	16-bit Emulation on NT64
objsel.dll	6.2.10240.16384	Object Picker Dialog
occache.dll	11.0.10240.16384	Object Control Viewer
ocsetapi.dll	6.2.10240.16384	Windows Optional Component Setup API
odbc32.dll	6.2.10240.16384	ODBC Driver Manager
odbcbcp.dll	6.2.10240.16384	BCP for ODBC
odbcconf.dll	6.2.10240.16384	ODBC Driver Configuration Program
odbccp32.dll	6.2.10240.16384	ODBC Installer
odbccr32.dll	6.2.10240.16384	ODBC Cursor Library
odbccu32.dll	6.2.10240.16384	ODBC Cursor Library
odbcint.dll	6.2.10240.16384	ODBC Resources
odbcji32.dll	6.2.10240.16384	Microsoft ODBC Desktop Driver Pack 3.5
odbcjt32.dll	6.2.10240.16384	Microsoft ODBC Desktop Driver Pack 3.5
odbctrac.dll	6.2.10240.16384	ODBC Driver Manager Trace
oddbse32.dll	6.2.10240.16384	ODBC (3.0) driver for DBase
odexl32.dll	6.2.10240.16384	ODBC (3.0) driver for Excel
odfox32.dll	6.2.10240.16384	ODBC (3.0) driver for FoxPro
odpdx32.dll	6.2.10240.16384	ODBC (3.0) driver for Paradox
odtext32.dll	6.2.10240.16384	ODBC (3.0) driver for text files
oemlicense.dll	6.2.10240.16384	Client Licensing Platform Client Provisioning
offfilt.dll	2008.0.10240.16384	OFFICE Filter
offlinelsa.dll	6.2.10240.16384	Windows
offlinesam.dll	6.2.10240.16384	Windows
offreg.dll	6.2.10240.16384	Offline registry DLL
ogldrv.dll	6.2.10240.16384	MSOGL
ole2.dll	3.10.0.103	Windows Win16 Application Launcher
ole2disp.dll	3.10.0.103	Windows Win16 Application Launcher
ole2nls.dll	3.10.0.103	Windows Win16 Application Launcher
ole32.dll	6.2.10240.16384	Microsoft OLE for Windows
oleacc.dll	7.2.10240.16384	Active Accessibility Core Component
oleacchooks.dll	7.2.10240.16384	Active Accessibility Event Hooks Library
oleaccrc.dll	7.2.10240.16384	Active Accessibility Resource DLL
oleaut32.dll	6.2.10240.16384
olecli32.dll	6.2.10240.16384	Object Linking and Embedding Client Library
oledb32.dll	6.2.10240.16384	OLE DB Core Services
oledb32r.dll	6.2.10240.16384	OLE DB Core Services Resources
oledlg.dll	6.2.10240.16384	OLE User Interface Support
oleprn.dll	6.2.10240.16384	Oleprn DLL
olepro32.dll	6.2.10240.16384
olesvr32.dll	6.2.10240.16384	Object Linking and Embedding Server Library
olethk32.dll	6.2.10240.16384	Microsoft OLE for Windows
ondemandbrokerclient.dll	6.2.10240.16384	OnDemandBrokerClient
ondemandconnroutehelper.dll	6.2.10240.16384	On Demand Connctiond Route Helper
onedrivesettingsyncprovider.dll	6.2.10240.16431	OneDrive Setting Sync
onex.dll	6.2.10240.16384	IEEE 802.1X supplicant library
onexui.dll	6.2.10240.16384	IEEE 802.1X supplicant UI library
oobefldr.dll	6.2.10240.16384	Getting Started
opcservices.dll	6.2.10240.16384	Native Code OPC Services Library
opencl.dll	1.2.11.0	OpenCL Client DLL
opengl32.dll	6.2.10240.16384	OpenGL Client DLL
osbaseln.dll	6.2.10240.16384	Service Reporting API
osksupport.dll	6.2.10240.16384	Microsoft On-Screen Keyboard Support Utilities
osuninst.dll	6.2.10240.16384	Uninstall Interface
p2p.dll	6.2.10240.16384	Peer-to-Peer Grouping
p2pgraph.dll	6.2.10240.16384	Peer-to-Peer Graphing
p2pnetsh.dll	6.2.10240.16384	Peer-to-Peer NetSh Helper
packager.dll	6.2.10240.16384	Object Packager2
packagestateroaming.dll	6.2.10240.16461	Package State Roaming
panmap.dll	6.2.10240.16384	PANOSE(tm) Font Mapper
pautoenr.dll	6.2.10240.16384	Auto Enrollment DLL
pcacli.dll	6.2.10240.16384	Program Compatibility Assistant Client Module
pcaui.dll	6.2.10240.16384	Program Compatibility Assistant User Interface Module
pcpksp.dll	6.2.10240.16384	Microsoft Platform Key Storage Provider for Platform Crypto Provider
pcptpm12.dll	6.2.10240.16384	Microsoft Platform Crypto Provider for Trusted Platform Module 1.2
pcwum.dll	6.2.10240.16384	Performance Counters for Windows Native DLL
pdh.dll	6.2.10240.16384	Windows Performance Data Helper DLL
pdhui.dll	6.2.10240.16384	PDH UI
peerdist.dll	6.2.10240.16384	BranchCache Client Library
peerdistsh.dll	6.2.10240.16384	BranchCache Netshell Helper
perfctrs.dll	6.2.10240.16384	Performance Counters
perfdisk.dll	6.2.10240.16384	Windows Disk Performance Objects DLL
perfnet.dll	6.2.10240.16384	Windows Network Service Performance Objects DLL
perfos.dll	6.2.10240.16384	Windows System Performance Objects DLL
perfproc.dll	6.2.10240.16384	Windows System Process Performance Objects DLL
perfts.dll	6.2.10240.16384	Windows Remote Desktop Services Performance Objects
personax.dll	6.2.10240.16384	PersonaX
phonecallhistoryapis.dll	6.2.10240.16384	DLL for PhoneCallHistoryRT
phoneutil.dll	6.2.10240.16384	Phone utilities
phoneutilres.dll	6.2.10240.16384	Resource DLL for Phone utilities
photometadatahandler.dll	6.2.10240.16384	Photo Metadata Handler
photowiz.dll	6.2.10240.16384	Photo Printing Wizard
pid.dll	6.2.10240.16384	Microsoft PID
pidgenx.dll	6.2.10240.16384	Pid Generation
pifmgr.dll	6.2.10240.16384	Windows NT PIF Manager Icon Resources Library
pimindexmaintenanceclient.dll	6.2.10240.16384	Client dll for Pim Index Maintenance
pimstore.dll	6.2.10240.16384	POOM
pku2u.dll	6.2.10240.16384	Pku2u Security Package
pla.dll	6.2.10240.16384	Performance Logs & Alerts
playlistfolder.dll	6.2.10240.16384	Playlist Folder
playsndsrv.dll	6.2.10240.16384	PlaySound Service
playtodevice.dll	12.0.10240.16384	PLAYTODEVICE DLL
playtomanager.dll	6.2.10240.16412	Microsoft Windows PlayTo Manager
playtomenu.dll	12.0.10240.16384	Cast to Device Menu DLL
playtoreceiver.dll	12.0.10240.16384	DLNA DMR DLL
playtostatusprovider.dll	6.2.10240.16384	PlayTo Status Provider Dll
pngfilt.dll	11.0.10240.16384	IE PNG plugin image decoder
pnrpnsp.dll	6.2.10240.16384	PNRP Name Space Provider
policymanager.dll	6.2.10240.16384	Policy Manager DLL
polstore.dll	6.2.10240.16384	Policy Storage dll
portabledeviceapi.dll	6.2.10240.16384	Windows Portable Device API Components
portabledeviceclassextension.dll	6.2.10240.16384	Windows Portable Device Class Extension Component
portabledeviceconnectapi.dll	6.2.10240.16384	Portable Device Connection API Components
portabledevicestatus.dll	6.2.10240.16384	Microsoft Windows Portable Device Status Provider
portabledevicesyncprovider.dll	6.2.10240.16384	Microsoft Windows Portable Device Provider.
portabledevicetypes.dll	6.2.10240.16384	Windows Portable Device (Parameter) Types Component
portabledevicewiacompat.dll	6.2.10240.16384	PortableDevice WIA Compatibility Driver
portabledevicewmdrm.dll	6.2.10240.16384	Windows Portable Device WMDRM Component
posyncservices.dll	6.2.10240.16384	Change Tracking
pots.dll	6.2.10240.16384	Power Troubleshooter
powercpl.dll	6.2.10240.16384	Power Options Control Panel
powrprof.dll	6.2.10240.16384	Power Profile Helper DLL
presentationcffrasterizernative_v0300.dll	3.0.6920.8674	WinFX OpenType/CFF Rasterizer
presentationhostproxy.dll	6.2.10240.16384	Windows Presentation Foundation Host Proxy
presentationnative_v0300.dll	3.0.6920.8674	PresentationNative_v0300.dll
prflbmsg.dll	6.2.10240.16384	Perflib Event Messages
printconfig.dll	0.3.10240.16384	PrintConfig User Interface
printdialogs.dll	6.2.10240.16384	Microsoft� Windows� Operating System
printplatformconfig.dll	6.2.10240.16384	Legacy Print Platform Adapter
printui.dll	6.2.10240.16384	Printer Settings User Interface
prncache.dll	6.2.10240.16384	Print UI Cache
prnfldr.dll	6.2.10240.16384	prnfldr dll
prnntfy.dll	6.2.10240.16384	prnntfy DLL
prntvpt.dll	6.2.10240.16384	Print Ticket Services Module
profapi.dll	6.2.10240.16384	User Profile Basic API
profext.dll	6.2.10240.16384	profext
propsys.dll	7.0.10240.16384	Microsoft Property System
provcore.dll	6.2.10240.16384	Microsoft Wireless Provisioning Core
provsvc.dll	6.2.10240.16384	Windows HomeGroup
provthrd.dll	6.2.10240.16384	WMI Provider Thread & Log Library
proximitycommon.dll	6.2.10240.16384	Proximity Common Implementation
proximitycommonpal.dll	6.2.10240.16384	Proximity Common PAL
proximityrtapipal.dll	6.2.10240.16384	Proximity WinRT API PAL
prvdmofcomp.dll	6.2.10240.16384	WMI
psapi.dll	6.2.10240.16384	Process Status Helper
pshed.dll	6.2.10240.16384	Platform Specific Hardware Error Driver
psisdecd.dll	6.2.10240.16384	Microsoft SI/PSI parser for MPEG2 based networks.
psktwmcp.dll	1.0.1883.507	Application Interface DLL
psktwmcp64.dll	1.0.1883.507	Application Interface DLL
psmodulediscoveryprovider.dll	6.2.10240.16384	WMI
pstorec.dll	6.2.10240.16384	Deprecated Protected Storage COM interfaces
puiapi.dll	6.2.10240.16384	puiapi DLL
puiobj.dll	6.2.10240.16384	PrintUI Objects DLL
pwrshplugin.dll	6.2.10240.16384	pwrshplugin.dll
qasf.dll	12.0.10240.16384	DirectShow ASF Support
qcap.dll	6.2.10240.16384	DirectShow Runtime.
qdv.dll	6.2.10240.16384	DirectShow Runtime.
qdvd.dll	6.2.10240.16384	DirectShow DVD PlayBack Runtime.
qedit.dll	6.2.10240.16384	DirectShow Editing.
qedwipes.dll	6.2.10240.16384	DirectShow Editing SMPTE Wipes
quartz.dll	6.2.10240.16384	DirectShow Runtime.
query.dll	6.2.10240.16384	Content Index Utility DLL
qwave.dll	6.2.10240.16384	Windows NT
racengn.dll	6.2.10240.16384	Reliability analysis metrics calculation engine
racpldlg.dll	6.2.10240.16384	Remote Assistance Contact List
radardt.dll	6.2.10240.16384	Microsoft Windows Resource Exhaustion Detector
radarrs.dll	6.2.10240.16384	Microsoft Windows Resource Exhaustion Resolver
radcui.dll	6.2.10240.16384	RemoteApp and Desktop Connection UI Component
rasadhlp.dll	6.2.10240.16384	Remote Access AutoDial Helper
rasapi32.dll	6.2.10240.16384	Remote Access API
rascfg.dll	6.2.10240.16384	RAS Configuration Objects
raschap.dll	6.2.10240.16384	Remote Access PPP CHAP
raschapext.dll	6.2.10240.16384	Windows Extension library for raschap
rasctrs.dll	6.2.10240.16384	Windows NT Remote Access Perfmon Counter dll
rasdiag.dll	6.2.10240.16384	RAS Diagnostics Helper Classes
rasdlg.dll	6.2.10240.16384	Remote Access Common Dialog API
rasgcw.dll	6.2.10240.16384	RAS Wizard Pages
rasman.dll	6.2.10240.16384	Remote Access Connection Manager
rasmontr.dll	6.2.10240.16384	RAS Monitor DLL
rasmxs.dll	6.2.10240.16384	Remote Access Device DLL for modems, PADs and switches
rasplap.dll	6.2.10240.16384	RAS PLAP Credential Provider
rasppp.dll	6.2.10240.16384	Remote Access PPP
rasser.dll	6.2.10240.16384	Remote Access Media DLL for COM ports
rastapi.dll	6.2.10240.16384	Remote Access TAPI Compliance Layer
rastls.dll	6.2.10240.16384	Remote Access PPP EAP-TLS
rastlsext.dll	6.2.10240.16384	Windows Extension library for rastls
rdpcore.dll	6.2.10240.16384	RDP Core DLL
rdpencom.dll	6.2.10240.16384	RDPSRAPI COM Objects
rdpendp.dll	6.2.10240.16384	RDP Audio Endpoint
rdpsaps.dll	6.2.10240.16384	RDP Session Agent Proxy Stub
rdvidcrl.dll	6.2.10240.16384	Remote Desktop Services Client for Microsoft Online Services
rdvvmtransport.dll	6.2.10240.16384	RdvVmTransport EndPoints
reagent.dll	6.2.10240.16431	Microsoft Windows Recovery Agent DLL
regapi.dll	6.2.10240.16384	Registry Configuration APIs
regctrl.dll	6.2.10240.16384	RegCtrl
reinfo.dll	6.2.10240.16431	Microsoft Windows Recovery Info DLL
remoteaudioendpoint.dll	6.2.10240.16384	Remote Audio Endpoint
remotenaturallanguage.dll	1.0.0.1	Speech Client Communication To Backend Speech Services Library.
remotepg.dll	6.2.10240.16384	Remote Sessions CPL Extension
removedevicecontexthandler.dll	6.2.10240.16384	Devices & Printers Remove Device Context Menu Handler
removedeviceelevated.dll	6.2.10240.16384	RemoveDeviceElevated Proxy Dll
resampledmo.dll	6.2.10240.16384	Windows Media Resampler
resutils.dll	6.2.10240.16384	Microsoft Cluster Resource Utility DLL
rfxvmt.dll	6.2.10240.16384	Microsoft RemoteFX VM Transport
rgb9rast.dll	6.2.10240.16384	Microsoft� Windows� Operating System
riched20.dll	5.31.23.1231	Rich Text Edit Control, v3.1
riched32.dll	6.2.10240.16384	Wrapper Dll for Richedit 1.0
rmclient.dll	6.2.10240.16384	Resource Manager Client
rnr20.dll	6.2.10240.16384	Windows Socket2 NameSpace DLL
rometadata.dll	4.6.79.0	Microsoft MetaData Library
rpchttp.dll	6.2.10240.16384	RPC HTTP DLL
rpcns4.dll	6.2.10240.16384	Remote Procedure Call Name Service Client
rpcnsh.dll	6.2.10240.16384	RPC Netshell Helper
rpcrt4.dll	6.2.10240.16412	Remote Procedure Call Runtime
rpcrtremote.dll	6.2.10240.16384	Remote RPC Extension
rsaenh.dll	6.2.10240.16384	Microsoft Enhanced Cryptographic Provider
rscricon.dll	1.10.0.0	Realtek Card Reader Icon Dll
rshx32.dll	6.2.10240.16384	Security Shell Extension
rstrtmgr.dll	6.2.10240.16384	Restart Manager
rtffilt.dll	2008.0.10240.16384	RTF Filter
rtm.dll	6.2.10240.16384	Routing Table Manager
rtmediaframe.dll	6.2.10240.16384	Windows Runtime MediaFrame DLL
rtutils.dll	6.2.10240.16384	Routing Utilities
rtworkq.dll	12.0.10240.16384	Realtime WorkQueue DLL
samcli.dll	6.2.10240.16384	Security Accounts Manager Client DLL
samlib.dll	6.2.10240.16384	SAM Library DLL
sas.dll	6.2.10240.16384	WinLogon Software SAS Library
sbe.dll	6.2.10240.16384	DirectShow Stream Buffer Filter.
sbeio.dll	12.0.10240.16384	Stream Buffer IO DLL
sberes.dll	6.2.10240.16384	DirectShow Stream Buffer Filter Resouces.
scansetting.dll	6.2.10240.16384	Microsoft� Windows(TM) ScanSettings Profile and Scanning implementation
scarddlg.dll	6.2.10240.16384	SCardDlg - Smart Card Common Dialog
scecli.dll	6.2.10240.16384	Windows Security Configuration Editor Client Engine
scesrv.dll	6.2.10240.16384	Windows Security Configuration Editor Engine
schannel.dll	6.2.10240.16384	TLS / SSL Security Provider
schedcli.dll	6.2.10240.16384	Scheduler Service Client DLL
scksp.dll	6.2.10240.16384	Microsoft Smart Card Key Storage Provider
scripto.dll	6.6.10240.16384	Microsoft ScriptO
scrobj.dll	5.812.10240.16384	Windows � Script Component Runtime
scrptadm.dll	6.2.10240.16384	Script Adm Extension
scrrun.dll	5.812.10240.16384	Microsoft � Script Runtime
sdiageng.dll	6.2.10240.16384	Scripted Diagnostics Execution Engine
sdiagprv.dll	6.2.10240.16384	Windows Scripted Diagnostic Provider API
sdohlp.dll	6.2.10240.16384	NPS SDO Helper Component
search.protocolhandler.mapi2.dll	7.0.10240.16384	Microsoft Search Protocol Handler for MAPI2
searchfolder.dll	6.2.10240.16405	SearchFolder
sechost.dll	6.2.10240.16384	Host for SCM/SDDL/LSA Lookup APIs
secproc.dll	6.2.10240.16384	Windows Rights Management Desktop Security Processor
secproc_isv.dll	6.2.10240.16384	Windows Rights Management Desktop Security Processor
secproc_ssp.dll	6.2.10240.16384	Windows Rights Management Services Server Security Processor
secproc_ssp_isv.dll	6.2.10240.16384	Windows Rights Management Services Server Security Processor (Pre-production)
secur32.dll	6.2.10240.16384	Security Support Provider Interface
security.dll	6.2.10240.16384	Security Support Provider Interface
sendmail.dll	6.2.10240.16405	Send Mail
sensapi.dll	6.2.10240.16384	SENS Connectivity API DLL
sensorsapi.dll	6.2.10240.16390	Sensor API
sensorscpl.dll	6.2.10240.16384	Open Location and Other Sensors
sensorsnativeapi.dll	6.2.10240.16384	Sensors Native API
sensorsnativeapi.v2.dll	6.2.10240.16412	Sensors Native API (V2 stack)
sensorsutilsv2.dll	6.2.10240.16384	Sensors v2 Utilities DLL
serialui.dll	6.2.10240.16384	Serial Port Property Pages
serwvdrv.dll	6.2.10240.16384	Unimodem Serial Wave driver
sessenv.dll	6.2.10240.16384	Remote Desktop Configuration service
settingmonitor.dll	6.2.10240.16384	Setting Synchronization Change Monitor
settingsync.dll	6.2.10240.16485	Setting Synchronization
settingsynccore.dll	6.2.10240.16384	Setting Synchronization Core
settingsyncpolicy.dll	6.2.10240.16384	SettingSync Policy
setupapi.dll	6.2.10240.16384	Windows Setup API
setupcln.dll	6.2.10240.16384	Setup Files Cleanup
sfc.dll	6.2.10240.16384	Windows File Protection
sfc_os.dll	6.2.10240.16384	Windows File Protection
sfcom.dll	3.0.0.11	SFCOM.DLL
shacct.dll	6.2.10240.16485	Shell Accounts Classes
sharehost.dll	6.2.10240.16384	ShareHost
shcore.dll	6.2.10240.16384	SHCORE
shdocvw.dll	6.2.10240.16384	Shell Doc Object and Control Library
shell32.dll	6.2.10240.16463	Windows Shell Common Dll
shellstyle.dll	6.2.10240.16384	Windows Shell Style Resource Dll
shfolder.dll	6.2.10240.16384	Shell Folder Service
shgina.dll	6.2.10240.16384	Windows Shell User Logon
shimeng.dll	6.2.10240.16384	Shim Engine DLL
shimgvw.dll	6.2.10240.16384	Photo Gallery Viewer
shlwapi.dll	6.2.10240.16384	Shell Light-weight Utility Library
shpafact.dll	6.2.10240.16384	Windows Shell LUA/PA Elevation Factory Dll
shsetup.dll	6.2.10240.16384	Shell setup helper
shsvcs.dll	6.2.10240.16384	Windows Shell Services Dll
shunimpl.dll	6.2.10240.16384	Windows Shell Obsolete APIs
shwebsvc.dll	6.2.10240.16384	Windows Shell Web Services
signdrv.dll	6.2.10240.16384	WMI provider for Signed Drivers
simauth.dll	6.2.10240.16384	EAP SIM run-time dll
simcfg.dll	6.2.10240.16384	EAP SIM config dll
sisbkup.dll	6.2.10240.16384	Single-Instance Store Backup Support Functions
slc.dll	6.2.10240.16384	Software Licensing Client Dll
slcext.dll	6.2.10240.16384	Software Licensing Client Extension Dll
slwga.dll	6.2.10240.16384	Software Licensing WGA API
smartcardcredentialprovider.dll	6.2.10240.16384	Windows Smartcard Credential Provider
smbhelperclass.dll	1.0.0.1	SMB (File Sharing) Helper Class for Network Diagnostic Framework
smphost.dll	6.2.10240.16384	Storage Management Provider (SMP) host service
sndvolsso.dll	6.2.10240.16384	SCA Volume
snmpapi.dll	6.2.10240.16384	SNMP Utility Library
softkbd.dll	6.2.10240.16384	Soft Keyboard Server and Tip
softpub.dll	6.2.10240.16384	Softpub Forwarder DLL
sortserver2003compat.dll	6.2.10240.16384	Sort Version Server 2003
sortwindows61.dll	6.2.10240.16384	SortWindows61 Dll
sortwindows6compat.dll	6.2.10240.16384	Sort Version Windows 6.0
spbcd.dll	6.2.10240.16393	BCD Sysprep Plugin
spfileq.dll	6.2.10240.16384	Windows SPFILEQ
spinf.dll	6.2.10240.16384	Windows SPINF
spnet.dll	6.2.10240.16384	Net Sysprep Plugin
spopk.dll	6.2.10240.16384	OPK Sysprep Plugin
spp.dll	6.2.10240.16384	Microsoft� Windows Shared Protection Point Library
sppc.dll	6.2.10240.16384	Software Licensing Client Dll
sppcext.dll	6.2.10240.16384	Software Protection Platform Client Extension Dll
sppinst.dll	6.2.10240.16384	SPP CMI Installer Plug-in DLL
sppwmi.dll	6.2.10240.16384	Software Protection Platform WMI provider
spwinsat.dll	6.2.10240.16384	WinSAT Sysprep Plugin
spwizeng.dll	6.2.10240.16384	Setup Wizard Framework
spwizimg.dll	6.2.10240.16384	Setup Wizard Framework Resources
spwizres.dll	6.2.10240.16384	Setup Wizard Framework Resources
spwmp.dll	6.2.10240.16384	Windows Media Player System Preparation DLL
sqlcecompact40.dll	4.0.8275.1	Database Repair Tool (32-bit)
sqlceoledb40.dll	4.0.10240.1	OLEDB Provider (32-bit)
sqlceqp40.dll	4.0.10240.1	Query Processor (32-bit)
sqlcese40.dll	4.0.10240.1	Storage Engine (32-bit)
sqloledb.dll	6.2.10240.16384	OLE DB Provider for SQL Server
sqlsrv32.dll	6.2.10240.16384	SQL Server ODBC Driver
sqlunirl.dll	2000.80.2039.0	String Function .DLL for SQL Enterprise Components
sqlwid.dll	2000.80.2039.0	Unicode Function .DLL for SQL Enterprise Components
sqlwoa.dll	2000.80.2040.0	Unicode/ANSI Function .DLL for SQL Enterprise Components
sqlxmlx.dll	6.2.10240.16384	XML extensions for SQL Server
sqmapi.dll	6.2.10240.16384	SQM Client
srchadmin.dll	7.0.10240.16384	Indexing Options
srclient.dll	6.2.10240.16384	Microsoft� Windows System Restore Client Library
srh.dll	6.2.10240.16384	Screen Reader Helper DLL
srhinproc.dll	6.2.10240.16384	Screen Reader Helper DLL
srm.dll	6.2.10240.16384	Microsoft� File Server Resource Manager Common Library
srm_ps.dll	6.2.10240.16384	Microsoft� FSRM internal proxy/stub
srmclient.dll	6.2.10240.16384	Microsoft� File Server Resource Management Client Extensions
srmlib.dll	6.2.10240.16384	Microsoft (R) File Server Resource Management Interop Assembly
srmscan.dll	6.2.10240.16384	Microsoft� File Server Storage Reports Scan Engine
srmshell.dll	6.2.10240.16384	Microsoft� File Server Resource Management Shell Extension
srmstormod.dll	6.2.10240.16384	Microsoft� File Server Resource Management Office Parser
srmtrace.dll	6.2.10240.16384	Microsoft� File Server Resource Management Tracing Library
srpapi.dll	6.2.10240.16384	SRP APIs Dll
srpuxnativesnapin.dll	6.2.10240.16384	Application Control Policies Group Policy Editor Extension
srumapi.dll	6.2.10240.16384	System Resource Usage Monitor API
srumsvc.dll	6.2.10240.16391	System Resource Usage Monitor Service
srvcli.dll	6.2.10240.16384	Server Service Client DLL
sscore.dll	6.2.10240.16384	Server Service Core DLL
ssdpapi.dll	6.2.10240.16384	SSDP Client API DLL
sspicli.dll	6.2.10240.16384	Security Support Provider Interface
ssshim.dll	6.2.10240.16384	Windows Componentization Platform Servicing API
startupscan.dll	6.2.10240.16384	Startup scan task DLL
staterepository.core.dll	6.2.10240.16384	StateRepository Core
stclient.dll	2001.12.10941.16384	COM+ Configuration Catalog Client
sti.dll	6.2.10240.16384	Still Image Devices client DLL
stobject.dll	6.2.10240.16405	Systray shell service object
storage.dll	3.10.0.103	Windows Win16 Application Launcher
storagecontexthandler.dll	6.2.10240.16384	Device Center Storage Context Menu Handler
storagewmi.dll	6.2.10240.16384	WMI Provider for Storage Management
storagewmi_passthru.dll	6.2.10240.16384	WMI PassThru Provider for Storage Management
storprop.dll	6.2.10240.16384	Property Pages for Storage Devices
structuredquery.dll	7.0.10240.16384	Structured Query
sud.dll	6.2.10240.16384	SUD Control Panel
suplcsps.dll	6.2.10240.16384	Windows Supl CSP implementation
sxproxy.dll	6.2.10240.16384	Microsoft� Windows System Protection Proxy Library
sxs.dll	6.2.10240.16384	Fusion 2.5
sxshared.dll	6.2.10240.16384	Microsoft� Windows SX Shared Library
sxsstore.dll	6.2.10240.16384	Sxs Store DLL
synccenter.dll	6.2.10240.16384	Microsoft Sync Center
synceng.dll	6.2.10240.16384	Windows Briefcase Engine
synchostps.dll	6.2.10240.16384	Proxystub for sync host
syncinfrastructure.dll	6.2.10240.16384	Microsoft Windows Sync Infrastructure.
syncinfrastructureps.dll	6.2.10240.16384	Microsoft Windows sync infrastructure proxy stub.
syncreg.dll	2007.94.10240.16384	Microsoft Synchronization Framework Registration
syncsettings.dll	6.2.10240.16384	Sync Settings
syncui.dll	6.2.10240.16384	Windows Briefcase
syssetup.dll	6.2.10240.16384	Windows NT System Setup
systemcpl.dll	6.2.10240.16389	My System CPL
systemeventsbrokerclient.dll	6.2.10240.16384	system Events Broker Client Library
t2embed.dll	6.2.10240.16384	Microsoft T2Embed Font Embedding
tapi3.dll	6.2.10240.16384	Microsoft TAPI3
tapi32.dll	6.2.10240.16384	Microsoft� Windows(TM) Telephony API Client DLL
tapimigplugin.dll	6.2.10240.16384	Microsoft� Windows(TM) TAPI Migration Plugin Dll
tapiperf.dll	6.2.10240.16384	Microsoft� Windows(TM) Telephony Performance Monitor
tapisrv.dll	6.2.10240.16384	Microsoft� Windows(TM) Telephony Server
tapisysprep.dll	6.2.10240.16384	Microsoft� Windows(TM) Telephony Sysprep Work
tapiui.dll	6.2.10240.16384	Microsoft� Windows(TM) Telephony API UI DLL
taskcomp.dll	6.2.10240.16384	Task Scheduler Backward Compatibility Plug-in
taskschd.dll	6.2.10240.16384	Task Scheduler COM API
taskschdps.dll	6.2.10240.16384	Task Scheduler Interfaces Proxy
tbauth.dll	6.2.10240.16384	TBAuth protocol handler
tbs.dll	6.2.10240.16384	TBS
tcpipcfg.dll	6.2.10240.16384	Network Configuration Objects
tcpmib.dll	6.2.10240.16384	Standard TCP/IP Port Monitor Helper DLL
tcpmonui.dll	6.2.10240.16384	Standard TCP/IP Port Monitor UI DLL
tdh.dll	6.2.10240.16384	Event Trace Helper Library
termmgr.dll	6.2.10240.16384	Microsoft TAPI3 Terminal Manager
tetheringclient.dll	6.2.10240.16431	Tethering Client
textinputframework.dll
themecpl.dll	6.2.10240.16384	Personalization CPL
themeui.dll	6.2.10240.16384	Windows Theme API
threadpoolwinrt.dll	6.2.10240.16384	Windows WinRT Threadpool
thumbcache.dll	6.2.10240.16384	Microsoft Thumbnail Cache
timebrokerclient.dll	6.2.10240.16384	Time Broker Client Library
timedatemuicallback.dll	6.2.10240.16384	Time Date Control UI Language Change plugin
tlscsp.dll	6.2.10240.16384	Microsoft� Remote Desktop Services Cryptographic Utility
tokenbinding.dll	6.2.10240.16384	Token Binding Protocol
tokenbroker.dll	6.2.10240.16384	Token Broker
tokenbrokerui.dll	6.2.10240.16384	Token Broker UI
tpmcertresources.dll	6.2.10240.16384	TpmCertResources
tpmcompc.dll	6.2.10240.16384	Computer Chooser Dialog
tpmcoreprovisioning.dll	6.2.10240.16384	TPM Core Provisioning Library
tquery.dll	7.0.10240.16431	Microsoft Tripoli Query
traffic.dll	6.2.10240.16384	Microsoft Traffic Control 1.0 DLL
tsbyuv.dll	6.2.10240.16384	Toshiba Video Codec
tschannel.dll	6.2.10240.16384	Task Scheduler Proxy
tsgqec.dll	6.2.10240.16384	RD Gateway QEC
tsmf.dll	6.2.10240.16384	RDP MF Plugin
tspkg.dll	6.2.10240.16384	Web Service Security Package
tsworkspace.dll	6.2.10240.16384	RemoteApp and Desktop Connection Component
ttlsauth.dll	6.2.10240.16384	EAP TTLS run-time dll
ttlscfg.dll	6.2.10240.16384	EAP TTLS configuration dll
ttlsext.dll	6.2.10240.16384	Windows Extension library for EAP TTLS
tvratings.dll	6.2.10240.16384	Module for managing TV ratings
twext.dll	6.2.10240.16384	Previous Versions property page
twinapi.appcore.dll	6.2.10240.16397	twinapi.appcore
twinapi.dll	6.2.10240.16384	twinapi
twinui.appcore.dll	6.2.10240.16412	TWINUI.APPCORE
twinui.dll	6.2.10240.16412	TWINUI
txflog.dll	2001.12.10941.16384	COM+
txfw32.dll	6.2.10240.16384	TxF Win32 DLL
typelib.dll	3.10.0.103	Windows Win16 Application Launcher
tzres.dll	6.2.10240.16384	Time Zones resource DLL
ucmhc.dll	6.2.10240.16384	UCM Helper Class
ucrtbase.dll	6.2.10240.16384	Microsoft� C Runtime Library
udhisapi.dll	6.2.10240.16384	UPnP Device Host ISAPI Extension
uexfat.dll	6.2.10240.16384	eXfat Utility DLL
ufat.dll	6.2.10240.16384	FAT Utility DLL
uianimation.dll	6.2.10240.16384	Windows Animation Manager
uiautomationcore.dll	7.2.10240.16431	Microsoft UI Automation Core
uiautomationcoreres.dll	7.2.10240.16384	Microsoft UI Automation Core Resource
uicom.dll	6.2.10240.16384	Add/Remove Modems
uireng.dll	6.2.10240.16384	UI Recording Engine Library
uiribbon.dll	6.2.10240.16393	Windows Ribbon Framework
uiribbonres.dll	6.2.10240.16393	Windows Ribbon Framework Resources
ulib.dll	6.2.10240.16384	File Utilities Support DLL
umdmxfrm.dll	6.2.10240.16384	Unimodem Tranform Module
unimdmat.dll	6.2.10240.16384	Unimodem Service Provider AT Mini Driver
uniplat.dll	6.2.10240.16384	Unimodem AT Mini Driver Platform Driver for Windows NT
unistore.dll	6.2.10240.16401	Unified Store
untfs.dll	6.2.10240.16384	NTFS Utility DLL
updatepolicy.dll	6.2.10240.16384	Update Policy Reader
upnp.dll	6.2.10240.16384	UPnP Control Point API
upnphost.dll	6.2.10240.16384	UPnP Device Host
urefs.dll	6.2.10240.16384	NTFS Utility DLL
urefsv1.dll	6.2.10240.16384	NTFS Utility DLL
ureg.dll	6.2.10240.16384	Registry Utility DLL
url.dll	11.0.10240.16384	Internet Shortcut Shell Extension DLL
urlmon.dll	11.0.10240.16391	OLE32 Extensions for Win32
usbceip.dll	6.2.10240.16384	USBCEIP Task
usbperf.dll	6.2.10240.16384	USB Performance Objects DLL
usbui.dll	6.2.10240.16384	USB UI Dll
user32.dll	6.2.10240.16384	Multi-User Windows USER API Client DLL
useraccountcontrolsettings.dll	6.2.10240.16384	UserAccountControlSettings
usercpl.dll	6.2.10240.16384	User control panel
userdataaccessres.dll	6.2.10240.16384	Resource DLL for the UserDataAccess stack
userdataaccountapis.dll	6.2.10240.16384	DLL for UserDataAccountsRT
userdatalanguageutil.dll	6.2.10240.16384	Language-related helper functions for user data
userdataplatformhelperutil.dll	6.2.10240.16384	Platform Utilities for data access
userdatatimeutil.dll	6.2.10240.16384	Time-related helper functions for user data
userdatatypehelperutil.dll	6.2.10240.16384	Type Utilities for data access
userdeviceregistration.dll	6.2.10240.16384	AAD User Device Registration WinRT
userdeviceregistration.ngc.dll	6.2.10240.16384	AD/AAD User Device Registration WinRT
userenv.dll	6.2.10240.16384	Userenv
userinitext.dll	6.2.10240.16384	UserInit Utility Extension DLL
userlanguageprofilecallback.dll	6.2.10240.16384	MUI Callback for User Language profile changed
userlanguagescpl.dll	6.2.10240.16384	My Languages Configuration Control Panel
usermgrcli.dll	6.2.10240.16384	UserMgr API DLL
usermgrproxy.dll	6.2.10240.16431	UserMgrProxy
usp10.dll	6.2.10240.16384	Uniscribe Unicode script processor
ustprov.dll	6.2.10240.16384	User State WMI Provider
utildll.dll	6.2.10240.16384	WinStation utility support DLL
uudf.dll	6.2.10240.16384	UDF Utility DLL
uxinit.dll	6.2.10240.16384	Windows User Experience Session Initialization Dll
uxlib.dll	6.2.10240.16384	Setup Wizard Framework
uxlibres.dll	6.2.10240.16384	UXLib Resources
uxtheme.dll	6.2.10240.16397	Microsoft UxTheme Library
van.dll	6.2.10240.16384	View Available Networks
vault.dll	6.2.10240.16384	Windows vault Control Panel
vaultcli.dll	6.2.10240.16384	Credential Vault Client Library
vbajet32.dll	6.0.1.9431	Visual Basic for Applications Development Environment - Expression Service Loader
vbscript.dll	5.812.10240.16485	Microsoft � VBScript
vcamp110.dll	11.0.51106.1	Microsoft� C++ AMP Runtime
vcardparser.dll	6.2.10240.16384	Supports the parsing of VCard and ICal formatted data
vccorlib110.dll	11.0.51106.1	Microsoft � VC WinRT core library
vccorlib120.dll	12.0.21005.1	Microsoft � VC WinRT core library
vcomp100.dll	10.0.40219.325	Microsoft� C/C++ OpenMP Runtime
vcomp110.dll	11.0.51106.1	Microsoft� C/C++ OpenMP Runtime
vdmdbg.dll	6.2.10240.16384	VDMDBG.DLL
vds_ps.dll	6.2.10240.16384	Microsoft� Virtual Disk Service proxy/stub
vedatalayerhelpers.dll	6.2.10240.16425	Visual Element DataLayer Helpers
veeventdispatcher.dll	6.2.10240.16425	Visual Element Event dispatcher
verifier.dll	6.2.10240.16384	Standard application verifier provider dll
version.dll	6.2.10240.16384	Version Checking and File Installation Libraries
vfwwdm32.dll	6.2.10240.16384	VfW MM Driver for WDM Video Capture Devices
vidreszr.dll	6.2.10240.16384	Windows Media Resizer
virtdisk.dll	6.2.10240.16384	Virtual Disk API DLL
voiceactivationmanager.dll	6.2.10240.16412	Windows Voice Activation Manager
vpnikeapi.dll	6.2.10240.16384	VPN IKE API's
vscmgrps.dll	6.2.10240.16384	Microsoft Virtual Smart Card Manager Proxy/Stub
vss_ps.dll	6.2.10240.16384	Microsoft� Volume Shadow Copy Service proxy/stub
vssapi.dll	6.2.10240.16384	Microsoft� Volume Shadow Copy Requestor/Writer Services API DLL
vsstrace.dll	6.2.10240.16384	Microsoft� Volume Shadow Copy Service Tracing Library
w32topl.dll	6.2.10240.16384	Windows NT Topology Maintenance Tool
wab32.dll	6.2.10240.16384	Microsoft (R) Contacts DLL
wab32res.dll	6.2.10240.16384	Microsoft (R) Contacts DLL
wabsyncprovider.dll	6.2.10240.16384	Microsoft Windows Contacts Sync Provider
walletbackgroundserviceproxy.dll	6.2.10240.16384	Wallet Background Proxy
walletproxy.dll	6.2.10240.16384	Wallet proxy
wavemsp.dll	6.2.10240.16384	Microsoft Wave MSP
wbemcomn.dll	6.2.10240.16384	WMI
wcmapi.dll	6.2.10240.16384	Windows Connection Manager Client API
wcnapi.dll	6.2.10240.16461	Windows Connect Now - API Helper DLL
wcnwiz.dll	6.2.10240.16461	Windows Connect Now Wizards
wcspluginservice.dll	6.2.10240.16384	WcsPlugInService DLL
wdc.dll	6.2.10240.16384	Performance Monitor
wdi.dll	6.2.10240.16384	Windows Diagnostic Infrastructure
wdigest.dll	6.2.10240.16384	Microsoft Digest Access
wdscore.dll	6.2.10240.16384	Panther Engine Module
webcamui.dll	6.2.10240.16384	Microsoft� Windows� Operating System
webcheck.dll	11.0.10240.16384	Web Site Monitor
webclnt.dll	6.2.10240.16384	Web DAV Service DLL
webio.dll	6.2.10240.16384	Web Transfer Protocols API
webservices.dll	6.2.10240.16384	Windows Web Services Runtime
websocket.dll	6.2.10240.16384	Web Socket API
wecapi.dll	6.2.10240.16384	Event Collector Configuration API
wer.dll	6.2.10240.16384	Windows Error Reporting DLL
werdiagcontroller.dll	6.2.10240.16384	WER Diagnostic Controller
weretw.dll
werui.dll	6.2.10240.16384	Windows Error Reporting UI DLL
wevtapi.dll	6.2.10240.16384	Eventing Consumption and Configuration API
wevtfwd.dll	6.2.10240.16384	WS-Management Event Forwarding Plug-in
wfapigp.dll	6.2.10240.16384	Windows Firewall GPO Helper dll
wfdprov.dll	6.2.10240.16461	Private WPS provisioning API DLL for Wi-Fi Direct
wfhc.dll	6.2.10240.16384	Windows Firewall Helper Class
whhelper.dll	6.2.10240.16384	Net shell helper DLL for winHttp
wiaaut.dll	6.2.10240.16384	WIA Automation Layer
wiadefui.dll	6.2.10240.16384	WIA Scanner Default UI
wiadss.dll	6.2.10240.16384	WIA TWAIN compatibility layer
wiascanprofiles.dll	6.2.10240.16384	Microsoft Windows ScanProfiles
wiashext.dll	6.2.10240.16384	Imaging Devices Shell Folder UI
wiatrace.dll	6.2.10240.16384	WIA Tracing
wifidisplay.dll	6.2.10240.16384	Wi-Fi Display DLL
wimgapi.dll	6.2.10240.16401	Windows Imaging Library
winbio.dll	6.2.10240.16384	Windows Biometrics Client API
winbioext.dll	6.2.10240.16384	Windows Biometrics Client Extension API
winbrand.dll	6.2.10240.16384	Windows Branding Resources
wincorlib.dll	6.2.10240.16384	Microsoft Windows � WinRT core library
wincredprovider.dll	6.2.10240.16384	wincredprovider DLL
windows.accountscontrol.dll	6.2.10240.16384	Windows Accounts Control
windows.applicationmodel.background.systemeventsbroker.dll	6.2.10240.16384	Windows Background System Events Broker API Server
windows.applicationmodel.background.timebroker.dll	6.2.10240.16384	Windows Background Time Broker API Server
windows.applicationmodel.core.dll	6.2.10240.16384	Windows Application Model Core API
windows.applicationmodel.dll	6.2.10240.16384	Windows ApplicationModel API Server
windows.applicationmodel.lockscreen.dll	6.2.10240.16425	Windows Lock Application Framework DLL
windows.applicationmodel.store.dll	6.2.10240.16431	Windows Store Runtime DLL
windows.applicationmodel.store.testingframework.dll	6.2.10240.16431	Windows Store Testing Framework Runtime DLL
windows.applicationmodel.wallet.dll	6.2.10240.16384	Windows ApplicationModel Wallet Runtime DLL
windows.data.pdf.dll	6.2.10240.16384	PDF WinRT APIs
windows.devices.alljoyn.dll	6.2.10240.16384	Windows.Devices.AllJoyn DLL
windows.devices.background.dll	6.2.10240.16384	Windows.Devices.Background
windows.devices.background.ps.dll	6.2.10240.16384	Windows.Devices.Background Interface Proxy
windows.devices.bluetooth.dll	6.2.10240.16397	Windows.Devices.Bluetooth DLL
windows.devices.custom.dll	6.2.10240.16384	Windows.Devices.Custom
windows.devices.custom.ps.dll	6.2.10240.16384	Windows.Devices.Custom Interface Proxy
windows.devices.enumeration.dll	6.2.10240.16384	Windows.Devices.Enumeration
windows.devices.humaninterfacedevice.dll	6.2.10240.16384	Windows.Devices.HumanInterfaceDevice DLL
windows.devices.lights.dll	6.2.10240.16384	Windows Runtime Lights DLL
windows.devices.midi.dll	6.2.10240.16384	Windows Runtime MIDI Device server DLL
windows.devices.perception.dll	6.2.10240.16384	Windows Devices Perception API
windows.devices.picker.dll	6.2.10240.16384	Device Picker
windows.devices.pointofservice.dll	6.2.10240.16384	Windows Runtime PointOfService DLL
windows.devices.portable.dll	6.2.10240.16384	Windows Runtime Portable Devices DLL
windows.devices.printers.dll	6.2.10240.16384	Windows Runtime Devices Printers DLL
windows.devices.printers.extensions.dll	6.2.10240.16384	Windows.Devices.Printers.Extensions
windows.devices.radios.dll	6.2.10240.16384	Windows.Devices.Radios DLL
windows.devices.scanners.dll	6.2.10240.16384	Windows Runtime Devices Scanners DLL
windows.devices.sensors.dll	6.2.10240.16392	Windows Runtime Sensors DLL
windows.devices.serialcommunication.dll	6.2.10240.16384	Windows.Devices.SerialCommunication DLL
windows.devices.smartcards.dll	6.2.10240.16384	Windows Runtime Smart Card API DLL
windows.devices.usb.dll	6.2.10240.16384	Windows Runtime Usb DLL
windows.devices.wifi.dll	6.2.10240.16384	Windows.Devices.WiFi DLL
windows.devices.wifidirect.dll	6.2.10240.16384	Windows.Devices.WiFiDirect DLL
windows.energy.dll	6.2.10240.16384	Windows Energy Runtime DLL
windows.gaming.input.dll	6.2.10240.16384	Windows Gaming Input API
windows.gaming.preview.dll	6.2.10240.16384	Windows Gaming API Preview
windows.gaming.xboxlive.storage.dll	6.2.10240.16384	Xbox Connected Storage WinRT implementation
windows.globalization.dll	6.2.10240.16384	Windows Globalization
windows.globalization.fontgroups.dll	6.2.10240.16384	Fonts Mapping API
windows.graphics.dll	6.2.10240.16384	WinRT Windows Graphics DLL
windows.graphics.printing.3d.dll	6.2.10240.16384	Microsoft Windows Printing Support
windows.graphics.printing.dll	6.2.10240.16384	Microsoft Windows Printing Support
windows.internal.bluetooth.dll	6.2.10240.16397	Windows.Internal.Bluetooth DLL
windows.internal.management.dll	6.2.10240.16384	Windows Managent Service DLL
windows.management.lockdown.dll	6.2.10240.16384	Windows Runtime Lockdown Management DLL
windows.management.workplace.workplacesettings.dll	6.2.10240.16384	Windows Runtime WorkplaceSettings DLL
windows.media.audio.dll	6.2.10240.16384	Windows Runtime Window Media Audio server DLL
windows.media.backgroundmediaplayback.dll	6.2.10240.16384	Windows Media BackgroundMediaPlayback DLL
windows.media.devices.dll	6.2.10240.16384	Windows Runtime media device server DLL
windows.media.dll	6.2.10240.16401	Windows Media Runtime DLL
windows.media.editing.dll	6.2.10240.16393	Windows Media Editing DLL
windows.media.faceanalysis.dll	6.2.10240.16384	Microsoft (R) Face Detection DLL
windows.media.import.dll	6.2.10240.16393	Windows Photo Import API (WinRT/COM)
windows.media.mediacontrol.dll	6.2.10240.16384	Windows Runtime MediaControl server DLL
windows.media.ocr.dll	6.2.10240.16384	Windows OCR Runtime DLL
windows.media.playback.backgroundmediaplayer.dll	6.2.10240.16384	Windows Media Playback BackgroundMediaPlayer DLL
windows.media.playback.mediaplayer.dll	6.2.10240.16384	Windows Media Playback MediaPlayer DLL
windows.media.playback.proxystub.dll	6.2.10240.16384	BackgroundMediaPlayer Proxy Stub DLL
windows.media.protection.playready.dll	3.0.2777.0	Microsoft PlayReady Client Framework Dll
windows.media.speech.dll	6.2.10240.16425	Windows Speech Runtime DLL
windows.media.speech.uxres.dll	6.2.10240.16384	Windows Media Speech UX Resources DLL
windows.media.streaming.dll	12.0.10240.16384	DLNA DLL
windows.media.streaming.ps.dll	12.0.10240.16384	DLNA Proxy-Stub DLL
windows.networking.backgroundtransfer.backgroundmanagerpolicy.dll	6.2.10240.16384	Background Transfer Background Manager Policy DLL
windows.networking.backgroundtransfer.dll	6.2.10240.16384	Windows.Networking.BackgroundTransfer DLL
windows.networking.connectivity.dll	6.2.10240.16401	Windows Networking Connectivity Runtime DLL
windows.networking.dll	6.2.10240.16384	Windows.Networking DLL
windows.networking.hostname.dll	6.2.10240.16384	Windows.Networking.HostName DLL
windows.networking.networkoperators.hotspotauthentication.dll	6.2.10240.16384	Microsoft Windows Hotspot Authentication API
windows.networking.proximity.dll	6.2.10240.16384	Windows Runtime Proximity API DLL
windows.networking.servicediscovery.dnssd.dll	6.2.10240.16384	Windows.Networking.ServiceDiscovery.Dnssd DLL
windows.networking.sockets.pushenabledapplication.dll	6.2.10240.16384	Windows.Networking.Sockets.PushEnabledApplication DLL
windows.networking.xboxlive.proxystub.dll	6.2.10240.16384	Windows.Networking.XboxLive Proxy Stub Dll
windows.security.authentication.onlineid.dll	6.2.10240.16384	Windows Runtime OnlineId Authentication DLL
windows.security.authentication.web.core.dll	6.2.10240.16384	Token Broker WinRT API
windows.security.credentials.ui.credentialpicker.dll	6.2.10240.16384	WinRT Credential Picker Server
windows.security.credentials.ui.userconsentverifier.dll	6.2.10240.16384	Windows User Consent Verifier API
windows.shell.search.urihandler.dll	6.2.10240.16384	Windows Search URI Handler
windows.shell.servicehostbuilder.dll	6.2.10240.16384	Windows.Shell.ServiceHostBuilder
windows.speech.pal.dll	6.2.10240.16384	Speech Platform Adaptation Layer DLL
windows.staterepository.dll	6.2.10240.16384	Windows StateRepository API Server
windows.staterepositorybroker.dll	6.2.10240.16384	Windows StateRepository API Broker
windows.staterepositoryclient.dll	6.2.10240.16384	Windows StateRepository API Broker
windows.storage.applicationdata.dll	6.2.10240.16384	Windows Application Data API Server
windows.storage.compression.dll	6.2.10240.16384	WinRT Compression
windows.storage.dll	6.2.10240.16405	Microsoft WinRT Storage API
windows.storage.search.dll	6.2.10240.16384	Windows.Storage.Search
windows.system.diagnostics.dll	6.2.10240.16384	Windows System Diagnostics DLL
windows.system.launcher.dll	6.2.10240.16384	Windows.System.Launcher
windows.system.profile.hardwareid.dll	6.2.10240.16384	Windows System Profile HardwareId DLL
windows.system.profile.retailinfo.dll	6.2.10240.16384	Windows.System.Profile.RetailInfo Runtime DLL
windows.system.profile.systemmanufacturers.dll	6.2.10240.16384	Windows.System.Profile.SystemManufacturers
windows.system.remotedesktop.dll	6.2.10240.16384	Windows System RemoteDesktop Runtime DLL
windows.system.systemmanagement.dll	6.2.10240.16384	Windows Runtime SystemManagement DLL
windows.ui.biofeedback.dll	6.2.10240.16386	Bio Feedback User Experience
windows.ui.blockedshutdown.dll	6.2.10240.16386	Blocked Shutdown User Experience
windows.ui.core.textinput.dll	6.2.10240.16431	Windows.UI.Core.TextInput dll
windows.ui.cred.dll	6.2.10240.16391	Credential Prompt User Experience
windows.ui.dll	6.2.10240.16384	Windows Runtime UI Foundation DLL
windows.ui.immersive.dll	6.2.10240.16485	WINDOWS.UI.IMMERSIVE
windows.ui.input.inking.dll	6.2.10240.16384	WinRT Windows Inking DLL
windows.ui.logon.dll	6.2.10240.16431	Logon User Experience
windows.ui.search.dll	6.2.10240.16386	Windows.UI.Search
windows.ui.xaml.dll	6.2.10240.16431	Windows.UI.Xaml dll
windows.ui.xaml.maps.dll	6.2.10240.16384	Windows UI XAML Maps API
windows.ui.xaml.phone.dll	6.2.10240.16384	Windows UI XAML Phone API
windows.ui.xaml.resources.dll	6.2.10240.16384	Windows.UI.Xaml.Resources dll
windows.web.diagnostics.dll	6.2.10240.16384	Windows.Web.Diagnostics
windows.web.dll	6.2.10240.16384	Web Client DLL
windows.web.http.dll	6.2.10240.16384	Windows.Web.Http DLL
windowsaccessbridge-32.dll	8.0.51.16	Java(TM) Platform SE binary
windowscodecs.dll	6.2.10240.16384	Microsoft Windows Codecs Library
windowscodecsext.dll	6.2.10240.16384	Microsoft Windows Codecs Extended Library
windowscodecsraw.dll	6.2.10240.16384	Microsoft Camera Codec Pack
windowslivelogin.dll	6.2.10240.16384	Microsoft� Account Login Helper
winfax.dll	6.2.10240.16384	Microsoft Fax API Support DLL
winhttp.dll	6.2.10240.16391	Windows HTTP Services
wininet.dll	11.0.10240.16391	Internet Extensions for Win32
wininitext.dll	6.2.10240.16384	WinInit Utility Extension DLL
winipcfile.dll	6.2.10240.16384	Microsoft Active Directory Rights Management Services File API
winipcsecproc.dll	6.2.10240.16384	Microsoft Active Directory Rights Management Services Desktop Security Processor
winipcsecproc_ssp.dll	6.2.10240.16384	Microsoft Active Directory Rights Management Services Server Security Processor
winipsec.dll	6.2.10240.16384	Windows IPsec SPD Client DLL
winlangdb.dll	6.2.10240.16384	Windows Bcp47 Language Database
winmde.dll	12.0.10240.16412	WinMDE DLL
winmm.dll	6.2.10240.16384	MCI API DLL
winmmbase.dll	6.2.10240.16384	Base Multimedia Extension API DLL
winmsipc.dll	6.2.10240.16384	Microsoft Active Directory Rights Management Services Client
winmsoirmprotector.dll	6.2.10240.16384	Windows Office file format IRM Protector
winnlsres.dll	6.2.10240.16384	NLSBuild resource DLL
winnsi.dll	6.2.10240.16384	Network Store Information RPC interface
winopcirmprotector.dll	6.2.10240.16384	Windows Office file format IRM Protector
winrnr.dll	6.2.10240.16384	LDAP RnR Provider DLL
winrscmd.dll	6.2.10240.16384	remtsvc
winrsmgr.dll	6.2.10240.16384	WSMan Shell API
winrssrv.dll	6.2.10240.16384	winrssrv
winrttracing.dll	6.2.10240.16384	Windows Diagnostics Tracing
winsatapi.dll	6.2.10240.16384	Windows System Assessment Tool API
winscard.dll	6.2.10240.16384	Microsoft Smart Card API
winshfhc.dll	6.2.10240.16384	File Risk Estimation
winsku.dll	6.2.10240.16384	Windows SKU Library
winsockhc.dll	6.2.10240.16384	Winsock Network Diagnostic Helper Class
winsqlite3.dll	3.8.8.3	SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine.
winsrpc.dll	6.2.10240.16384	WINS RPC LIBRARY
winsta.dll	6.2.10240.16384	Winstation Library
winsync.dll	2007.94.10240.16384	Synchronization Framework
winsyncmetastore.dll	2007.94.10240.16384	Windows Synchronization Metadata Store
winsyncproviders.dll	2007.94.10240.16384	Windows Synchronization Provider Framework
wintrust.dll	6.2.10240.16385	Microsoft Trust Verification APIs
wintypes.dll	6.2.10240.16384	Windows Base Types DLL
winusb.dll	6.2.10240.16384	Windows USB Driver User Library
wisp.dll	6.2.10240.16384	Microsoft Pen and Touch Input Component
wkscli.dll	6.2.10240.16384	Workstation Service Client DLL
wkspbrokerax.dll	6.2.10240.16384	Microsoft Workspace Broker ActiveX Control
wksprtps.dll	6.2.10240.16384	WorkspaceRuntime ProxyStub DLL
wlanapi.dll	6.2.10240.16384	Windows WLAN AutoConfig Client Side API DLL
wlancfg.dll	6.2.10240.16384	Wlan Netsh Helper DLL
wlanconn.dll	6.2.10240.16384	Dot11 Connection Flows
wlandlg.dll	6.2.10240.16384	Wireless Lan Dialog Wizards
wlangpui.dll	6.2.10240.16384	Wireless Network Policy Management Snap-in
wlanhlp.dll	6.2.10240.16384	Windows Wireless LAN 802.11 Client Side Helper API
wlanmm.dll	6.2.10240.16384	Dot11 Media and AdHoc Managers
wlanmsm.dll	6.2.10240.16384	Windows Wireless LAN 802.11 MSM DLL
wlanpref.dll	6.2.10240.16384	Wireless Preferred Networks
wlansec.dll	6.2.10240.16384	Windows Wireless LAN 802.11 MSM Security Module DLL
wlanui.dll	6.2.10240.16384	Wireless Profile UI
wlanutil.dll	6.2.10240.16384	Windows Wireless LAN 802.11 Utility DLL
wldap32.dll	6.2.10240.16384	Win32 LDAP API DLL
wldp.dll	6.2.10240.16384	Windows Lockdown Policy
wlgpclnt.dll	6.2.10240.16384	802.11 Group Policy Client
wlidcli.dll	6.2.10240.16384	Microsoft� Account Dynamic Link Library
wlidcredprov.dll	6.2.10240.16384	Microsoft� Account Credential Provider
wlidfdp.dll	6.2.10240.16384	Microsoft� Account Function Discovery Provider
wlidnsp.dll	6.2.10240.16384	Microsoft� Account Namespace Provider
wlidprov.dll	6.2.10240.16384	Microsoft� Account Provider
wlidres.dll	6.2.10240.16384	Microsoft� Windows Live ID Resource
wls0wndh.dll	6.2.10240.16384	Session0 Viewer Window Hook DLL
wmadmod.dll	6.2.10240.16384	Windows Media Audio Decoder
wmadmoe.dll	6.2.10240.16384	Windows Media Audio 10 Encoder/Transcoder
wmasf.dll	12.0.10240.16384	Windows Media ASF DLL
wmcodecdspps.dll	6.2.10240.16384	Windows Media CodecDSP Proxy Stub Dll
wmdmlog.dll	12.0.10240.16384	Windows Media Device Manager Logger
wmdmps.dll	12.0.10240.16384	Windows Media Device Manager Proxy Stub
wmdrmdev.dll	12.0.10240.16384	Windows Media DRM for Network Devices Registration DLL
wmdrmnet.dll	12.0.10240.16384	Windows Media DRM for Network Devices DLL
wmdrmsdk.dll	11.0.10240.16384	Windows Media DRM SDK DLL
wmerror.dll	12.0.10240.16384	Windows Media Error Definitions (English)
wmi.dll	6.2.10240.16384	WMI DC and DP functionality
wmiclnt.dll	6.2.10240.16384	WMI Client API
wmidcom.dll	6.2.10240.16384	WMI
wmidx.dll	12.0.10240.16384	Windows Media Indexer DLL
wmiprop.dll	6.2.10240.16384	WDM Provider Dynamic Property Page CoInstaller
wmitomi.dll	6.2.10240.16384	CIM Provider Adapter
wmnetmgr.dll	12.0.10240.16384	Windows Media Network Plugin Manager DLL
wmp.dll	12.0.10240.16397	Windows Media Player
wmpdui.dll	12.0.10240.16384	Windows Media Player UI Engine
wmpdxm.dll	12.0.10240.16384	Windows Media Player Extension
wmpeffects.dll	12.0.10240.16384	Windows Media Player Effects
wmphoto.dll	6.2.10240.16384	Windows Media Photo Codec
wmploc.dll	12.0.10240.16384	Windows Media Player Resources
wmpps.dll	12.0.10240.16384	Windows Media Player Proxy Stub Dll
wmpshell.dll	12.0.10240.16384	Windows Media Player Launcher
wmsgapi.dll	6.2.10240.16384	WinLogon IPC Client
wmspdmod.dll	6.2.10240.16384	Windows Media Audio Voice Decoder
wmspdmoe.dll	6.2.10240.16384	Windows Media Audio Voice Encoder
wmvcore.dll	12.0.10240.16384	Windows Media Playback/Authoring DLL
wmvdecod.dll	6.2.10240.16384	Windows Media Video Decoder
wmvdspa.dll	6.2.10240.16384	Windows Media Video DSP Components - Advanced
wmvencod.dll	6.2.10240.16384	Windows Media Video 9 Encoder
wmvsdecd.dll	6.2.10240.16384	Windows Media Screen Decoder
wmvsencd.dll	6.2.10240.16384	Windows Media Screen Encoder
wmvxencd.dll	6.2.10240.16384	Windows Media Video Encoder
wofutil.dll	6.2.10240.16384	Windows Overlay File System Filter user mode API
wordbreakers.dll
workfoldersres.dll	6.2.9200.16384	Work Folders Resources
wow32.dll	6.2.10240.16384	Wow32
wpbcreds.dll	6.2.10240.16384	WP 8.1 upgrade support utility
wpc.dll	6.2.10240.16384	WPC Settings Library
wpdshext.dll	6.2.10240.16384	Portable Devices Shell Extension
wpdshserviceobj.dll	6.2.10240.16384	Windows Portable Device Shell Service Object
wpdsp.dll	6.2.10240.16384	WMDM Service Provider for Windows Portable Devices
wpkbdlayout.dll
wpnapps.dll	6.2.10240.16412	Windows Push Notification Apps
wpportinglibrary.dll	6.2.10240.16384	<d> DLL
ws2_32.dll	6.2.10240.16384	Windows Socket 2.0 32-Bit DLL
ws2help.dll	6.2.10240.16384	Windows Socket 2.0 Helper for Windows NT
wscapi.dll	6.2.10240.16384	Windows Security Center API
wscinterop.dll	6.2.10240.16384	Windows Health Center WSC Interop
wscisvif.dll	6.2.10240.16384	Windows Security Center ISV API
wsclient.dll	6.2.10240.16384	Windows Store Licensing Client
wscproxystub.dll	6.2.10240.16384	Windows Security Center ISV Proxy Stub
wsdapi.dll	6.2.10240.16384	Web Services for Devices API DLL
wsdchngr.dll	6.2.10240.16384	WSD Challenge Component
wsecedit.dll	6.2.10240.16384	Security Configuration UI Module
wshbth.dll	6.2.10240.16384	Windows Sockets Helper DLL
wshcon.dll	5.812.10240.16384	Microsoft � Windows Script Controller
wshelper.dll	6.2.10240.16384	Winsock Net shell helper DLL for winsock
wshext.dll	5.812.10240.16384	Microsoft � Shell Extension for Windows Script Host
wship6.dll	6.2.10240.16384	Winsock2 Helper DLL (TL/IPv6)
wshirda.dll	6.2.10240.16384	Windows Sockets Helper DLL
wshqos.dll	6.2.10240.16384	QoS Winsock2 Helper DLL
wshrm.dll	6.2.10240.16384	Windows Sockets Helper DLL for PGM
wshtcpip.dll	6.2.10240.16384	Winsock2 Helper DLL (TL/IPv4)
wsmagent.dll	6.2.10240.16384	WinRM Agent
wsmanmigrationplugin.dll	6.2.10240.16384	WinRM Migration Plugin
wsmauto.dll	6.2.10240.16384	WSMAN Automation
wsmplpxy.dll	6.2.10240.16384	wsmplpxy
wsmres.dll	6.2.10240.16384	WSMan Resource DLL
wsmsvc.dll	6.2.10240.16384	WSMan Service
wsmwmipl.dll	6.2.10240.16384	WSMAN WMI Provider
wsnmp32.dll	6.2.10240.16384	Microsoft WinSNMP v2.0 Manager API
wsock32.dll	6.2.10240.16384	Windows Socket 32-Bit DLL
wsp_fs.dll	6.2.10240.16384	Windows Storage Provider for FileShare management
wsp_health.dll	6.2.10240.16384	Windows Storage Provider for Health Agent API
wsp_sr.dll	6.2.10240.16384	Windows Storage Provider for Storage Replication management
wsshared.dll	6.2.10240.16384	WSShared DLL
wssync.dll	6.2.10240.16384	Windows Store Licensing Sync Client
wtsapi32.dll	6.2.10240.16384	Windows Remote Desktop Session Host Server SDK APIs
wuapi.dll	6.2.10240.16397	Windows Update Client API
wudriver.dll	6.2.10240.16384	Windows Update WUDriver Stub
wups.dll	6.2.10240.16384	Windows Update client proxy stub
wvc.dll	6.2.10240.16384	Windows Visual Components
wwaapi.dll	6.2.10240.16384	Microsoft Web Application Host API library
wwaext.dll	6.2.10240.16384	Microsoft Web Application Host Extension library
wwanapi.dll	6.2.10240.16384	Mbnapi
wwapi.dll	8.1.10240.16384	WWAN API
xamldiagnostics.dll	6.2.10240.16384	Xaml Diagnostics
xaudio2_8.dll	6.2.10240.16384	XAudio2 Game Audio API
xaudio2_9.dll	6.2.10240.16384	XAudio2 Game Audio API
xblauthmanagerproxy.dll	6.2.10240.16384	XblAuthManagerProxy
xblauthtokenbrokerext.dll	6.2.10240.16384	Xbox Live Token Broker Extension
xblgamesaveproxy.dll	6.2.10240.16384	Xbox Connected Storage Service Proxies and Stubs
xinput1_4.dll	6.2.10240.16384	Microsoft Common Controller API
xinput9_1_0.dll	6.2.10240.16384	XNA Common Controller
xinputuap.dll	6.2.10240.16384	Microsoft Common Controller API
xmlfilter.dll	2008.0.10240.16384	XML Filter
xmllite.dll	6.2.10240.16384	Microsoft XmlLite Library
xmlprovi.dll	6.2.10240.16384	Network Provisioning Service Client API
xolehlp.dll	2001.12.10941.16384	Microsoft Distributed Transaction Coordinator Helper APIs DLL
xpsdocumenttargetprint.dll	6.2.10240.16384	XPS DocumentTargetPrint DLL
xpsfilt.dll	6.2.10240.16384	XML Paper Specification Document IFilter
xpsgdiconverter.dll	6.2.10240.16384	XPS to GDI Converter
xpsprint.dll	6.2.10240.16384	XPS Printing DLL
xpsrasterservice.dll	6.2.10240.16384	XPS Rasterization Service Component
xpsservices.dll	6.2.10240.16384	Xps Object Model in memory creation and deserialization
xpsshhdr.dll	6.2.10240.16384	OPC Shell Metadata Handler
xwizards.dll	6.2.10240.16384	Extensible Wizards Manager Module
xwreg.dll	6.2.10240.16384	Extensible Wizard Registration Manager Module
xwtpdui.dll	6.2.10240.16384	Extensible Wizard Type Plugin for DUI
xwtpw32.dll	6.2.10240.16384	Extensible Wizard Type Plugin for Win32
zipfldr.dll	6.2.10240.16384	Compressed (zipped) Folders
ztrace_ca.dll	6.2.10240.16384	Ztrace_ca DLL
ztrace_maps.dll	6.2.10240.16384	ZTrace Event Resources

UpTime


Current Session:
	Last Shutdown Time	23-9-2015 8:19:38 PM
	Last Boot Time	24-9-2015 11:52:58 AM
	Current Time	26-9-2015 6:01:09 PM
	UpTime	194900 sec (2 days, 6 hours, 8 min, 20 sec)

UpTime Statistics:
	First Boot Time	18-7-2015 9:51:48 AM
	First Shutdown Time	18-7-2015 9:55:28 AM
	Total UpTime	5610548 sec (64 days, 22 hours, 29 min, 8 sec)
	Total DownTime	466844 sec (5 days, 9 hours, 40 min, 44 sec)
	Longest UpTime	1078498 sec (12 days, 11 hours, 34 min, 58 sec)
	Longest DownTime	91735 sec (1 days, 1 hours, 28 min, 55 sec)
	Total Reboots	38
	System Availability	92.32%

Bluescreen Statistics:
	Total Bluescreens	0

Information:
	Information	The above statistics are based on System Event Log entries


Share Name	Type	Remark	Local Path
My Apps	Folder		C:\ProgramData\BlueStacks\UserData\Library\My Apps
Users	Folder		C:\Users
ADMIN$	Folder	Remote Admin	C:\WINDOWS
C$	Folder	Default share	C:\
D$	Folder	Default share	D:\
E$	Folder	Default share	E:\
print$	Folder	Printer Drivers	C:\Windows\system32\spool\drivers
IPC$	IPC	Remote IPC

Account Security


Account Security Properties:
	Computer Role	Primary
	Domain Name	vanbangit
	Primary Domain Controller	Not Specified
	Forced Logoff Time	Disabled
	Min / Max Password Age	0 / 42 days
	Minimum Password Length	0 chars
	Password History Length	Disabled
	Lockout Threshold	Disabled
	Lockout Duration	30 min
	Lockout Observation Window	30 min

Logon


User	Full Name	Logon Server	Logon Domain
truongvanbang@hotmail.com			MicrosoftAccount
truongvanbang@hotmail.com			MicrosoftAccount

Users


[ Administrator ]

	User Properties:
		User Name	Administrator
		Full Name	Administrator
		Comment	Built-in account for administering the computer/domain
		Member Of Groups	Administrators
		Logon Count	1
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	Yes
		Locked Out User	No
		Home Folder Required	No
		Password Required	Yes
		Read-Only Password	No
		Password Never Expires	Yes

[ DefaultAccount ]

	User Properties:
		User Name	DefaultAccount
		Full Name	DefaultAccount
		Comment	A user account managed by the system.
		Logon Count	0
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	Yes
		Locked Out User	No
		Home Folder Required	No
		Password Required	Yes
		Read-Only Password	No
		Password Never Expires	No

[ Guest ]

	User Properties:
		User Name	Guest
		Full Name	Guest
		Comment	Built-in account for guest access to the computer/domain
		Member Of Groups	Guests
		Logon Count	0
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	Yes
		Locked Out User	No
		Home Folder Required	No
		Password Required	No
		Read-Only Password	Yes
		Password Never Expires	Yes

[ HomeGroupUser$ ]

	User Properties:
		User Name	HomeGroupUser$
		Full Name	HomeGroupUser$
		Comment	Built-in account for homegroup access to the computer
		Member Of Groups	HomeUsers
		Logon Count	0
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	No
		Locked Out User	No
		Home Folder Required	No
		Password Required	Yes
		Read-Only Password	No
		Password Never Expires	Yes

[ Truong ]

	User Properties:
		User Name	Truong
		Full Name	Truong Van Bang
		Member Of Groups	HomeUsers; Administrators
		Logon Count	0
		Disk Quota	-

	User Features:
		Logon Script Executed	Yes
		Account Disabled	No
		Locked Out User	No
		Home Folder Required	No
		Password Required	Yes
		Read-Only Password	No
		Password Never Expires	Yes

Local Groups


[ Access Control Assistance Operators ]

	Local Group Properties:
		Comment	Members of this group can remotely query authorization attributes and permissions for resources on this computer.

[ Administrators ]

	Local Group Properties:
		Comment	Administrators have complete and unrestricted access to the computer/domain

	Group Members:
		Administrator
		Truong	Truong Van Bang

[ Backup Operators ]

	Local Group Properties:
		Comment	Backup Operators can override security restrictions for the sole purpose of backing up or restoring files

[ Cryptographic Operators ]

	Local Group Properties:
		Comment	Members are authorized to perform cryptographic operations.

[ Distributed COM Users ]

	Local Group Properties:
		Comment	Members are allowed to launch, activate and use Distributed COM objects on this machine.

[ Event Log Readers ]

	Local Group Properties:
		Comment	Members of this group can read event logs from local machine

[ Guests ]

	Local Group Properties:
		Comment	Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted

	Group Members:
		Guest

[ HomeUsers ]

	Local Group Properties:
		Comment	HomeUsers Security Group

	Group Members:
		HomeGroupUser$	HomeGroupUser$
		S-1-11-96-3623454863-58364-18864-2661722203-1597581903-1073243076-1567030449-1863934628-2410208216-2729372557
		Truong	Truong Van Bang
		WMPNetworkSvc

[ Hyper-V Administrators ]

	Local Group Properties:
		Comment	Members of this group have complete and unrestricted access to all features of Hyper-V.

[ IIS_IUSRS ]

	Local Group Properties:
		Comment	Built-in group used by Internet Information Services.

	Group Members:
		IUSR

[ Network Configuration Operators ]

	Local Group Properties:
		Comment	Members in this group can have some administrative privileges to manage configuration of networking features

[ Performance Log Users ]

	Local Group Properties:
		Comment	Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer

[ Performance Monitor Users ]

	Local Group Properties:
		Comment	Members of this group can access performance counter data locally and remotely

[ Power Users ]

	Local Group Properties:
		Comment	Power Users are included for backwards compatibility and possess limited administrative powers

[ Remote Desktop Users ]

	Local Group Properties:
		Comment	Members in this group are granted the right to logon remotely

[ Remote Management Users ]

	Local Group Properties:
		Comment	Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user.

[ Replicator ]

	Local Group Properties:
		Comment	Supports file replication in a domain

[ System Managed Accounts Group ]

	Local Group Properties:
		Comment	Members of this group are managed by the system.

[ Users ]

	Local Group Properties:
		Comment	Users are prevented from making accidental or intentional system-wide changes and can run most applications

	Group Members:
		Authenticated Users
		INTERACTIVE

[ WinRMRemoteWMIUsers__ ]

	Local Group Properties:
		Comment	Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user.

Global Groups


[ None ]

	Global Group Properties:
		Comment	Ordinary users

	Group Members:
		Administrator
		DefaultAccount
		Guest
		HomeGroupUser$	HomeGroupUser$
		Truong	Truong Van Bang

Windows Video


[ Intel(R) HD Graphics 4000 ]

	Video Adapter Properties:
		Device Description	Intel(R) HD Graphics 4000
		Adapter String	Intel(R) HD Graphics 4000
		BIOS String	Intel Video BIOS
		Chip Type	Intel(R) HD Graphics Family
		DAC Type	Internal
		Driver Date	10-7-2015
		Driver Version	10.18.10.4252
		Driver Provider	Intel Corporation
		Memory Size	2112 MB

	Installed Drivers:
		igdumdim64	10.18.10.4252
		igd10iumd64	10.18.10.4252
		igd10iumd64	10.18.10.4252
		igdumdim32	10.18.10.4252
		igd10iumd32	10.18.10.4252
		igd10iumd32	10.18.10.4252

	Video Adapter Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

[ Intel(R) HD Graphics 4000 ]

	Video Adapter Properties:
		Device Description	Intel(R) HD Graphics 4000
		Adapter String	Intel(R) HD Graphics 4000
		BIOS String	Intel Video BIOS
		Chip Type	Intel(R) HD Graphics Family
		DAC Type	Internal
		Driver Date	10-7-2015
		Driver Version	10.18.10.4252
		Driver Provider	Intel Corporation
		Memory Size	2112 MB

	Installed Drivers:
		igdumdim64	10.18.10.4252
		igd10iumd64	10.18.10.4252
		igd10iumd64	10.18.10.4252
		igdumdim32	10.18.10.4252
		igd10iumd32	10.18.10.4252
		igd10iumd32	10.18.10.4252

	Video Adapter Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

[ Intel(R) HD Graphics 4000 ]

	Video Adapter Properties:
		Device Description	Intel(R) HD Graphics 4000
		Adapter String	Intel(R) HD Graphics 4000
		BIOS String	Intel Video BIOS
		Chip Type	Intel(R) HD Graphics Family
		DAC Type	Internal
		Driver Date	10-7-2015
		Driver Version	10.18.10.4252
		Driver Provider	Intel Corporation
		Memory Size	2112 MB

	Installed Drivers:
		igdumdim64	10.18.10.4252
		igd10iumd64	10.18.10.4252
		igd10iumd64	10.18.10.4252
		igdumdim32	10.18.10.4252
		igd10iumd32	10.18.10.4252
		igd10iumd32	10.18.10.4252

	Video Adapter Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

PCI / AGP Video


		Device Description	Device Type
		Intel HD Graphics 4000	Video Adapter
		Intel HD Graphics 4000	3D Accelerator

GPU


[ Integrated: Intel Ivy Bridge-MB - Integrated Graphics Controller (MB GT2) ]

	Graphics Processor Properties:
		Video Adapter	Intel Ivy Bridge-MB - Integrated Graphics Controller (MB GT2)
		GPU Code Name	Ivy Bridge-MB GT2
		PCI Device	8086-0166 / 1043-10AC (Rev 09)
		Process Technology	22 nm
		Bus Type	Integrated
		RAMDAC Clock	350 MHz
		Pixel Pipelines	4
		TMU Per Pipeline	1
		Unified Shaders	64 (v5.0)
		DirectX Hardware Support	DirectX v11

	Utilization:
		Dedicated Memory	13 MB
		Dynamic Memory	37 MB

	Graphics Processor Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

Monitor


[ BOEhydis HB140WX1-100 ]

	Monitor Properties:
		Monitor Name	BOEhydis HB140WX1-100
		Monitor ID	BOE05B1
		Manufacturer	BOE HF
		Model	HB140WX1-100
		Monitor Type	14" LCD (WXGA)
		Manufacture Date	Week 1 / 2011
		Serial Number	None
		Max. Visible Display Size	31 cm x 17 cm (13.9")
		Picture Aspect Ratio	17:9
		Horizontal Frequency	31 - 83 kHz
		Vertical Frequency	56 - 76 Hz
		Maximum Resolution	1366 x 768
		Gamma	2.20
		DPMS Mode Support	None

	Supported Video Modes:
		640 x 480	76 Hz
		800 x 480	76 Hz
		800 x 600	76 Hz
		1024 x 600	76 Hz
		1024 x 768	76 Hz
		1280 x 720	76 Hz
		1280 x 768	76 Hz
		1366 x 768	76 Hz

Desktop


Desktop Properties:
	Device Technology	Raster Display
	Resolution	1366 x 768
	Color Depth	32-bit
	Color Planes	1
	Font Resolution	96 dpi
	Pixel Width / Height	36 / 36
	Pixel Diagonal	51
	Vertical Refresh Rate	60 Hz
	Desktop Wallpaper	c:\users\truong\appdata\local\microsoft\windows\themes\transcodedwallpaper

Desktop Effects:
	Combo-Box Animation	Enabled
	Drop Shadow Effect	Enabled
	Flat Menu Effect	Enabled
	Font Smoothing	Enabled
	ClearType	Enabled
	Full Window Dragging	Enabled
	Gradient Window Title Bars	Enabled
	Hide Menu Access Keys	Enabled
	Hot Tracking Effect	Enabled
	Icon Title Wrapping	Enabled
	List-Box Smooth Scrolling	Enabled
	Menu Animation	Enabled
	Menu Fade Effect	Enabled
	Minimize/Restore Animation	Enabled
	Mouse Cursor Shadow	Disabled
	Selection Fade Effect	Enabled
	ShowSounds Accessibility Feature	Disabled
	ToolTip Animation	Enabled
	ToolTip Fade Effect	Enabled
	Windows Aero	Enabled
	Windows Plus! Extension	Disabled

Multi-Monitor


Device ID	Primary	Upper Left Corner	Bottom Right Corner
\\.\DISPLAY1	Yes	(0,0)	(1366,768)

Video Modes


Resolution	Color Depth	Refresh Rate
320 x 200	32-bit	60 Hz
320 x 200	32-bit	60 Hz
320 x 200	32-bit	60 Hz
320 x 240	32-bit	60 Hz
320 x 240	32-bit	60 Hz
320 x 240	32-bit	60 Hz
400 x 300	32-bit	60 Hz
400 x 300	32-bit	60 Hz
400 x 300	32-bit	60 Hz
512 x 384	32-bit	60 Hz
512 x 384	32-bit	60 Hz
512 x 384	32-bit	60 Hz
640 x 400	32-bit	60 Hz
640 x 400	32-bit	60 Hz
640 x 400	32-bit	60 Hz
640 x 480	32-bit	60 Hz
640 x 480	32-bit	60 Hz
640 x 480	32-bit	60 Hz
800 x 600	32-bit	60 Hz
800 x 600	32-bit	60 Hz
800 x 600	32-bit	60 Hz
1024 x 768	32-bit	60 Hz
1024 x 768	32-bit	60 Hz
1024 x 768	32-bit	60 Hz
1280 x 600	32-bit	60 Hz
1280 x 600	32-bit	60 Hz
1280 x 600	32-bit	60 Hz
1280 x 720	32-bit	60 Hz
1280 x 720	32-bit	60 Hz
1280 x 720	32-bit	60 Hz
1280 x 768	32-bit	60 Hz
1280 x 768	32-bit	60 Hz
1280 x 768	32-bit	60 Hz
1360 x 768	32-bit	60 Hz
1360 x 768	32-bit	60 Hz
1360 x 768	32-bit	60 Hz
1366 x 768	32-bit	60 Hz

OpenGL


OpenGL Properties:
	Vendor	Intel
	Renderer	Intel(R) HD Graphics 4000
	Version	4.0.0 - Build 10.18.10.4252
	Shading Language Version	4.00 - Build 10.18.10.4252
	OpenGL DLL	10.0.10240.16384(th1.150709-1700)
	Multitexture Texture Units	8
	Occlusion Query Counter Bits	64
	Sub-Pixel Precision	4-bit
	Max Viewport Size	16384 x 16384
	Max Cube Map Texture Size	16384 x 16384
	Max Rectangle Texture Size	16384 x 16384
	Max 3D Texture Size	2048 x 2048 x 2048
	Max Anisotropy	16
	Max Clipping Planes	8
	Max Display-List Nesting Level	64
	Max Draw Buffers	8
	Max Evaluator Order	32
	Max Light Sources	8
	Max Pixel Map Table Size	65536
	Min / Max Program Texel Offset	-8 / 7
	Max Texture Array Layers	2048
	Max Texture LOD Bias	15

OpenGL Compliancy:
	OpenGL 1.1	Yes (100%)
	OpenGL 1.2	Yes (100%)
	OpenGL 1.3	Yes (100%)
	OpenGL 1.4	Yes (100%)
	OpenGL 1.5	Yes (100%)
	OpenGL 2.0	Yes (100%)
	OpenGL 2.1	Yes (100%)
	OpenGL 3.0	Yes (100%)
	OpenGL 3.1	Yes (100%)
	OpenGL 3.2	Yes (100%)
	OpenGL 3.3	Yes (100%)
	OpenGL 4.0	Yes (100%)
	OpenGL 4.1	No (85%)
	OpenGL 4.2	No (83%)
	OpenGL 4.3	No (42%)

Max Stack Depth:
	Attribute Stack	16
	Client Attribute Stack	16
	Modelview Matrix Stack	32
	Name Stack	128
	Projection Matrix Stack	4
	Texture Matrix Stack	10

Draw Range Elements:
	Max Index Count	1048576
	Max Vertex Count	1048576

Transform Feedback:
	Max Interleaved Components	128
	Max Separate Attributes	4
	Max Separate Components	4

Framebuffer Object:
	Max Color Attachments	8
	Max Render Buffer Size	16384 x 16384

Vertex Shader:
	Max Uniform Vertex Components	4096
	Max Varying Floats	64
	Max Vertex Texture Image Units	16
	Max Combined Texture Image Units	96

Geometry Shader:
	Max Geometry Texture Units	16
	Max Varying Components	64
	Max Geometry Varying Components	64
	Max Vertex Varying Components	32
	Max Geometry Uniform Components	4096
	Max Geometry Output Vertices	256
	Max Geometry Total Output Components	1024

Fragment Shader:
	Max Uniform Fragment Components	4096

Vertex Program:
	Max Local Parameters	256
	Max Environment Parameters	300
	Max Program Matrices	8
	Max Program Matrix Stack Depth	2
	Max Vertex Attributes	16
	Max Instructions	1024
	Max Native Instructions	1024
	Max Temporaries	31
	Max Native Temporaries	31
	Max Parameters	512
	Max Native Parameters	400
	Max Attributes	16
	Max Native Attributes	16
	Max Address Registers	1
	Max Native Address Registers	1

Fragment Program:
	Max Local Parameters	256
	Max Environment Parameters	256
	Max Texture Coordinates	8
	Max Texture Image Units	16
	Max Instructions	1447
	Max Native Instructions	1447
	Max Temporaries	256
	Max Native Temporaries	256
	Max Parameters	512
	Max Native Parameters	32
	Max Attributes	13
	Max Native Attributes	13
	Max Address Registers	0
	Max Native Address Registers	0
	Max ALU Instructions	1447
	Max Native ALU Instructions	1447
	Max Texture Instructions	1447
	Max Native Texture Instructions	1447
	Max Texture Indirections	128
	Max Native Texture Indirections	128

OpenGL Extensions:
	Total / Supported Extensions	816 / 188
	GL_3DFX_multisample	Not Supported
	GL_3DFX_tbuffer	Not Supported
	GL_3DFX_texture_compression_FXT1	Supported
	GL_3DL_direct_texture_access2	Not Supported
	GL_3Dlabs_multisample_transparency_id	Not Supported
	GL_3Dlabs_multisample_transparency_range	Not Supported
	GL_AMD_blend_minmax_factor	Not Supported
	GL_AMD_compressed_3DC_texture	Not Supported
	GL_AMD_compressed_ATC_texture	Not Supported
	GL_AMD_conservative_depth	Not Supported
	GL_AMD_debug_output	Not Supported
	GL_AMD_depth_clamp_separate	Not Supported
	GL_AMD_draw_buffers_blend	Not Supported
	GL_AMD_multi_draw_indirect	Not Supported
	GL_AMD_name_gen_delete	Not Supported
	GL_AMD_performance_monitor	Not Supported
	GL_AMD_pinned_memory	Not Supported
	GL_AMD_program_binary_Z400	Not Supported
	GL_AMD_query_buffer_object	Not Supported
	GL_AMD_sample_positions	Not Supported
	GL_AMD_seamless_cubemap_per_texture	Not Supported
	GL_AMD_shader_stencil_export	Not Supported
	GL_AMD_shader_stencil_value_export	Not Supported
	GL_AMD_shader_trace	Not Supported
	GL_AMD_sparse_texture	Not Supported
	GL_AMD_stencil_operation_extended	Not Supported
	GL_AMD_texture_compression_dxt6	Not Supported
	GL_AMD_texture_compression_dxt7	Not Supported
	GL_AMD_texture_cube_map_array	Not Supported
	GL_AMD_texture_texture4	Not Supported
	GL_AMD_transform_feedback3_lines_triangles	Not Supported
	GL_AMD_transform_feedback4	Not Supported
	GL_AMD_vertex_shader_layer	Not Supported
	GL_AMD_vertex_shader_tessellator	Not Supported
	GL_AMD_vertex_shader_viewport_index	Not Supported
	GL_AMDX_debug_output	Not Supported
	GL_AMDX_name_gen_delete	Not Supported
	GL_AMDX_random_access_target	Not Supported
	GL_AMDX_vertex_shader_tessellator	Not Supported
	GL_ANGLE_framebuffer_blit	Not Supported
	GL_ANGLE_framebuffer_multisample	Not Supported
	GL_ANGLE_instanced_arrays	Not Supported
	GL_ANGLE_pack_reverse_row_order	Not Supported
	GL_ANGLE_texture_compression_dxt3	Not Supported
	GL_ANGLE_texture_compression_dxt5	Not Supported
	GL_ANGLE_texture_usage	Not Supported
	GL_ANGLE_translated_shader_source	Not Supported
	GL_APPLE_aux_depth_stencil	Not Supported
	GL_APPLE_client_storage	Not Supported
	GL_APPLE_copy_texture_levels	Not Supported
	GL_APPLE_element_array	Not Supported
	GL_APPLE_fence	Not Supported
	GL_APPLE_float_pixels	Not Supported
	GL_APPLE_flush_buffer_range	Not Supported
	GL_APPLE_flush_render	Not Supported
	GL_APPLE_framebuffer_multisample	Not Supported
	GL_APPLE_object_purgeable	Not Supported
	GL_APPLE_packed_pixel	Not Supported
	GL_APPLE_packed_pixels	Not Supported
	GL_APPLE_pixel_buffer	Not Supported
	GL_APPLE_rgb_422	Not Supported
	GL_APPLE_specular_vector	Not Supported
	GL_APPLE_sync	Not Supported
	GL_APPLE_texture_2D_limited_npot	Not Supported
	GL_APPLE_texture_format_BGRA8888	Not Supported
	GL_APPLE_texture_max_level	Not Supported
	GL_APPLE_texture_range	Not Supported
	GL_APPLE_transform_hint	Not Supported
	GL_APPLE_vertex_array_object	Not Supported
	GL_APPLE_vertex_array_range	Not Supported
	GL_APPLE_vertex_program_evaluators	Not Supported
	GL_APPLE_ycbcr_422	Not Supported
	GL_ARB_arrays_of_arrays	Supported
	GL_ARB_base_instance	Supported
	GL_ARB_blend_func_extended	Supported
	GL_ARB_buffer_storage	Supported
	GL_ARB_clear_buffer_object	Not Supported
	GL_ARB_color_buffer_float	Supported
	GL_ARB_compatibility	Supported
	GL_ARB_compressed_texture_pixel_storage	Supported
	GL_ARB_compute_shader	Not Supported
	GL_ARB_conservative_depth	Supported
	GL_ARB_copy_buffer	Supported
	GL_ARB_copy_image	Not Supported
	GL_ARB_debug_group	Not Supported
	GL_ARB_debug_label	Not Supported
	GL_ARB_debug_output	Supported
	GL_ARB_debug_output2	Not Supported
	GL_ARB_depth_buffer_float	Supported
	GL_ARB_depth_clamp	Supported
	GL_ARB_depth_texture	Supported
	GL_ARB_draw_buffers	Supported
	GL_ARB_draw_buffers_blend	Supported
	GL_ARB_draw_elements_base_vertex	Supported
	GL_ARB_draw_indirect	Supported
	GL_ARB_draw_instanced	Supported
	GL_ARB_ES2_compatibility	Supported
	GL_ARB_ES3_compatibility	Supported
	GL_ARB_explicit_attrib_location	Supported
	GL_ARB_explicit_uniform_location	Not Supported
	GL_ARB_fragment_coord_conventions	Supported
	GL_ARB_fragment_layer_viewport	Not Supported
	GL_ARB_fragment_program	Supported
	GL_ARB_fragment_program_shadow	Supported
	GL_ARB_fragment_shader	Supported
	GL_ARB_framebuffer_no_attachments	Supported
	GL_ARB_framebuffer_object	Supported
	GL_ARB_framebuffer_sRGB	Supported
	GL_ARB_geometry_shader4	Supported
	GL_ARB_get_program_binary	Supported
	GL_ARB_gpu_shader_fp64	Supported
	GL_ARB_gpu_shader5	Supported
	GL_ARB_half_float_pixel	Supported
	GL_ARB_half_float_vertex	Supported
	GL_ARB_imaging	Not Supported
	GL_ARB_instanced_arrays	Supported
	GL_ARB_internalformat_query	Supported
	GL_ARB_internalformat_query2	Supported
	GL_ARB_invalidate_subdata	Not Supported
	GL_ARB_make_current_read	Not Supported
	GL_ARB_map_buffer_alignment	Supported
	GL_ARB_map_buffer_range	Supported
	GL_ARB_matrix_palette	Not Supported
	GL_ARB_multi_draw_indirect	Supported
	GL_ARB_multisample	Supported
	GL_ARB_multitexture	Supported
	GL_ARB_occlusion_query	Supported
	GL_ARB_occlusion_query2	Supported
	GL_ARB_pixel_buffer_object	Supported
	GL_ARB_point_parameters	Supported
	GL_ARB_point_sprite	Supported
	GL_ARB_program_interface_query	Supported
	GL_ARB_provoking_vertex	Supported
	GL_ARB_robust_buffer_access_behavior	Not Supported
	GL_ARB_robustness	Supported
	GL_ARB_robustness_isolation	Not Supported
	GL_ARB_sample_shading	Supported
	GL_ARB_sampler_objects	Supported
	GL_ARB_seamless_cube_map	Supported
	GL_ARB_separate_shader_objects	Supported
	GL_ARB_shader_atomic_counters	Supported
	GL_ARB_shader_bit_encoding	Supported
	GL_ARB_shader_image_load_store	Not Supported
	GL_ARB_shader_image_size	Not Supported
	GL_ARB_shader_objects	Supported
	GL_ARB_shader_precision	Supported
	GL_ARB_shader_stencil_export	Not Supported
	GL_ARB_shader_storage_buffer_object	Not Supported
	GL_ARB_shader_subroutine	Supported
	GL_ARB_shader_texture_lod	Not Supported
	GL_ARB_shading_language_100	Supported
	GL_ARB_shading_language_120	Not Supported
	GL_ARB_shading_language_420pack	Supported
	GL_ARB_shading_language_include	Not Supported
	GL_ARB_shading_language_packing	Supported
	GL_ARB_shadow	Supported
	GL_ARB_shadow_ambient	Not Supported
	GL_ARB_stencil_texturing	Supported
	GL_ARB_swap_buffers	Not Supported
	GL_ARB_sync	Supported
	GL_ARB_tessellation_shader	Supported
	GL_ARB_texture_border_clamp	Supported
	GL_ARB_texture_buffer_object	Not Supported
	GL_ARB_texture_buffer_object_rgb32	Supported
	GL_ARB_texture_buffer_range	Supported
	GL_ARB_texture_compression	Supported
	GL_ARB_texture_compression_bptc	Supported
	GL_ARB_texture_compression_rgtc	Supported
	GL_ARB_texture_compression_rtgc	Not Supported
	GL_ARB_texture_cube_map	Supported
	GL_ARB_texture_cube_map_array	Supported
	GL_ARB_texture_env_add	Supported
	GL_ARB_texture_env_combine	Supported
	GL_ARB_texture_env_crossbar	Supported
	GL_ARB_texture_env_dot3	Supported
	GL_ARB_texture_float	Supported
	GL_ARB_texture_gather	Supported
	GL_ARB_texture_mirrored_repeat	Not Supported
	GL_ARB_texture_multisample	Supported
	GL_ARB_texture_non_power_of_two	Supported
	GL_ARB_texture_query_levels	Not Supported
	GL_ARB_texture_query_lod	Supported
	GL_ARB_texture_rectangle	Supported
	GL_ARB_texture_rg	Supported
	GL_ARB_texture_rgb10_a2ui	Supported
	GL_ARB_texture_snorm	Not Supported
	GL_ARB_texture_storage	Supported
	GL_ARB_texture_storage_multisample	Supported
	GL_ARB_texture_swizzle	Supported
	GL_ARB_texture_view	Not Supported
	GL_ARB_timer_query	Supported
	GL_ARB_transform_feedback_instanced	Supported
	GL_ARB_transform_feedback2	Supported
	GL_ARB_transform_feedback3	Supported
	GL_ARB_transpose_matrix	Supported
	GL_ARB_uber_buffers	Not Supported
	GL_ARB_uber_mem_image	Not Supported
	GL_ARB_uber_vertex_array	Not Supported
	GL_ARB_uniform_buffer_object	Supported
	GL_ARB_vertex_array_bgra	Supported
	GL_ARB_vertex_array_object	Supported
	GL_ARB_vertex_attrib_64bit	Supported
	GL_ARB_vertex_attrib_binding	Supported
	GL_ARB_vertex_blend	Not Supported
	GL_ARB_vertex_buffer_object	Supported
	GL_ARB_vertex_program	Supported
	GL_ARB_vertex_shader	Supported
	GL_ARB_vertex_type_2_10_10_10_rev	Supported
	GL_ARB_viewport_array	Supported
	GL_ARB_window_pos	Supported
	GL_ARM_mali_program_binary	Not Supported
	GL_ARM_mali_shader_binary	Not Supported
	GL_ARM_rgba8	Not Supported
	GL_ATI_array_rev_comps_in_4_bytes	Not Supported
	GL_ATI_blend_equation_separate	Not Supported
	GL_ATI_blend_weighted_minmax	Not Supported
	GL_ATI_draw_buffers	Not Supported
	GL_ATI_element_array	Not Supported
	GL_ATI_envmap_bumpmap	Not Supported
	GL_ATI_fragment_shader	Not Supported
	GL_ATI_lock_texture	Not Supported
	GL_ATI_map_object_buffer	Not Supported
	GL_ATI_meminfo	Not Supported
	GL_ATI_pixel_format_float	Not Supported
	GL_ATI_pn_triangles	Not Supported
	GL_ATI_point_cull_mode	Not Supported
	GL_ATI_separate_stencil	Supported
	GL_ATI_shader_texture_lod	Not Supported
	GL_ATI_text_fragment_shader	Not Supported
	GL_ATI_texture_compression_3dc	Not Supported
	GL_ATI_texture_env_combine3	Not Supported
	GL_ATI_texture_float	Not Supported
	GL_ATI_texture_mirror_once	Not Supported
	GL_ATI_vertex_array_object	Not Supported
	GL_ATI_vertex_attrib_array_object	Not Supported
	GL_ATI_vertex_blend	Not Supported
	GL_ATI_vertex_shader	Not Supported
	GL_ATI_vertex_streams	Not Supported
	GL_ATIX_pn_triangles	Not Supported
	GL_ATIX_texture_env_combine3	Not Supported
	GL_ATIX_texture_env_route	Not Supported
	GL_ATIX_vertex_shader_output_point_size	Not Supported
	GL_Autodesk_facet_normal	Not Supported
	GL_Autodesk_valid_back_buffer_hint	Not Supported
	GL_DIMD_YUV	Not Supported
	GL_DMP_shader_binary	Not Supported
	GL_EXT_422_pixels	Not Supported
	GL_EXT_abgr	Supported
	GL_EXT_bgra	Supported
	GL_EXT_bindable_uniform	Not Supported
	GL_EXT_blend_color	Supported
	GL_EXT_blend_equation_separate	Supported
	GL_EXT_blend_func_separate	Supported
	GL_EXT_blend_logic_op	Not Supported
	GL_EXT_blend_minmax	Supported
	GL_EXT_blend_subtract	Supported
	GL_EXT_Cg_shader	Not Supported
	GL_EXT_clip_volume_hint	Supported
	GL_EXT_cmyka	Not Supported
	GL_EXT_color_buffer_half_float	Not Supported
	GL_EXT_color_matrix	Not Supported
	GL_EXT_color_subtable	Not Supported
	GL_EXT_color_table	Not Supported
	GL_EXT_compiled_vertex_array	Supported
	GL_EXT_convolution	Not Supported
	GL_EXT_convolution_border_modes	Not Supported
	GL_EXT_coordinate_frame	Not Supported
	GL_EXT_copy_buffer	Not Supported
	GL_EXT_copy_texture	Not Supported
	GL_EXT_cull_vertex	Not Supported
	GL_EXT_debug_label	Not Supported
	GL_EXT_debug_marker	Not Supported
	GL_EXT_depth_bounds_test	Not Supported
	GL_EXT_depth_buffer_float	Not Supported
	GL_EXT_direct_state_access	Not Supported
	GL_EXT_discard_framebuffer	Not Supported
	GL_EXT_draw_buffers2	Supported
	GL_EXT_draw_indirect	Not Supported
	GL_EXT_draw_instanced	Not Supported
	GL_EXT_draw_range_elements	Supported
	GL_EXT_fog_coord	Supported
	GL_EXT_fog_function	Not Supported
	GL_EXT_fog_offset	Not Supported
	GL_EXT_frag_depth	Not Supported
	GL_EXT_fragment_lighting	Not Supported
	GL_EXT_framebuffer_blit	Supported
	GL_EXT_framebuffer_multisample	Supported
	GL_EXT_framebuffer_multisample_blit_scaled	Not Supported
	GL_EXT_framebuffer_object	Supported
	GL_EXT_framebuffer_sRGB	Not Supported
	GL_EXT_generate_mipmap	Not Supported
	GL_EXT_geometry_shader4	Supported
	GL_EXT_gpu_program_parameters	Supported
	GL_EXT_gpu_shader_fp64	Not Supported
	GL_EXT_gpu_shader4	Supported
	GL_EXT_gpu_shader5	Not Supported
	GL_EXT_histogram	Not Supported
	GL_EXT_import_sync_object	Not Supported
	GL_EXT_index_array_formats	Not Supported
	GL_EXT_index_func	Not Supported
	GL_EXT_index_material	Not Supported
	GL_EXT_index_texture	Not Supported
	GL_EXT_interlace	Not Supported
	GL_EXT_light_texture	Not Supported
	GL_EXT_map_buffer_range	Not Supported
	GL_EXT_misc_attribute	Not Supported
	GL_EXT_multi_draw_arrays	Supported
	GL_EXT_multisample	Not Supported
	GL_EXT_multisampled_render_to_texture	Not Supported
	GL_EXT_multiview_draw_buffers	Not Supported
	GL_EXT_occlusion_query_boolean	Not Supported
	GL_EXT_packed_depth_stencil	Supported
	GL_EXT_packed_float	Supported
	GL_EXT_packed_pixels	Supported
	GL_EXT_packed_pixels_12	Not Supported
	GL_EXT_paletted_texture	Not Supported
	GL_EXT_pixel_buffer_object	Not Supported
	GL_EXT_pixel_format	Not Supported
	GL_EXT_pixel_texture	Not Supported
	GL_EXT_pixel_transform	Not Supported
	GL_EXT_pixel_transform_color_table	Not Supported
	GL_EXT_point_parameters	Not Supported
	GL_EXT_polygon_offset	Not Supported
	GL_EXT_provoking_vertex	Not Supported
	GL_EXT_read_format_bgra	Not Supported
	GL_EXT_rescale_normal	Supported
	GL_EXT_robustness	Not Supported
	GL_EXT_scene_marker	Not Supported
	GL_EXT_secondary_color	Supported
	GL_EXT_separate_shader_objects	Not Supported
	GL_EXT_separate_specular_color	Supported
	GL_EXT_shader_atomic_counters	Not Supported
	GL_EXT_shader_framebuffer_fetch	Not Supported
	GL_EXT_shader_image_load_store	Not Supported
	GL_EXT_shader_integer_mix	Supported
	GL_EXT_shader_subroutine	Not Supported
	GL_EXT_shader_texture_lod	Not Supported
	GL_EXT_shadow_funcs	Supported
	GL_EXT_shadow_samplers	Not Supported
	GL_EXT_shared_texture_palette	Not Supported
	GL_EXT_sRGB	Not Supported
	GL_EXT_static_vertex_array	Not Supported
	GL_EXT_stencil_clear_tag	Not Supported
	GL_EXT_stencil_two_side	Supported
	GL_EXT_stencil_wrap	Supported
	GL_EXT_subtexture	Not Supported
	GL_EXT_swap_control	Not Supported
	GL_EXT_tessellation_shader	Not Supported
	GL_EXT_texgen_reflection	Not Supported
	GL_EXT_texture	Not Supported
	GL_EXT_texture_array	Supported
	GL_EXT_texture_border_clamp	Not Supported
	GL_EXT_texture_buffer	Supported
	GL_EXT_texture_buffer_object	Not Supported
	GL_EXT_texture_buffer_object_rgb32	Not Supported
	GL_EXT_texture_color_table	Not Supported
	GL_EXT_texture_compression_bptc	Not Supported
	GL_EXT_texture_compression_dxt1	Not Supported
	GL_EXT_texture_compression_latc	Not Supported
	GL_EXT_texture_compression_rgtc	Not Supported
	GL_EXT_texture_compression_s3tc	Supported
	GL_EXT_texture_cube_map	Not Supported
	GL_EXT_texture_edge_clamp	Supported
	GL_EXT_texture_env	Not Supported
	GL_EXT_texture_env_add	Supported
	GL_EXT_texture_env_combine	Supported
	GL_EXT_texture_env_dot3	Not Supported
	GL_EXT_texture_filter_anisotropic	Supported
	GL_EXT_texture_format_BGRA8888	Not Supported
	GL_EXT_texture_integer	Supported
	GL_EXT_texture_lod	Not Supported
	GL_EXT_texture_lod_bias	Supported
	GL_EXT_texture_mirror_clamp	Not Supported
	GL_EXT_texture_object	Not Supported
	GL_EXT_texture_perturb_normal	Not Supported
	GL_EXT_texture_rectangle	Supported
	GL_EXT_texture_rg	Not Supported
	GL_EXT_texture_shared_exponent	Supported
	GL_EXT_texture_snorm	Supported
	GL_EXT_texture_sRGB	Supported
	GL_EXT_texture_sRGB_decode	Supported
	GL_EXT_texture_storage	Supported
	GL_EXT_texture_swizzle	Supported
	GL_EXT_texture_type_2_10_10_10_REV	Not Supported
	GL_EXT_texture3D	Supported
	GL_EXT_texture4D	Not Supported
	GL_EXT_timer_query	Not Supported
	GL_EXT_transform_feedback	Supported
	GL_EXT_transform_feedback2	Not Supported
	GL_EXT_transform_feedback3	Not Supported
	GL_EXT_unpack_subimage	Not Supported
	GL_EXT_vertex_array	Not Supported
	GL_EXT_vertex_array_bgra	Not Supported
	GL_EXT_vertex_array_set	Not Supported
	GL_EXT_vertex_array_setXXX	Not Supported
	GL_EXT_vertex_attrib_64bit	Not Supported
	GL_EXT_vertex_shader	Not Supported
	GL_EXT_vertex_weighting	Not Supported
	GL_EXTX_framebuffer_mixed_formats	Not Supported
	GL_EXTX_packed_depth_stencil	Not Supported
	GL_FGL_lock_texture	Not Supported
	GL_FJ_shader_binary_GCCSO	Not Supported
	GL_GL2_geometry_shader	Not Supported
	GL_GREMEDY_frame_terminator	Not Supported
	GL_GREMEDY_string_marker	Not Supported
	GL_HP_convolution_border_modes	Not Supported
	GL_HP_image_transform	Not Supported
	GL_HP_occlusion_test	Not Supported
	GL_HP_texture_lighting	Not Supported
	GL_I3D_argb	Not Supported
	GL_I3D_color_clamp	Not Supported
	GL_I3D_interlace_read	Not Supported
	GL_IBM_clip_check	Not Supported
	GL_IBM_cull_vertex	Not Supported
	GL_IBM_load_named_matrix	Not Supported
	GL_IBM_multi_draw_arrays	Not Supported
	GL_IBM_multimode_draw_arrays	Not Supported
	GL_IBM_occlusion_cull	Not Supported
	GL_IBM_pixel_filter_hint	Not Supported
	GL_IBM_rasterpos_clip	Not Supported
	GL_IBM_rescale_normal	Not Supported
	GL_IBM_static_data	Not Supported
	GL_IBM_texture_clamp_nodraw	Not Supported
	GL_IBM_texture_mirrored_repeat	Supported
	GL_IBM_vertex_array_lists	Not Supported
	GL_IBM_YCbCr	Not Supported
	GL_IMG_multisampled_render_to_texture	Not Supported
	GL_IMG_program_binary	Not Supported
	GL_IMG_read_format	Not Supported
	GL_IMG_shader_binary	Not Supported
	GL_IMG_texture_compression_pvrtc	Not Supported
	GL_IMG_texture_env_enhanced_fixed_function	Not Supported
	GL_IMG_texture_format_BGRA8888	Not Supported
	GL_IMG_user_clip_plane	Not Supported
	GL_IMG_vertex_program	Not Supported
	GL_INGR_blend_func_separate	Not Supported
	GL_INGR_color_clamp	Not Supported
	GL_INGR_interlace_read	Not Supported
	GL_INGR_multiple_palette	Not Supported
	GL_INTEL_map_texture	Supported
	GL_INTEL_parallel_arrays	Not Supported
	GL_INTEL_performance_queries	Supported
	GL_INTEL_performance_query	Supported
	GL_INTEL_texture_scissor	Not Supported
	GL_KHR_blend_equation_advanced	Supported
	GL_KHR_debug	Supported
	GL_KHR_texture_compression_astc_ldr	Not Supported
	GL_KTX_buffer_region	Not Supported
	GL_MESA_pack_invert	Not Supported
	GL_MESA_program_debug	Not Supported
	GL_MESA_resize_buffers	Not Supported
	GL_MESA_window_pos	Not Supported
	GL_MESA_ycbcr_texture	Not Supported
	GL_MESAX_texture_stack	Not Supported
	GL_MTX_fragment_shader	Not Supported
	GL_MTX_precision_dpi	Not Supported
	GL_NV_alpha_test	Not Supported
	GL_NV_bindless_texture	Not Supported
	GL_NV_blend_minmax	Not Supported
	GL_NV_blend_square	Supported
	GL_NV_centroid_sample	Not Supported
	GL_NV_complex_primitives	Not Supported
	GL_NV_compute_program5	Not Supported
	GL_NV_conditional_render	Supported
	GL_NV_copy_depth_to_color	Not Supported
	GL_NV_copy_image	Not Supported
	GL_NV_coverage_sample	Not Supported
	GL_NV_depth_buffer_float	Not Supported
	GL_NV_depth_clamp	Not Supported
	GL_NV_depth_nonlinear	Not Supported
	GL_NV_depth_range_unclamped	Not Supported
	GL_NV_draw_buffers	Not Supported
	GL_NV_draw_texture	Not Supported
	GL_NV_EGL_stream_consumer_external	Not Supported
	GL_NV_ES1_1_compatibility	Not Supported
	GL_NV_evaluators	Not Supported
	GL_NV_explicit_multisample	Not Supported
	GL_NV_fbo_color_attachments	Not Supported
	GL_NV_fence	Not Supported
	GL_NV_float_buffer	Not Supported
	GL_NV_fog_distance	Not Supported
	GL_NV_fragdepth	Not Supported
	GL_NV_fragment_program	Not Supported
	GL_NV_fragment_program_option	Not Supported
	GL_NV_fragment_program2	Not Supported
	GL_NV_fragment_program4	Not Supported
	GL_NV_framebuffer_multisample_coverage	Not Supported
	GL_NV_framebuffer_multisample_ex	Not Supported
	GL_NV_geometry_program4	Not Supported
	GL_NV_geometry_shader4	Not Supported
	GL_NV_gpu_program_fp64	Not Supported
	GL_NV_gpu_program4	Not Supported
	GL_NV_gpu_program4_1	Not Supported
	GL_NV_gpu_program5	Not Supported
	GL_NV_gpu_shader5	Not Supported
	GL_NV_half_float	Not Supported
	GL_NV_light_max_exponent	Not Supported
	GL_NV_multisample_coverage	Not Supported
	GL_NV_multisample_filter_hint	Not Supported
	GL_NV_occlusion_query	Not Supported
	GL_NV_packed_depth_stencil	Not Supported
	GL_NV_parameter_buffer_object	Not Supported
	GL_NV_parameter_buffer_object2	Not Supported
	GL_NV_path_rendering	Not Supported
	GL_NV_pixel_buffer_object	Not Supported
	GL_NV_pixel_data_range	Not Supported
	GL_NV_point_sprite	Not Supported
	GL_NV_present_video	Not Supported
	GL_NV_primitive_restart	Supported
	GL_NV_read_buffer	Not Supported
	GL_NV_read_depth_stencil	Not Supported
	GL_NV_register_combiners	Not Supported
	GL_NV_register_combiners2	Not Supported
	GL_NV_shader_atomic_counters	Not Supported
	GL_NV_shader_atomic_float	Not Supported
	GL_NV_shader_buffer_load	Not Supported
	GL_NV_shader_buffer_store	Not Supported
	GL_NV_shader_storage_buffer_object	Not Supported
	GL_NV_tessellation_program5	Not Supported
	GL_NV_texgen_emboss	Not Supported
	GL_NV_texgen_reflection	Supported
	GL_NV_texture_barrier	Not Supported
	GL_NV_texture_compression_latc	Not Supported
	GL_NV_texture_compression_s3tc_update	Not Supported
	GL_NV_texture_compression_vtc	Not Supported
	GL_NV_texture_env_combine4	Not Supported
	GL_NV_texture_expand_normal	Not Supported
	GL_NV_texture_lod_clamp	Not Supported
	GL_NV_texture_multisample	Not Supported
	GL_NV_texture_npot_2D_mipmap	Not Supported
	GL_NV_texture_rectangle	Not Supported
	GL_NV_texture_shader	Not Supported
	GL_NV_texture_shader2	Not Supported
	GL_NV_texture_shader3	Not Supported
	GL_NV_timer_query	Not Supported
	GL_NV_transform_feedback	Not Supported
	GL_NV_transform_feedback2	Not Supported
	GL_NV_vdpau_interop	Not Supported
	GL_NV_vertex_array_range	Not Supported
	GL_NV_vertex_array_range2	Not Supported
	GL_NV_vertex_attrib_64bit	Not Supported
	GL_NV_vertex_attrib_integer_64bit	Not Supported
	GL_NV_vertex_buffer_unified_memory	Not Supported
	GL_NV_vertex_program	Not Supported
	GL_NV_vertex_program1_1	Not Supported
	GL_NV_vertex_program2	Not Supported
	GL_NV_vertex_program2_option	Not Supported
	GL_NV_vertex_program3	Not Supported
	GL_NV_vertex_program4	Not Supported
	GL_NVX_conditional_render	Not Supported
	GL_NVX_flush_hold	Not Supported
	GL_NVX_gpu_memory_info	Not Supported
	GL_NVX_instanced_arrays	Not Supported
	GL_NVX_ycrcb	Not Supported
	GL_OES_blend_equation_separate	Not Supported
	GL_OES_blend_func_separate	Not Supported
	GL_OES_blend_subtract	Not Supported
	GL_OES_byte_coordinates	Not Supported
	GL_OES_compressed_EAC_R11_signed_texture	Not Supported
	GL_OES_compressed_EAC_R11_unsigned_texture	Not Supported
	GL_OES_compressed_EAC_RG11_signed_texture	Not Supported
	GL_OES_compressed_EAC_RG11_unsigned_texture	Not Supported
	GL_OES_compressed_ETC1_RGB8_texture	Not Supported
	GL_OES_compressed_ETC2_punchthroughA_RGBA8_texture	Not Supported
	GL_OES_compressed_ETC2_punchthroughA_sRGB8_alpha_texture	Not Supported
	GL_OES_compressed_ETC2_RGB8_texture	Not Supported
	GL_OES_compressed_ETC2_RGBA8_texture	Not Supported
	GL_OES_compressed_ETC2_sRGB8_alpha8_texture	Not Supported
	GL_OES_compressed_ETC2_sRGB8_texture	Not Supported
	GL_OES_compressed_paletted_texture	Not Supported
	GL_OES_conditional_query	Not Supported
	GL_OES_depth_texture	Not Supported
	GL_OES_depth24	Not Supported
	GL_OES_depth32	Not Supported
	GL_OES_draw_texture	Not Supported
	GL_OES_EGL_image	Not Supported
	GL_OES_EGL_image_external	Not Supported
	GL_OES_EGL_sync	Not Supported
	GL_OES_element_index_uint	Not Supported
	GL_OES_extended_matrix_palette	Not Supported
	GL_OES_fbo_render_mipmap	Not Supported
	GL_OES_fixed_point	Not Supported
	GL_OES_fragment_precision_high	Not Supported
	GL_OES_framebuffer_object	Not Supported
	GL_OES_get_program_binary	Not Supported
	GL_OES_mapbuffer	Not Supported
	GL_OES_matrix_get	Not Supported
	GL_OES_matrix_palette	Not Supported
	GL_OES_packed_depth_stencil	Not Supported
	GL_OES_point_size_array	Not Supported
	GL_OES_point_sprite	Not Supported
	GL_OES_query_matrix	Not Supported
	GL_OES_read_format	Not Supported
	GL_OES_required_internalformat	Not Supported
	GL_OES_rgb8_rgba8	Not Supported
	GL_OES_single_precision	Not Supported
	GL_OES_standard_derivatives	Not Supported
	GL_OES_stencil_wrap	Not Supported
	GL_OES_stencil1	Not Supported
	GL_OES_stencil4	Not Supported
	GL_OES_stencil8	Not Supported
	GL_OES_surfaceless_context	Not Supported
	GL_OES_texture_3D	Not Supported
	GL_OES_texture_cube_map	Not Supported
	GL_OES_texture_env_crossbar	Not Supported
	GL_OES_texture_float	Not Supported
	GL_OES_texture_float_linear	Not Supported
	GL_OES_texture_half_float	Not Supported
	GL_OES_texture_half_float_linear	Not Supported
	GL_OES_texture_mirrored_repeat	Not Supported
	GL_OES_texture_npot	Not Supported
	GL_OES_vertex_array_object	Not Supported
	GL_OES_vertex_half_float	Not Supported
	GL_OES_vertex_type_10_10_10_2	Not Supported
	GL_OML_interlace	Not Supported
	GL_OML_resample	Not Supported
	GL_OML_subsample	Not Supported
	GL_PGI_misc_hints	Not Supported
	GL_PGI_vertex_hints	Not Supported
	GL_QCOM_alpha_test	Not Supported
	GL_QCOM_binning_control	Not Supported
	GL_QCOM_driver_control	Not Supported
	GL_QCOM_extended_get	Not Supported
	GL_QCOM_extended_get2	Not Supported
	GL_QCOM_perfmon_global_mode	Not Supported
	GL_QCOM_tiled_rendering	Not Supported
	GL_QCOM_writeonly_rendering	Not Supported
	GL_REND_screen_coordinates	Not Supported
	GL_S3_performance_analyzer	Not Supported
	GL_S3_s3tc	Not Supported
	GL_SGI_color_matrix	Not Supported
	GL_SGI_color_table	Not Supported
	GL_SGI_compiled_vertex_array	Not Supported
	GL_SGI_cull_vertex	Not Supported
	GL_SGI_index_array_formats	Not Supported
	GL_SGI_index_func	Not Supported
	GL_SGI_index_material	Not Supported
	GL_SGI_index_texture	Not Supported
	GL_SGI_make_current_read	Not Supported
	GL_SGI_texture_add_env	Not Supported
	GL_SGI_texture_color_table	Not Supported
	GL_SGI_texture_edge_clamp	Not Supported
	GL_SGI_texture_lod	Not Supported
	GL_SGIS_color_range	Not Supported
	GL_SGIS_detail_texture	Not Supported
	GL_SGIS_fog_function	Not Supported
	GL_SGIS_generate_mipmap	Supported
	GL_SGIS_multisample	Not Supported
	GL_SGIS_multitexture	Not Supported
	GL_SGIS_pixel_texture	Not Supported
	GL_SGIS_point_line_texgen	Not Supported
	GL_SGIS_sharpen_texture	Not Supported
	GL_SGIS_texture_border_clamp	Not Supported
	GL_SGIS_texture_color_mask	Not Supported
	GL_SGIS_texture_edge_clamp	Supported
	GL_SGIS_texture_filter4	Not Supported
	GL_SGIS_texture_lod	Supported
	GL_SGIS_texture_select	Not Supported
	GL_SGIS_texture4D	Not Supported
	GL_SGIX_async	Not Supported
	GL_SGIX_async_histogram	Not Supported
	GL_SGIX_async_pixel	Not Supported
	GL_SGIX_blend_alpha_minmax	Not Supported
	GL_SGIX_clipmap	Not Supported
	GL_SGIX_convolution_accuracy	Not Supported
	GL_SGIX_depth_pass_instrument	Not Supported
	GL_SGIX_depth_texture	Not Supported
	GL_SGIX_flush_raster	Not Supported
	GL_SGIX_fog_offset	Not Supported
	GL_SGIX_fog_texture	Not Supported
	GL_SGIX_fragment_specular_lighting	Not Supported
	GL_SGIX_framezoom	Not Supported
	GL_SGIX_instruments	Not Supported
	GL_SGIX_interlace	Not Supported
	GL_SGIX_ir_instrument1	Not Supported
	GL_SGIX_list_priority	Not Supported
	GL_SGIX_pbuffer	Not Supported
	GL_SGIX_pixel_texture	Not Supported
	GL_SGIX_pixel_texture_bits	Not Supported
	GL_SGIX_reference_plane	Not Supported
	GL_SGIX_resample	Not Supported
	GL_SGIX_shadow	Not Supported
	GL_SGIX_shadow_ambient	Not Supported
	GL_SGIX_sprite	Not Supported
	GL_SGIX_subsample	Not Supported
	GL_SGIX_tag_sample_buffer	Not Supported
	GL_SGIX_texture_add_env	Not Supported
	GL_SGIX_texture_coordinate_clamp	Not Supported
	GL_SGIX_texture_lod_bias	Not Supported
	GL_SGIX_texture_multi_buffer	Not Supported
	GL_SGIX_texture_range	Not Supported
	GL_SGIX_texture_scale_bias	Not Supported
	GL_SGIX_vertex_preclip	Not Supported
	GL_SGIX_vertex_preclip_hint	Not Supported
	GL_SGIX_ycrcb	Not Supported
	GL_SGIX_ycrcb_subsample	Not Supported
	GL_SUN_convolution_border_modes	Not Supported
	GL_SUN_global_alpha	Not Supported
	GL_SUN_mesh_array	Not Supported
	GL_SUN_multi_draw_arrays	Supported
	GL_SUN_read_video_pixels	Not Supported
	GL_SUN_slice_accum	Not Supported
	GL_SUN_triangle_list	Not Supported
	GL_SUN_vertex	Not Supported
	GL_SUNX_constant_data	Not Supported
	GL_VIV_shader_binary	Not Supported
	GL_WGL_ARB_extensions_string	Not Supported
	GL_WGL_EXT_extensions_string	Not Supported
	GL_WGL_EXT_swap_control	Not Supported
	GL_WIN_phong_shading	Not Supported
	GL_WIN_specular_fog	Not Supported
	GL_WIN_swap_hint	Supported
	GLU_EXT_nurbs_tessellator	Not Supported
	GLU_EXT_object_space_tess	Not Supported
	GLU_SGI_filter4_parameters	Not Supported
	GLX_ARB_create_context	Not Supported
	GLX_ARB_fbconfig_float	Not Supported
	GLX_ARB_framebuffer_sRGB	Not Supported
	GLX_ARB_get_proc_address	Not Supported
	GLX_ARB_multisample	Not Supported
	GLX_EXT_fbconfig_packed_float	Not Supported
	GLX_EXT_framebuffer_sRGB	Not Supported
	GLX_EXT_import_context	Not Supported
	GLX_EXT_scene_marker	Not Supported
	GLX_EXT_texture_from_pixmap	Not Supported
	GLX_EXT_visual_info	Not Supported
	GLX_EXT_visual_rating	Not Supported
	GLX_MESA_agp_offset	Not Supported
	GLX_MESA_copy_sub_buffer	Not Supported
	GLX_MESA_pixmap_colormap	Not Supported
	GLX_MESA_release_buffers	Not Supported
	GLX_MESA_set_3dfx_mode	Not Supported
	GLX_NV_present_video	Not Supported
	GLX_NV_swap_group	Not Supported
	GLX_NV_video_output	Not Supported
	GLX_OML_interlace	Not Supported
	GLX_OML_swap_method	Not Supported
	GLX_OML_sync_control	Not Supported
	GLX_SGI_cushion	Not Supported
	GLX_SGI_make_current_read	Not Supported
	GLX_SGI_swap_control	Not Supported
	GLX_SGI_video_sync	Not Supported
	GLX_SGIS_blended_overlay	Not Supported
	GLX_SGIS_color_range	Not Supported
	GLX_SGIS_multisample	Not Supported
	GLX_SGIX_dm_buffer	Not Supported
	GLX_SGIX_fbconfig	Not Supported
	GLX_SGIX_hyperpipe	Not Supported
	GLX_SGIX_pbuffer	Not Supported
	GLX_SGIX_swap_barrier	Not Supported
	GLX_SGIX_swap_group	Not Supported
	GLX_SGIX_video_resize	Not Supported
	GLX_SGIX_video_source	Not Supported
	GLX_SGIX_visual_select_group	Not Supported
	GLX_SUN_get_transparent_index	Not Supported
	GLX_SUN_video_resize	Not Supported
	WGL_3DFX_gamma_control	Not Supported
	WGL_3DFX_multisample	Not Supported
	WGL_3DL_stereo_control	Not Supported
	WGL_AMD_gpu_association	Not Supported
	WGL_AMDX_gpu_association	Not Supported
	WGL_ARB_buffer_region	Supported
	WGL_ARB_create_context	Supported
	WGL_ARB_create_context_profile	Supported
	WGL_ARB_create_context_robustness	Supported
	WGL_ARB_extensions_string	Supported
	WGL_ARB_framebuffer_sRGB	Supported
	WGL_ARB_make_current_read	Supported
	WGL_ARB_multisample	Supported
	WGL_ARB_pbuffer	Supported
	WGL_ARB_pixel_format	Supported
	WGL_ARB_pixel_format_float	Supported
	WGL_ARB_render_texture	Not Supported
	WGL_ATI_pbuffer_memory_hint	Not Supported
	WGL_ATI_pixel_format_float	Not Supported
	WGL_ATI_render_texture_rectangle	Not Supported
	WGL_EXT_buffer_region	Not Supported
	WGL_EXT_create_context_es_profile	Supported
	WGL_EXT_create_context_es2_profile	Supported
	WGL_EXT_depth_float	Supported
	WGL_EXT_display_color_table	Not Supported
	WGL_EXT_extensions_string	Supported
	WGL_EXT_framebuffer_sRGB	Not Supported
	WGL_EXT_framebuffer_sRGBWGL_ARB_create_context	Not Supported
	WGL_EXT_gamma_control	Not Supported
	WGL_EXT_make_current_read	Not Supported
	WGL_EXT_multisample	Not Supported
	WGL_EXT_pbuffer	Not Supported
	WGL_EXT_pixel_format	Not Supported
	WGL_EXT_pixel_format_packed_float	Supported
	WGL_EXT_render_texture	Not Supported
	WGL_EXT_swap_control	Supported
	WGL_EXT_swap_control_tear	Supported
	WGL_EXT_swap_interval	Not Supported
	WGL_I3D_digital_video_control	Not Supported
	WGL_I3D_gamma	Not Supported
	WGL_I3D_genlock	Not Supported
	WGL_I3D_image_buffer	Not Supported
	WGL_I3D_swap_frame_lock	Not Supported
	WGL_I3D_swap_frame_usage	Not Supported
	WGL_MTX_video_preview	Not Supported
	WGL_NV_copy_image	Not Supported
	WGL_NV_DX_interop	Supported
	WGL_NV_DX_interop2	Not Supported
	WGL_NV_float_buffer	Not Supported
	WGL_NV_gpu_affinity	Not Supported
	WGL_NV_multisample_coverage	Not Supported
	WGL_NV_present_video	Not Supported
	WGL_NV_render_depth_texture	Not Supported
	WGL_NV_render_texture_rectangle	Not Supported
	WGL_NV_swap_group	Not Supported
	WGL_NV_vertex_array_range	Not Supported
	WGL_NV_video_output	Not Supported
	WGL_NVX_DX_interop	Not Supported
	WGL_OML_sync_control	Not Supported
	WGL_S3_cl_sharingWGL_ARB_create_context_profile	Not Supported

Supported Compressed Texture Formats:
	RGB DXT1	Supported
	RGBA DXT1	Supported
	RGBA DXT3	Supported
	RGBA DXT5	Supported
	RGB FXT1	Supported
	RGBA FXT1	Supported
	3Dc	Not Supported

Video Adapter Manufacturer:
	Company Name	Intel Corporation
	Product Information	http://www.intel.com/products/chipsets
	Driver Download	http://support.intel.com/support/graphics
	Driver Update	http://www.aida64.com/driver-updates

GPGPU


[ Direct3D: Intel(R) HD Graphics 4000 ]

	Device Properties:
		Device Name	Intel(R) HD Graphics 4000
		Driver Name	igdumdim32.dll
		Driver Version	10.18.10.4252
		Shader Model	SM 5.0
		Max Threads	1024
		Multiple UAV Access	8 UAVs
		Thread Dispatch	3D
		Thread Local Storage	32 KB

	Device Features:
		Append/Consume Buffers	Supported
		Atomic Operations	Supported
		Double-Precision Floating-Point	Supported
		Gather4	Supported
		Indirect Compute Dispatch	Supported

	Device Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

[ OpenCL: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz ]

	OpenCL Properties:
		Platform Name	Intel(R) OpenCL
		Platform Vendor	Intel(R) Corporation
		Platform Version	OpenCL 1.2
		Platform Profile	Full

	Device Properties:
		Device Name	Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
		Device Type	CPU
		Device Vendor	Intel(R) Corporation
		Device Version	OpenCL 1.2 (Build 76427)
		Device Profile	Full
		OpenCL C Version	OpenCL C 1.2
		Clock Rate	2399 MHz
		Multiprocessors	4
		Max 2D Image Size	16384 x 16384
		Max 3D Image Size	2048 x 2048 x 2048
		Max Image Array Size	2048
		Max Image Buffer Size	33552384
		Max Samplers	480
		Max Work-Item Size	1024 x 1024 x 1024
		Max Work-Group Size	1024
		Max Argument Size	3840 bytes
		Max Constant Buffer Size	128 KB
		Max Constant Arguments	480
		Max Printf Buffer Size	1 MB
		Profiling Timer Resolution	427 ns
		OpenCL DLL	opencl.dll (1.2.11.0)

	Memory Properties:
		Global Memory	2047 MB
		Global Memory Cache	256 KB (Read/Write, 64-byte line)
		Local Memory	32 KB
		Memory Base Address Alignment	1024-bit
		Min Data Type Alignment	128 bytes

	Device Features:
		Command-Queue Out Of Order Execution	Enabled
		Command-Queue Profiling	Enabled
		Compiler Available	Yes
		Error Correction	Not Supported
		Images	Supported
		Kernel Execution	Supported
		Linker Available	Yes
		Native Kernel Execution	Supported
		Unified Memory	Yes

	Double-Precision Floating-Point Features:
		Correctly Rounded Divide and Sqrt	Not Supported
		Denorms	Supported
		IEEE754-2008 FMA	Supported
		INF and NaNs	Supported
		Rounding to Infinity	Supported
		Rounding to Nearest Even	Supported
		Rounding to Zero	Supported
		Software Basic Floating-Point Operations	No

	Device Extensions:
		Total / Supported Extensions	50 / 14
		cl_amd_d3d10_interop	Not Supported
		cl_amd_d3d9_interop	Not Supported
		cl_amd_device_attribute_query	Not Supported
		cl_amd_device_memory_flags	Not Supported
		cl_amd_fp64	Not Supported
		cl_amd_media_ops	Not Supported
		cl_amd_offline_devices	Not Supported
		cl_amd_popcnt	Not Supported
		cl_amd_printf	Not Supported
		cl_amd_vec3	Not Supported
		cl_apple_contextloggingfunctions	Not Supported
		cl_apple_gl_sharing	Not Supported
		cl_apple_setmemobjectdestructor	Not Supported
		cl_ext_atomic_counters_32	Not Supported
		cl_ext_atomic_counters_64	Not Supported
		cl_ext_device_fission	Supported
		cl_ext_migrate_memobject	Not Supported
		cl_intel_dx9_media_sharing	Supported
		cl_intel_exec_by_local_thread	Supported
		cl_intel_printf	Supported
		cl_khr_3d_image_writes	Not Supported
		cl_khr_byte_addressable_store	Supported
		cl_khr_d3d10_sharing	Not Supported
		cl_khr_d3d11_sharing	Supported
		cl_khr_depth_images	Not Supported
		cl_khr_dx9_media_sharing	Supported
		cl_khr_fp16	Not Supported
		cl_khr_fp64	Supported
		cl_khr_gl_depth_images	Not Supported
		cl_khr_gl_event	Not Supported
		cl_khr_gl_msaa_sharing	Not Supported
		cl_khr_gl_sharing	Supported
		cl_khr_global_int32_base_atomics	Supported
		cl_khr_global_int32_extended_atomics	Supported
		cl_khr_icd	Supported
		cl_khr_image2d_from_buffer	Not Supported
		cl_khr_initialize_memory	Not Supported
		cl_khr_int64_base_atomics	Not Supported
		cl_khr_int64_extended_atomics	Not Supported
		cl_khr_local_int32_base_atomics	Supported
		cl_khr_local_int32_extended_atomics	Supported
		cl_khr_select_fprounding_mode	Not Supported
		cl_khr_spir	Not Supported
		cl_khr_terminate_context	Not Supported
		cl_nv_compiler_options	Not Supported
		cl_nv_d3d10_sharing	Not Supported
		cl_nv_d3d11_sharing	Not Supported
		cl_nv_d3d9_sharing	Not Supported
		cl_nv_device_attribute_query	Not Supported
		cl_nv_pragma_unroll	Not Supported

	Device Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

[ OpenCL: Intel(R) HD Graphics 4000 ]

	OpenCL Properties:
		Platform Name	Intel(R) OpenCL
		Platform Vendor	Intel(R) Corporation
		Platform Version	OpenCL 1.2
		Platform Profile	Full

	Device Properties:
		Device Name	Intel(R) HD Graphics 4000
		Device Type	GPU
		Device Vendor	Intel(R) Corporation
		Device Version	OpenCL 1.2
		Device Profile	Full
		OpenCL C Version	OpenCL C 1.2
		Supported Built-In Kernels	block_motion_estimate_intel
		Clock Rate	1000 MHz
		Multiprocessors	16
		Max 2D Image Size	16384 x 16384
		Max 3D Image Size	2048 x 2048 x 2048
		Max Image Array Size	2048
		Max Image Buffer Size	22937600
		Max Samplers	16
		Max Work-Item Size	512 x 512 x 512
		Max Work-Group Size	512
		Max Argument Size	1 KB
		Max Constant Buffer Size	64 KB
		Max Constant Arguments	8
		Max Printf Buffer Size	4 MB
		Profiling Timer Resolution	80 ns
		OpenCL DLL	opencl.dll (1.2.11.0)

	Memory Properties:
		Global Memory	1400 MB
		Global Memory Cache	2048 KB (Read/Write, 64-byte line)
		Local Memory	64 KB
		Memory Base Address Alignment	1024-bit
		Min Data Type Alignment	128 bytes

	Device Features:
		Command-Queue Out Of Order Execution	Disabled
		Command-Queue Profiling	Enabled
		Compiler Available	Yes
		Error Correction	Not Supported
		Images	Supported
		Kernel Execution	Supported
		Linker Available	Yes
		Native Kernel Execution	Not Supported
		Unified Memory	Yes

	Double-Precision Floating-Point Features:
		Correctly Rounded Divide and Sqrt	Not Supported
		Denorms	Not Supported
		IEEE754-2008 FMA	Not Supported
		INF and NaNs	Not Supported
		Rounding to Infinity	Not Supported
		Rounding to Nearest Even	Not Supported
		Rounding to Zero	Not Supported
		Software Basic Floating-Point Operations	No

	Device Extensions:
		Total / Supported Extensions	53 / 20
		cl_amd_d3d10_interop	Not Supported
		cl_amd_d3d9_interop	Not Supported
		cl_amd_device_attribute_query	Not Supported
		cl_amd_device_memory_flags	Not Supported
		cl_amd_fp64	Not Supported
		cl_amd_media_ops	Not Supported
		cl_amd_offline_devices	Not Supported
		cl_amd_popcnt	Not Supported
		cl_amd_printf	Not Supported
		cl_amd_vec3	Not Supported
		cl_apple_contextloggingfunctions	Not Supported
		cl_apple_gl_sharing	Not Supported
		cl_apple_setmemobjectdestructor	Not Supported
		cl_ext_atomic_counters_32	Not Supported
		cl_ext_atomic_counters_64	Not Supported
		cl_ext_device_fission	Not Supported
		cl_ext_migrate_memobject	Not Supported
		cl_intel_accelerator	Supported
		cl_intel_d3d11_nv12_media_sharing	Supported
		cl_intel_dx9_media_sharing	Supported
		cl_intel_exec_by_local_thread	Not Supported
		cl_intel_motion_estimation	Supported
		cl_intel_printf	Not Supported
		cl_khr_3d_image_writes	Supported
		cl_khr_byte_addressable_store	Supported
		cl_khr_d3d10_sharing	Supported
		cl_khr_d3d11_sharing	Supported
		cl_khr_depth_images	Supported
		cl_khr_dx9_media_sharing	Supported
		cl_khr_fp16	Not Supported
		cl_khr_fp64	Not Supported
		cl_khr_gl_depth_images	Supported
		cl_khr_gl_event	Supported
		cl_khr_gl_msaa_sharing	Supported
		cl_khr_gl_sharing	Supported
		cl_khr_global_int32_base_atomics	Supported
		cl_khr_global_int32_extended_atomics	Supported
		cl_khr_icd	Supported
		cl_khr_image2d_from_buffer	Supported
		cl_khr_initialize_memory	Not Supported
		cl_khr_int64_base_atomics	Not Supported
		cl_khr_int64_extended_atomics	Not Supported
		cl_khr_local_int32_base_atomics	Supported
		cl_khr_local_int32_extended_atomics	Supported
		cl_khr_select_fprounding_mode	Not Supported
		cl_khr_spir	Not Supported
		cl_khr_terminate_context	Not Supported
		cl_nv_compiler_options	Not Supported
		cl_nv_d3d10_sharing	Not Supported
		cl_nv_d3d11_sharing	Not Supported
		cl_nv_d3d9_sharing	Not Supported
		cl_nv_device_attribute_query	Not Supported
		cl_nv_pragma_unroll	Not Supported

	Device Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

Fonts


Font Family	Type	Style	Character Set	Char. Size	Char. Weight
@Malgun Gothic Semilight	Swiss	Regular	Baltic	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	CHINESE_BIG5	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	CHINESE_GB2312	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Cyrillic	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Greek	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Hangul(Johab)	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Hangul	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Hebrew	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Japanese	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Turkish	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Vietnamese	31 x 43	30 %
@Malgun Gothic Semilight	Swiss	Regular	Western	31 x 43	30 %
@Malgun Gothic	Swiss	Regular	Hangul	15 x 43	40 %
@Malgun Gothic	Swiss	Regular	Western	15 x 43	40 %
@Microsoft JhengHei Light	Swiss	Regular	CHINESE_BIG5	32 x 43	29 %
@Microsoft JhengHei Light	Swiss	Regular	Greek	32 x 43	29 %
@Microsoft JhengHei Light	Swiss	Regular	Western	32 x 43	29 %
@Microsoft JhengHei UI Light	Swiss	Regular	CHINESE_BIG5	32 x 41	29 %
@Microsoft JhengHei UI Light	Swiss	Regular	Greek	32 x 41	29 %
@Microsoft JhengHei UI Light	Swiss	Regular	Western	32 x 41	29 %
@Microsoft JhengHei UI	Swiss	Regular	CHINESE_BIG5	15 x 41	40 %
@Microsoft JhengHei UI	Swiss	Regular	Greek	15 x 41	40 %
@Microsoft JhengHei UI	Swiss	Regular	Western	15 x 41	40 %
@Microsoft JhengHei	Swiss	Regular	CHINESE_BIG5	15 x 43	40 %
@Microsoft JhengHei	Swiss	Regular	Greek	15 x 43	40 %
@Microsoft JhengHei	Swiss	Regular	Western	15 x 43	40 %
@Microsoft YaHei Light	Swiss	Regular	Central European	15 x 41	29 %
@Microsoft YaHei Light	Swiss	Regular	CHINESE_GB2312	15 x 41	29 %
@Microsoft YaHei Light	Swiss	Regular	Cyrillic	15 x 41	29 %
@Microsoft YaHei Light	Swiss	Regular	Greek	15 x 41	29 %
@Microsoft YaHei Light	Swiss	Regular	Western	15 x 41	29 %
@Microsoft YaHei UI Light	Swiss	Regular	Central European	15 x 42	29 %
@Microsoft YaHei UI Light	Swiss	Regular	CHINESE_GB2312	15 x 42	29 %
@Microsoft YaHei UI Light	Swiss	Regular	Cyrillic	15 x 42	29 %
@Microsoft YaHei UI Light	Swiss	Regular	Greek	15 x 42	29 %
@Microsoft YaHei UI Light	Swiss	Regular	Western	15 x 42	29 %
@Microsoft YaHei UI	Swiss	Regular	Central European	15 x 41	40 %
@Microsoft YaHei UI	Swiss	Regular	CHINESE_GB2312	15 x 41	40 %
@Microsoft YaHei UI	Swiss	Regular	Cyrillic	15 x 41	40 %
@Microsoft YaHei UI	Swiss	Regular	Greek	15 x 41	40 %
@Microsoft YaHei UI	Swiss	Regular	Turkish	15 x 41	40 %
@Microsoft YaHei UI	Swiss	Regular	Western	15 x 41	40 %
@Microsoft YaHei	Swiss	Regular	Central European	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	CHINESE_GB2312	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	Cyrillic	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	Greek	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	Turkish	15 x 42	40 %
@Microsoft YaHei	Swiss	Regular	Western	15 x 42	40 %
@MingLiU_HKSCS-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
@MingLiU_HKSCS-ExtB	Roman	Regular	Western	16 x 32	40 %
@MingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
@MingLiU-ExtB	Roman	Regular	Western	16 x 32	40 %
@MS Mincho	Modern	Regular	Baltic	16 x 32	40 %
@MS Mincho	Modern	Regular	Central European	16 x 32	40 %
@MS Mincho	Modern	Regular	Cyrillic	16 x 32	40 %
@MS Mincho	Modern	Regular	Greek	16 x 32	40 %
@MS Mincho	Modern	Regular	Japanese	16 x 32	40 %
@MS Mincho	Modern	Regular	Turkish	16 x 32	40 %
@MS Mincho	Modern	Regular	Western	16 x 32	40 %
@NSimSun	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
@NSimSun	Modern	Regular	Western	16 x 32	40 %
@PMingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
@PMingLiU-ExtB	Roman	Regular	Western	16 x 32	40 %
@SimSun	Special	Regular	CHINESE_GB2312	16 x 32	40 %
@SimSun	Special	Regular	Western	16 x 32	40 %
@SimSun-ExtB	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
@SimSun-ExtB	Modern	Regular	Western	16 x 32	40 %
@Yu Gothic Light	Swiss	Regular	Baltic	31 x 41	30 %
@Yu Gothic Light	Swiss	Regular	Central European	31 x 41	30 %
@Yu Gothic Light	Swiss	Regular	Cyrillic	31 x 41	30 %
@Yu Gothic Light	Swiss	Regular	Greek	31 x 41	30 %
@Yu Gothic Light	Swiss	Regular	Japanese	31 x 41	30 %
@Yu Gothic Light	Swiss	Regular	Turkish	31 x 41	30 %
@Yu Gothic Light	Swiss	Regular	Western	31 x 41	30 %
@Yu Gothic Medium	Swiss	Regular	Baltic	31 x 41	50 %
@Yu Gothic Medium	Swiss	Regular	Central European	31 x 41	50 %
@Yu Gothic Medium	Swiss	Regular	Cyrillic	31 x 41	50 %
@Yu Gothic Medium	Swiss	Regular	Greek	31 x 41	50 %
@Yu Gothic Medium	Swiss	Regular	Japanese	31 x 41	50 %
@Yu Gothic Medium	Swiss	Regular	Turkish	31 x 41	50 %
@Yu Gothic Medium	Swiss	Regular	Western	31 x 41	50 %
@Yu Gothic UI Light	Swiss	Regular	Baltic	17 x 43	30 %
@Yu Gothic UI Light	Swiss	Regular	Central European	17 x 43	30 %
@Yu Gothic UI Light	Swiss	Regular	Cyrillic	17 x 43	30 %
@Yu Gothic UI Light	Swiss	Regular	Greek	17 x 43	30 %
@Yu Gothic UI Light	Swiss	Regular	Japanese	17 x 43	30 %
@Yu Gothic UI Light	Swiss	Regular	Turkish	17 x 43	30 %
@Yu Gothic UI Light	Swiss	Regular	Western	17 x 43	30 %
@Yu Gothic UI Semibold	Swiss	Regular	Baltic	19 x 43	60 %
@Yu Gothic UI Semibold	Swiss	Regular	Central European	19 x 43	60 %
@Yu Gothic UI Semibold	Swiss	Regular	Cyrillic	19 x 43	60 %
@Yu Gothic UI Semibold	Swiss	Regular	Greek	19 x 43	60 %
@Yu Gothic UI Semibold	Swiss	Regular	Japanese	19 x 43	60 %
@Yu Gothic UI Semibold	Swiss	Regular	Turkish	19 x 43	60 %
@Yu Gothic UI Semibold	Swiss	Regular	Western	19 x 43	60 %
@Yu Gothic UI Semilight	Swiss	Regular	Baltic	17 x 43	35 %
@Yu Gothic UI Semilight	Swiss	Regular	Central European	17 x 43	35 %
@Yu Gothic UI Semilight	Swiss	Regular	Cyrillic	17 x 43	35 %
@Yu Gothic UI Semilight	Swiss	Regular	Greek	17 x 43	35 %
@Yu Gothic UI Semilight	Swiss	Regular	Japanese	17 x 43	35 %
@Yu Gothic UI Semilight	Swiss	Regular	Turkish	17 x 43	35 %
@Yu Gothic UI Semilight	Swiss	Regular	Western	17 x 43	35 %
@Yu Gothic UI	Swiss	Regular	Baltic	17 x 43	40 %
@Yu Gothic UI	Swiss	Regular	Central European	17 x 43	40 %
@Yu Gothic UI	Swiss	Regular	Cyrillic	17 x 43	40 %
@Yu Gothic UI	Swiss	Regular	Greek	17 x 43	40 %
@Yu Gothic UI	Swiss	Regular	Japanese	17 x 43	40 %
@Yu Gothic UI	Swiss	Regular	Turkish	17 x 43	40 %
@Yu Gothic UI	Swiss	Regular	Western	17 x 43	40 %
@Yu Gothic	Swiss	Regular	Baltic	31 x 41	40 %
@Yu Gothic	Swiss	Regular	Central European	31 x 41	40 %
@Yu Gothic	Swiss	Regular	Cyrillic	31 x 41	40 %
@Yu Gothic	Swiss	Regular	Greek	31 x 41	40 %
@Yu Gothic	Swiss	Regular	Japanese	31 x 41	40 %
@Yu Gothic	Swiss	Regular	Turkish	31 x 41	40 %
@Yu Gothic	Swiss	Regular	Western	31 x 41	40 %
@Yu Mincho Demibold	Roman	Bold	Baltic	31 x 41	60 %
@Yu Mincho Demibold	Roman	Bold	Central European	31 x 41	60 %
@Yu Mincho Demibold	Roman	Bold	Cyrillic	31 x 41	60 %
@Yu Mincho Demibold	Roman	Bold	Greek	31 x 41	60 %
@Yu Mincho Demibold	Roman	Bold	Japanese	31 x 41	60 %
@Yu Mincho Demibold	Roman	Bold	Turkish	31 x 41	60 %
@Yu Mincho Demibold	Roman	Bold	Western	31 x 41	60 %
@Yu Mincho Light	Roman	Regular	Baltic	31 x 41	30 %
@Yu Mincho Light	Roman	Regular	Central European	31 x 41	30 %
@Yu Mincho Light	Roman	Regular	Cyrillic	31 x 41	30 %
@Yu Mincho Light	Roman	Regular	Greek	31 x 41	30 %
@Yu Mincho Light	Roman	Regular	Japanese	31 x 41	30 %
@Yu Mincho Light	Roman	Regular	Turkish	31 x 41	30 %
@Yu Mincho Light	Roman	Regular	Western	31 x 41	30 %
@Yu Mincho	Roman	Regular	Baltic	31 x 41	40 %
@Yu Mincho	Roman	Regular	Central European	31 x 41	40 %
@Yu Mincho	Roman	Regular	Cyrillic	31 x 41	40 %
@Yu Mincho	Roman	Regular	Greek	31 x 41	40 %
@Yu Mincho	Roman	Regular	Japanese	31 x 41	40 %
@Yu Mincho	Roman	Regular	Turkish	31 x 41	40 %
@Yu Mincho	Roman	Regular	Western	31 x 41	40 %
Arial Black	Swiss	Regular	Baltic	18 x 45	90 %
Arial Black	Swiss	Regular	Central European	18 x 45	90 %
Arial Black	Swiss	Regular	Cyrillic	18 x 45	90 %
Arial Black	Swiss	Regular	Greek	18 x 45	90 %
Arial Black	Swiss	Regular	Turkish	18 x 45	90 %
Arial Black	Swiss	Regular	Western	18 x 45	90 %
Arial Narrow	Swiss	Regular	Baltic	12 x 36	40 %
Arial Narrow	Swiss	Regular	Central European	12 x 36	40 %
Arial Narrow	Swiss	Regular	Cyrillic	12 x 36	40 %
Arial Narrow	Swiss	Regular	Greek	12 x 36	40 %
Arial Narrow	Swiss	Regular	Turkish	12 x 36	40 %
Arial Narrow	Swiss	Regular	Western	12 x 36	40 %
Arial	Swiss	Regular	Arabic	14 x 36	40 %
Arial	Swiss	Regular	Baltic	14 x 36	40 %
Arial	Swiss	Regular	Central European	14 x 36	40 %
Arial	Swiss	Regular	Cyrillic	14 x 36	40 %
Arial	Swiss	Regular	Greek	14 x 36	40 %
Arial	Swiss	Regular	Hebrew	14 x 36	40 %
Arial	Swiss	Regular	Turkish	14 x 36	40 %
Arial	Swiss	Regular	Vietnamese	14 x 36	40 %
Arial	Swiss	Regular	Western	14 x 36	40 %
Book Antiqua	Roman	Regular	Baltic	14 x 40	40 %
Book Antiqua	Roman	Regular	Central European	14 x 40	40 %
Book Antiqua	Roman	Regular	Cyrillic	14 x 40	40 %
Book Antiqua	Roman	Regular	Greek	14 x 40	40 %
Book Antiqua	Roman	Regular	Turkish	14 x 40	40 %
Book Antiqua	Roman	Regular	Western	14 x 40	40 %
Bookman Old Style	Roman	Regular	Baltic	16 x 36	30 %
Bookman Old Style	Roman	Regular	Central European	16 x 36	30 %
Bookman Old Style	Roman	Regular	Cyrillic	16 x 36	30 %
Bookman Old Style	Roman	Regular	Greek	16 x 36	30 %
Bookman Old Style	Roman	Regular	Turkish	16 x 36	30 %
Bookman Old Style	Roman	Regular	Western	16 x 36	30 %
Caladea	Roman	Regular	Baltic	17 x 38	40 %
Caladea	Roman	Regular	Central European	17 x 38	40 %
Caladea	Roman	Regular	Turkish	17 x 38	40 %
Caladea	Roman	Regular	Western	17 x 38	40 %
Calibri Light	Swiss	Regular	Baltic	17 x 39	30 %
Calibri Light	Swiss	Regular	Central European	17 x 39	30 %
Calibri Light	Swiss	Regular	Cyrillic	17 x 39	30 %
Calibri Light	Swiss	Regular	Greek	17 x 39	30 %
Calibri Light	Swiss	Regular	Turkish	17 x 39	30 %
Calibri Light	Swiss	Regular	Vietnamese	17 x 39	30 %
Calibri Light	Swiss	Regular	Western	17 x 39	30 %
Calibri	Swiss	Regular	Baltic	17 x 39	40 %
Calibri	Swiss	Regular	Central European	17 x 39	40 %
Calibri	Swiss	Regular	Cyrillic	17 x 39	40 %
Calibri	Swiss	Regular	Greek	17 x 39	40 %
Calibri	Swiss	Regular	Turkish	17 x 39	40 %
Calibri	Swiss	Regular	Vietnamese	17 x 39	40 %
Calibri	Swiss	Regular	Western	17 x 39	40 %
Cambria Math	Roman	Regular	Baltic	20 x 179	40 %
Cambria Math	Roman	Regular	Central European	20 x 179	40 %
Cambria Math	Roman	Regular	Cyrillic	20 x 179	40 %
Cambria Math	Roman	Regular	Greek	20 x 179	40 %
Cambria Math	Roman	Regular	Turkish	20 x 179	40 %
Cambria Math	Roman	Regular	Vietnamese	20 x 179	40 %
Cambria Math	Roman	Regular	Western	20 x 179	40 %
Cambria	Roman	Regular	Baltic	20 x 38	40 %
Cambria	Roman	Regular	Central European	20 x 38	40 %
Cambria	Roman	Regular	Cyrillic	20 x 38	40 %
Cambria	Roman	Regular	Greek	20 x 38	40 %
Cambria	Roman	Regular	Turkish	20 x 38	40 %
Cambria	Roman	Regular	Vietnamese	20 x 38	40 %
Cambria	Roman	Regular	Western	20 x 38	40 %
Candara	Swiss	Regular	Baltic	17 x 39	40 %
Candara	Swiss	Regular	Central European	17 x 39	40 %
Candara	Swiss	Regular	Cyrillic	17 x 39	40 %
Candara	Swiss	Regular	Greek	17 x 39	40 %
Candara	Swiss	Regular	Turkish	17 x 39	40 %
Candara	Swiss	Regular	Vietnamese	17 x 39	40 %
Candara	Swiss	Regular	Western	17 x 39	40 %
Carlito	Swiss	Regular	Baltic	16 x 39	40 %
Carlito	Swiss	Regular	Central European	16 x 39	40 %
Carlito	Swiss	Regular	Cyrillic	16 x 39	40 %
Carlito	Swiss	Regular	Greek	16 x 39	40 %
Carlito	Swiss	Regular	Turkish	16 x 39	40 %
Carlito	Swiss	Regular	Vietnamese	16 x 39	40 %
Carlito	Swiss	Regular	Western	16 x 39	40 %
Century	Roman	Regular	Baltic	15 x 38	40 %
Century	Roman	Regular	Central European	15 x 38	40 %
Century	Roman	Regular	Cyrillic	15 x 38	40 %
Century	Roman	Regular	Greek	15 x 38	40 %
Century	Roman	Regular	Turkish	15 x 38	40 %
Century	Roman	Regular	Western	15 x 38	40 %
Comic Sans MS	Script	Regular	Baltic	15 x 45	40 %
Comic Sans MS	Script	Regular	Central European	15 x 45	40 %
Comic Sans MS	Script	Regular	Cyrillic	15 x 45	40 %
Comic Sans MS	Script	Regular	Greek	15 x 45	40 %
Comic Sans MS	Script	Regular	Turkish	15 x 45	40 %
Comic Sans MS	Script	Regular	Western	15 x 45	40 %
Consolas	Modern	Regular	Baltic	18 x 37	40 %
Consolas	Modern	Regular	Central European	18 x 37	40 %
Consolas	Modern	Regular	Cyrillic	18 x 37	40 %
Consolas	Modern	Regular	Greek	18 x 37	40 %
Consolas	Modern	Regular	Turkish	18 x 37	40 %
Consolas	Modern	Regular	Vietnamese	18 x 37	40 %
Consolas	Modern	Regular	Western	18 x 37	40 %
Constantia	Roman	Regular	Baltic	17 x 39	40 %
Constantia	Roman	Regular	Central European	17 x 39	40 %
Constantia	Roman	Regular	Cyrillic	17 x 39	40 %
Constantia	Roman	Regular	Greek	17 x 39	40 %
Constantia	Roman	Regular	Turkish	17 x 39	40 %
Constantia	Roman	Regular	Vietnamese	17 x 39	40 %
Constantia	Roman	Regular	Western	17 x 39	40 %
Corbel	Swiss	Regular	Baltic	17 x 39	40 %
Corbel	Swiss	Regular	Central European	17 x 39	40 %
Corbel	Swiss	Regular	Cyrillic	17 x 39	40 %
Corbel	Swiss	Regular	Greek	17 x 39	40 %
Corbel	Swiss	Regular	Turkish	17 x 39	40 %
Corbel	Swiss	Regular	Vietnamese	17 x 39	40 %
Corbel	Swiss	Regular	Western	17 x 39	40 %
Courier New	Modern	Regular	Arabic	19 x 36	40 %
Courier New	Modern	Regular	Baltic	19 x 36	40 %
Courier New	Modern	Regular	Central European	19 x 36	40 %
Courier New	Modern	Regular	Cyrillic	19 x 36	40 %
Courier New	Modern	Regular	Greek	19 x 36	40 %
Courier New	Modern	Regular	Hebrew	19 x 36	40 %
Courier New	Modern	Regular	Turkish	19 x 36	40 %
Courier New	Modern	Regular	Vietnamese	19 x 36	40 %
Courier New	Modern	Regular	Western	19 x 36	40 %
Courier	Modern		Western	8 x 13	40 %
DejaVu Sans Condensed	Swiss	Book	Arabic	15 x 37	40 %
DejaVu Sans Condensed	Swiss	Book	Baltic	15 x 37	40 %
DejaVu Sans Condensed	Swiss	Book	Central European	15 x 37	40 %
DejaVu Sans Condensed	Swiss	Book	Cyrillic	15 x 37	40 %
DejaVu Sans Condensed	Swiss	Book	Greek	15 x 37	40 %
DejaVu Sans Condensed	Swiss	Book	Hebrew	15 x 37	40 %
DejaVu Sans Condensed	Swiss	Book	Turkish	15 x 37	40 %
DejaVu Sans Condensed	Swiss	Book	Vietnamese	15 x 37	40 %
DejaVu Sans Condensed	Swiss	Book	Western	15 x 37	40 %
DejaVu Sans Light	Swiss	ExtraLight	Baltic	16 x 37	20 %
DejaVu Sans Light	Swiss	ExtraLight	Central European	16 x 37	20 %
DejaVu Sans Light	Swiss	ExtraLight	Cyrillic	16 x 37	20 %
DejaVu Sans Light	Swiss	ExtraLight	Greek	16 x 37	20 %
DejaVu Sans Light	Swiss	ExtraLight	Turkish	16 x 37	20 %
DejaVu Sans Light	Swiss	ExtraLight	Vietnamese	16 x 37	20 %
DejaVu Sans Light	Swiss	ExtraLight	Western	16 x 37	20 %
DejaVu Sans Mono	Modern	Book	Arabic	19 x 37	40 %
DejaVu Sans Mono	Modern	Book	Baltic	19 x 37	40 %
DejaVu Sans Mono	Modern	Book	Central European	19 x 37	40 %
DejaVu Sans Mono	Modern	Book	Cyrillic	19 x 37	40 %
DejaVu Sans Mono	Modern	Book	Greek	19 x 37	40 %
DejaVu Sans Mono	Modern	Book	Turkish	19 x 37	40 %
DejaVu Sans Mono	Modern	Book	Vietnamese	19 x 37	40 %
DejaVu Sans Mono	Modern	Book	Western	19 x 37	40 %
DejaVu Sans	Swiss	Book	Arabic	16 x 37	40 %
DejaVu Sans	Swiss	Book	Baltic	16 x 37	40 %
DejaVu Sans	Swiss	Book	Central European	16 x 37	40 %
DejaVu Sans	Swiss	Book	Cyrillic	16 x 37	40 %
DejaVu Sans	Swiss	Book	Greek	16 x 37	40 %
DejaVu Sans	Swiss	Book	Hebrew	16 x 37	40 %
DejaVu Sans	Swiss	Book	Turkish	16 x 37	40 %
DejaVu Sans	Swiss	Book	Vietnamese	16 x 37	40 %
DejaVu Sans	Swiss	Book	Western	16 x 37	40 %
DejaVu Serif Condensed	Roman	Book	Baltic	15 x 37	40 %
DejaVu Serif Condensed	Roman	Book	Central European	15 x 37	40 %
DejaVu Serif Condensed	Roman	Book	Cyrillic	15 x 37	40 %
DejaVu Serif Condensed	Roman	Book	Greek	15 x 37	40 %
DejaVu Serif Condensed	Roman	Book	Turkish	15 x 37	40 %
DejaVu Serif Condensed	Roman	Book	Western	15 x 37	40 %
DejaVu Serif	Roman	Book	Baltic	16 x 37	40 %
DejaVu Serif	Roman	Book	Central European	16 x 37	40 %
DejaVu Serif	Roman	Book	Cyrillic	16 x 37	40 %
DejaVu Serif	Roman	Book	Greek	16 x 37	40 %
DejaVu Serif	Roman	Book	Turkish	16 x 37	40 %
DejaVu Serif	Roman	Book	Western	16 x 37	40 %
Ebrima	Special	Regular	Baltic	19 x 43	40 %
Ebrima	Special	Regular	Central European	19 x 43	40 %
Ebrima	Special	Regular	Turkish	19 x 43	40 %
Ebrima	Special	Regular	Western	19 x 43	40 %
Fixedsys	Modern		Western	8 x 15	40 %
Franklin Gothic Medium	Swiss	Regular	Baltic	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Central European	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Cyrillic	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Greek	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Turkish	14 x 36	40 %
Franklin Gothic Medium	Swiss	Regular	Western	14 x 36	40 %
Gabriola	Decorative	Regular	Baltic	16 x 59	40 %
Gabriola	Decorative	Regular	Central European	16 x 59	40 %
Gabriola	Decorative	Regular	Cyrillic	16 x 59	40 %
Gabriola	Decorative	Regular	Greek	16 x 59	40 %
Gabriola	Decorative	Regular	Turkish	16 x 59	40 %
Gabriola	Decorative	Regular	Western	16 x 59	40 %
Gadugi	Swiss	Regular	Western	18 x 43	40 %
Garamond	Roman	Regular	Baltic	12 x 36	40 %
Garamond	Roman	Regular	Central European	12 x 36	40 %
Garamond	Roman	Regular	Cyrillic	12 x 36	40 %
Garamond	Roman	Regular	Greek	12 x 36	40 %
Garamond	Roman	Regular	Turkish	12 x 36	40 %
Garamond	Roman	Regular	Western	12 x 36	40 %
Gentium Basic	Special	Regular	Central European	16 x 37	40 %
Gentium Basic	Special	Regular	Turkish	16 x 37	40 %
Gentium Basic	Special	Regular	Western	16 x 37	40 %
Gentium Book Basic	Special	Regular	Central European	16 x 37	40 %
Gentium Book Basic	Special	Regular	Turkish	16 x 37	40 %
Gentium Book Basic	Special	Regular	Western	16 x 37	40 %
Georgia	Roman	Regular	Baltic	14 x 36	40 %
Georgia	Roman	Regular	Central European	14 x 36	40 %
Georgia	Roman	Regular	Cyrillic	14 x 36	40 %
Georgia	Roman	Regular	Greek	14 x 36	40 %
Georgia	Roman	Regular	Turkish	14 x 36	40 %
Georgia	Roman	Regular	Western	14 x 36	40 %
Impact	Swiss	Regular	Baltic	19 x 39	40 %
Impact	Swiss	Regular	Central European	19 x 39	40 %
Impact	Swiss	Regular	Cyrillic	19 x 39	40 %
Impact	Swiss	Regular	Greek	19 x 39	40 %
Impact	Swiss	Regular	Turkish	19 x 39	40 %
Impact	Swiss	Regular	Western	19 x 39	40 %
Javanese Text	Special	Regular	Western	26 x 73	40 %
Leelawadee UI Semilight	Swiss	Regular	Thai	17 x 43	35 %
Leelawadee UI Semilight	Swiss	Regular	Vietnamese	17 x 43	35 %
Leelawadee UI Semilight	Swiss	Regular	Western	17 x 43	35 %
Leelawadee UI	Swiss	Regular	Thai	17 x 43	40 %
Leelawadee UI	Swiss	Regular	Vietnamese	17 x 43	40 %
Leelawadee UI	Swiss	Regular	Western	17 x 43	40 %
Liberation Mono	Modern	Regular	Baltic	19 x 36	40 %
Liberation Mono	Modern	Regular	Central European	19 x 36	40 %
Liberation Mono	Modern	Regular	Cyrillic	19 x 36	40 %
Liberation Mono	Modern	Regular	Greek	19 x 36	40 %
Liberation Mono	Modern	Regular	Hebrew	19 x 36	40 %
Liberation Mono	Modern	Regular	Turkish	19 x 36	40 %
Liberation Mono	Modern	Regular	Vietnamese	19 x 36	40 %
Liberation Mono	Modern	Regular	Western	19 x 36	40 %
Liberation Sans Narrow	Swiss	Regular	Baltic	12 x 36	40 %
Liberation Sans Narrow	Swiss	Regular	Central European	12 x 36	40 %
Liberation Sans Narrow	Swiss	Regular	Cyrillic	12 x 36	40 %
Liberation Sans Narrow	Swiss	Regular	Greek	12 x 36	40 %
Liberation Sans Narrow	Swiss	Regular	Turkish	12 x 36	40 %
Liberation Sans Narrow	Swiss	Regular	Western	12 x 36	40 %
Liberation Sans	Swiss	Regular	Baltic	19 x 36	40 %
Liberation Sans	Swiss	Regular	Central European	19 x 36	40 %
Liberation Sans	Swiss	Regular	Cyrillic	19 x 36	40 %
Liberation Sans	Swiss	Regular	Greek	19 x 36	40 %
Liberation Sans	Swiss	Regular	Hebrew	19 x 36	40 %
Liberation Sans	Swiss	Regular	Turkish	19 x 36	40 %
Liberation Sans	Swiss	Regular	Vietnamese	19 x 36	40 %
Liberation Sans	Swiss	Regular	Western	19 x 36	40 %
Liberation Serif	Roman	Regular	Baltic	18 x 35	40 %
Liberation Serif	Roman	Regular	Central European	18 x 35	40 %
Liberation Serif	Roman	Regular	Cyrillic	18 x 35	40 %
Liberation Serif	Roman	Regular	Greek	18 x 35	40 %
Liberation Serif	Roman	Regular	Hebrew	18 x 35	40 %
Liberation Serif	Roman	Regular	Turkish	18 x 35	40 %
Liberation Serif	Roman	Regular	Vietnamese	18 x 35	40 %
Liberation Serif	Roman	Regular	Western	18 x 35	40 %
Linux Biolinum G	Special	Regular	Baltic	13 x 36	40 %
Linux Biolinum G	Special	Regular	Central European	13 x 36	40 %
Linux Biolinum G	Special	Regular	Cyrillic	13 x 36	40 %
Linux Biolinum G	Special	Regular	Greek	13 x 36	40 %
Linux Biolinum G	Special	Regular	Hebrew	13 x 36	40 %
Linux Biolinum G	Special	Regular	Turkish	13 x 36	40 %
Linux Biolinum G	Special	Regular	Vietnamese	13 x 36	40 %
Linux Biolinum G	Special	Regular	Western	13 x 36	40 %
Linux Libertine Display G	Special	Regular	Baltic	13 x 36	40 %
Linux Libertine Display G	Special	Regular	Central European	13 x 36	40 %
Linux Libertine Display G	Special	Regular	Cyrillic	13 x 36	40 %
Linux Libertine Display G	Special	Regular	Greek	13 x 36	40 %
Linux Libertine Display G	Special	Regular	Hebrew	13 x 36	40 %
Linux Libertine Display G	Special	Regular	Turkish	13 x 36	40 %
Linux Libertine Display G	Special	Regular	Vietnamese	13 x 36	40 %
Linux Libertine Display G	Special	Regular	Western	13 x 36	40 %
Linux Libertine G	Special	Regular	Baltic	13 x 36	40 %
Linux Libertine G	Special	Regular	Central European	13 x 36	40 %
Linux Libertine G	Special	Regular	Cyrillic	13 x 36	40 %
Linux Libertine G	Special	Regular	Greek	13 x 36	40 %
Linux Libertine G	Special	Regular	Hebrew	13 x 36	40 %
Linux Libertine G	Special	Regular	Turkish	13 x 36	40 %
Linux Libertine G	Special	Regular	Vietnamese	13 x 36	40 %
Linux Libertine G	Special	Regular	Western	13 x 36	40 %
Lucida Console	Modern	Regular	Central European	19 x 32	40 %
Lucida Console	Modern	Regular	Cyrillic	19 x 32	40 %
Lucida Console	Modern	Regular	Greek	19 x 32	40 %
Lucida Console	Modern	Regular	Turkish	19 x 32	40 %
Lucida Console	Modern	Regular	Western	19 x 32	40 %
Lucida Sans Unicode	Swiss	Regular	Baltic	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Central European	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Cyrillic	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Greek	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Hebrew	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Turkish	16 x 49	40 %
Lucida Sans Unicode	Swiss	Regular	Western	16 x 49	40 %
Malgun Gothic Semilight	Swiss	Regular	Baltic	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	CHINESE_BIG5	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	CHINESE_GB2312	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Cyrillic	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Greek	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Hangul(Johab)	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Hangul	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Hebrew	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Japanese	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Turkish	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Vietnamese	31 x 43	30 %
Malgun Gothic Semilight	Swiss	Regular	Western	31 x 43	30 %
Malgun Gothic	Swiss	Regular	Hangul	15 x 43	40 %
Malgun Gothic	Swiss	Regular	Western	15 x 43	40 %
Marlett	Special	Regular	Symbol	31 x 32	50 %
Microsoft Himalaya	Special	Regular	Western	13 x 32	40 %
Microsoft JhengHei Light	Swiss	Regular	CHINESE_BIG5	32 x 43	29 %
Microsoft JhengHei Light	Swiss	Regular	Greek	32 x 43	29 %
Microsoft JhengHei Light	Swiss	Regular	Western	32 x 43	29 %
Microsoft JhengHei UI Light	Swiss	Regular	CHINESE_BIG5	32 x 41	29 %
Microsoft JhengHei UI Light	Swiss	Regular	Greek	32 x 41	29 %
Microsoft JhengHei UI Light	Swiss	Regular	Western	32 x 41	29 %
Microsoft JhengHei UI	Swiss	Regular	CHINESE_BIG5	15 x 41	40 %
Microsoft JhengHei UI	Swiss	Regular	Greek	15 x 41	40 %
Microsoft JhengHei UI	Swiss	Regular	Western	15 x 41	40 %
Microsoft JhengHei	Swiss	Regular	CHINESE_BIG5	15 x 43	40 %
Microsoft JhengHei	Swiss	Regular	Greek	15 x 43	40 %
Microsoft JhengHei	Swiss	Regular	Western	15 x 43	40 %
Microsoft New Tai Lue	Swiss	Regular	Western	19 x 42	40 %
Microsoft PhagsPa	Swiss	Regular	Western	24 x 41	40 %
Microsoft Sans Serif	Swiss	Regular	Arabic	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Baltic	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Central European	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Cyrillic	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Greek	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Hebrew	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Thai	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Turkish	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Vietnamese	14 x 36	40 %
Microsoft Sans Serif	Swiss	Regular	Western	14 x 36	40 %
Microsoft Tai Le	Swiss	Regular	Western	19 x 41	40 %
Microsoft YaHei Light	Swiss	Regular	Central European	15 x 41	29 %
Microsoft YaHei Light	Swiss	Regular	CHINESE_GB2312	15 x 41	29 %
Microsoft YaHei Light	Swiss	Regular	Cyrillic	15 x 41	29 %
Microsoft YaHei Light	Swiss	Regular	Greek	15 x 41	29 %
Microsoft YaHei Light	Swiss	Regular	Western	15 x 41	29 %
Microsoft YaHei UI Light	Swiss	Regular	Central European	15 x 42	29 %
Microsoft YaHei UI Light	Swiss	Regular	CHINESE_GB2312	15 x 42	29 %
Microsoft YaHei UI Light	Swiss	Regular	Cyrillic	15 x 42	29 %
Microsoft YaHei UI Light	Swiss	Regular	Greek	15 x 42	29 %
Microsoft YaHei UI Light	Swiss	Regular	Western	15 x 42	29 %
Microsoft YaHei UI	Swiss	Regular	Central European	15 x 41	40 %
Microsoft YaHei UI	Swiss	Regular	CHINESE_GB2312	15 x 41	40 %
Microsoft YaHei UI	Swiss	Regular	Cyrillic	15 x 41	40 %
Microsoft YaHei UI	Swiss	Regular	Greek	15 x 41	40 %
Microsoft YaHei UI	Swiss	Regular	Turkish	15 x 41	40 %
Microsoft YaHei UI	Swiss	Regular	Western	15 x 41	40 %
Microsoft YaHei	Swiss	Regular	Central European	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	CHINESE_GB2312	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	Cyrillic	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	Greek	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	Turkish	15 x 42	40 %
Microsoft YaHei	Swiss	Regular	Western	15 x 42	40 %
Microsoft Yi Baiti	Script	Regular	Western	21 x 32	40 %
MingLiU_HKSCS-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
MingLiU_HKSCS-ExtB	Roman	Regular	Western	16 x 32	40 %
MingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
MingLiU-ExtB	Roman	Regular	Western	16 x 32	40 %
Modern	Modern		OEM/DOS	19 x 37	40 %
Mongolian Baiti	Script	Regular	Western	14 x 34	40 %
Monotype Corsiva	Script	Regular	Baltic	11 x 35	40 %
Monotype Corsiva	Script	Regular	Central European	11 x 35	40 %
Monotype Corsiva	Script	Regular	Cyrillic	11 x 35	40 %
Monotype Corsiva	Script	Regular	Greek	11 x 35	40 %
Monotype Corsiva	Script	Regular	Turkish	11 x 35	40 %
Monotype Corsiva	Script	Regular	Western	11 x 35	40 %
MS Mincho	Modern	Regular	Baltic	16 x 32	40 %
MS Mincho	Modern	Regular	Central European	16 x 32	40 %
MS Mincho	Modern	Regular	Cyrillic	16 x 32	40 %
MS Mincho	Modern	Regular	Greek	16 x 32	40 %
MS Mincho	Modern	Regular	Japanese	16 x 32	40 %
MS Mincho	Modern	Regular	Turkish	16 x 32	40 %
MS Mincho	Modern	Regular	Western	16 x 32	40 %
MS Sans Serif	Swiss		Western	5 x 13	40 %
MS Serif	Roman		Western	5 x 13	40 %
MV Boli	Special	Regular	Western	18 x 52	40 %
Myanmar Text	Swiss	Regular	Western	18 x 60	40 %
Nirmala UI Semilight	Swiss	Regular	Western	17 x 43	35 %
Nirmala UI	Swiss	Regular	Western	31 x 43	40 %
NSimSun	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
NSimSun	Modern	Regular	Western	16 x 32	40 %
Open Sans	Swiss	Regular	Baltic	19 x 44	40 %
Open Sans	Swiss	Regular	Central European	19 x 44	40 %
Open Sans	Swiss	Regular	Cyrillic	19 x 44	40 %
Open Sans	Swiss	Regular	Greek	19 x 44	40 %
Open Sans	Swiss	Regular	Turkish	19 x 44	40 %
Open Sans	Swiss	Regular	Vietnamese	19 x 44	40 %
Open Sans	Swiss	Regular	Western	19 x 44	40 %
OpenSymbol	Special	Regular	Western	23 x 32	40 %
Palatino Linotype	Roman	Regular	Baltic	14 x 43	40 %
Palatino Linotype	Roman	Regular	Central European	14 x 43	40 %
Palatino Linotype	Roman	Regular	Cyrillic	14 x 43	40 %
Palatino Linotype	Roman	Regular	Greek	14 x 43	40 %
Palatino Linotype	Roman	Regular	Turkish	14 x 43	40 %
Palatino Linotype	Roman	Regular	Vietnamese	14 x 43	40 %
Palatino Linotype	Roman	Regular	Western	14 x 43	40 %
PMingLiU-ExtB	Roman	Regular	CHINESE_BIG5	16 x 32	40 %
PMingLiU-ExtB	Roman	Regular	Western	16 x 32	40 %
PT Serif	Roman	Regular	Baltic	18 x 42	40 %
PT Serif	Roman	Regular	Central European	18 x 42	40 %
PT Serif	Roman	Regular	Cyrillic	18 x 42	40 %
PT Serif	Roman	Regular	Turkish	18 x 42	40 %
PT Serif	Roman	Regular	Western	18 x 42	40 %
Roman	Roman		OEM/DOS	22 x 37	40 %
Script	Script		OEM/DOS	16 x 36	40 %
Segoe MDL2 Assets	Roman	Regular	Western	33 x 32	40 %
Segoe Print	Special	Regular	Baltic	21 x 56	40 %
Segoe Print	Special	Regular	Central European	21 x 56	40 %
Segoe Print	Special	Regular	Cyrillic	21 x 56	40 %
Segoe Print	Special	Regular	Greek	21 x 56	40 %
Segoe Print	Special	Regular	Turkish	21 x 56	40 %
Segoe Print	Special	Regular	Western	21 x 56	40 %
Segoe Script	Swiss	Regular	Baltic	22 x 51	40 %
Segoe Script	Swiss	Regular	Central European	22 x 51	40 %
Segoe Script	Swiss	Regular	Cyrillic	22 x 51	40 %
Segoe Script	Swiss	Regular	Greek	22 x 51	40 %
Segoe Script	Swiss	Regular	Turkish	22 x 51	40 %
Segoe Script	Swiss	Regular	Western	22 x 51	40 %
Segoe UI Black	Swiss	Regular	Baltic	20 x 43	90 %
Segoe UI Black	Swiss	Regular	Central European	20 x 43	90 %
Segoe UI Black	Swiss	Regular	Cyrillic	20 x 43	90 %
Segoe UI Black	Swiss	Regular	Greek	20 x 43	90 %
Segoe UI Black	Swiss	Regular	Turkish	20 x 43	90 %
Segoe UI Black	Swiss	Regular	Vietnamese	20 x 43	90 %
Segoe UI Black	Swiss	Regular	Western	20 x 43	90 %
Segoe UI Emoji	Swiss	Regular	Western	23 x 43	40 %
Segoe UI Historic	Swiss	Regular	Western	27 x 43	40 %
Segoe UI Light	Swiss	Regular	Arabic	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Baltic	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Central European	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Cyrillic	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Greek	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Hebrew	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Turkish	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Vietnamese	17 x 43	30 %
Segoe UI Light	Swiss	Regular	Western	17 x 43	30 %
Segoe UI Semibold	Swiss	Regular	Arabic	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Baltic	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Central European	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Cyrillic	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Greek	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Hebrew	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Turkish	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Vietnamese	18 x 43	60 %
Segoe UI Semibold	Swiss	Regular	Western	18 x 43	60 %
Segoe UI Semilight	Swiss	Regular	Arabic	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Baltic	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Central European	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Cyrillic	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Greek	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Hebrew	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Turkish	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Vietnamese	17 x 43	35 %
Segoe UI Semilight	Swiss	Regular	Western	17 x 43	35 %
Segoe UI Symbol	Swiss	Regular	Western	23 x 43	40 %
Segoe UI	Swiss	Regular	Arabic	17 x 43	40 %
Segoe UI	Swiss	Regular	Baltic	17 x 43	40 %
Segoe UI	Swiss	Regular	Central European	17 x 43	40 %
Segoe UI	Swiss	Regular	Cyrillic	17 x 43	40 %
Segoe UI	Swiss	Regular	Greek	17 x 43	40 %
Segoe UI	Swiss	Regular	Hebrew	17 x 43	40 %
Segoe UI	Swiss	Regular	Turkish	17 x 43	40 %
Segoe UI	Swiss	Regular	Vietnamese	17 x 43	40 %
Segoe UI	Swiss	Regular	Western	17 x 43	40 %
SimSun	Special	Regular	CHINESE_GB2312	16 x 32	40 %
SimSun	Special	Regular	Western	16 x 32	40 %
SimSun-ExtB	Modern	Regular	CHINESE_GB2312	16 x 32	40 %
SimSun-ExtB	Modern	Regular	Western	16 x 32	40 %
Sitka Banner	Special	Regular	Baltic	16 x 46	40 %
Sitka Banner	Special	Regular	Central European	16 x 46	40 %
Sitka Banner	Special	Regular	Cyrillic	16 x 46	40 %
Sitka Banner	Special	Regular	Greek	16 x 46	40 %
Sitka Banner	Special	Regular	Turkish	16 x 46	40 %
Sitka Banner	Special	Regular	Vietnamese	16 x 46	40 %
Sitka Banner	Special	Regular	Western	16 x 46	40 %
Sitka Display	Special	Regular	Baltic	17 x 46	40 %
Sitka Display	Special	Regular	Central European	17 x 46	40 %
Sitka Display	Special	Regular	Cyrillic	17 x 46	40 %
Sitka Display	Special	Regular	Greek	17 x 46	40 %
Sitka Display	Special	Regular	Turkish	17 x 46	40 %
Sitka Display	Special	Regular	Vietnamese	17 x 46	40 %
Sitka Display	Special	Regular	Western	17 x 46	40 %
Sitka Heading	Special	Regular	Baltic	17 x 46	40 %
Sitka Heading	Special	Regular	Central European	17 x 46	40 %
Sitka Heading	Special	Regular	Cyrillic	17 x 46	40 %
Sitka Heading	Special	Regular	Greek	17 x 46	40 %
Sitka Heading	Special	Regular	Turkish	17 x 46	40 %
Sitka Heading	Special	Regular	Vietnamese	17 x 46	40 %
Sitka Heading	Special	Regular	Western	17 x 46	40 %
Sitka Small	Special	Regular	Baltic	21 x 47	40 %
Sitka Small	Special	Regular	Central European	21 x 47	40 %
Sitka Small	Special	Regular	Cyrillic	21 x 47	40 %
Sitka Small	Special	Regular	Greek	21 x 47	40 %
Sitka Small	Special	Regular	Turkish	21 x 47	40 %
Sitka Small	Special	Regular	Vietnamese	21 x 47	40 %
Sitka Small	Special	Regular	Western	21 x 47	40 %
Sitka Subheading	Special	Regular	Baltic	18 x 46	40 %
Sitka Subheading	Special	Regular	Central European	18 x 46	40 %
Sitka Subheading	Special	Regular	Cyrillic	18 x 46	40 %
Sitka Subheading	Special	Regular	Greek	18 x 46	40 %
Sitka Subheading	Special	Regular	Turkish	18 x 46	40 %
Sitka Subheading	Special	Regular	Vietnamese	18 x 46	40 %
Sitka Subheading	Special	Regular	Western	18 x 46	40 %
Sitka Text	Special	Regular	Baltic	19 x 46	40 %
Sitka Text	Special	Regular	Central European	19 x 46	40 %
Sitka Text	Special	Regular	Cyrillic	19 x 46	40 %
Sitka Text	Special	Regular	Greek	19 x 46	40 %
Sitka Text	Special	Regular	Turkish	19 x 46	40 %
Sitka Text	Special	Regular	Vietnamese	19 x 46	40 %
Sitka Text	Special	Regular	Western	19 x 46	40 %
Small Fonts	Swiss		Western	1 x 3	40 %
Source Code Pro Black	Modern	Regular	Baltic	19 x 40	90 %
Source Code Pro Black	Modern	Regular	Central European	19 x 40	90 %
Source Code Pro Black	Modern	Regular	Turkish	19 x 40	90 %
Source Code Pro Black	Modern	Regular	Vietnamese	19 x 40	90 %
Source Code Pro Black	Modern	Regular	Western	19 x 40	90 %
Source Code Pro ExtraLight	Modern	Regular	Baltic	19 x 40	20 %
Source Code Pro ExtraLight	Modern	Regular	Central European	19 x 40	20 %
Source Code Pro ExtraLight	Modern	Regular	Turkish	19 x 40	20 %
Source Code Pro ExtraLight	Modern	Regular	Vietnamese	19 x 40	20 %
Source Code Pro ExtraLight	Modern	Regular	Western	19 x 40	20 %
Source Code Pro Light	Modern	Regular	Baltic	19 x 40	30 %
Source Code Pro Light	Modern	Regular	Central European	19 x 40	30 %
Source Code Pro Light	Modern	Regular	Turkish	19 x 40	30 %
Source Code Pro Light	Modern	Regular	Vietnamese	19 x 40	30 %
Source Code Pro Light	Modern	Regular	Western	19 x 40	30 %
Source Code Pro Semibold	Modern	Regular	Baltic	19 x 40	60 %
Source Code Pro Semibold	Modern	Regular	Central European	19 x 40	60 %
Source Code Pro Semibold	Modern	Regular	Turkish	19 x 40	60 %
Source Code Pro Semibold	Modern	Regular	Vietnamese	19 x 40	60 %
Source Code Pro Semibold	Modern	Regular	Western	19 x 40	60 %
Source Code Pro	Modern	Regular	Baltic	19 x 40	40 %
Source Code Pro	Modern	Regular	Central European	19 x 40	40 %
Source Code Pro	Modern	Regular	Turkish	19 x 40	40 %
Source Code Pro	Modern	Regular	Vietnamese	19 x 40	40 %
Source Code Pro	Modern	Regular	Western	19 x 40	40 %
Source Sans Pro Black	Swiss	Regular	Baltic	17 x 40	90 %
Source Sans Pro Black	Swiss	Regular	Central European	17 x 40	90 %
Source Sans Pro Black	Swiss	Regular	Cyrillic	17 x 40	90 %
Source Sans Pro Black	Swiss	Regular	Greek	17 x 40	90 %
Source Sans Pro Black	Swiss	Regular	Turkish	17 x 40	90 %
Source Sans Pro Black	Swiss	Regular	Vietnamese	17 x 40	90 %
Source Sans Pro Black	Swiss	Regular	Western	17 x 40	90 %
Source Sans Pro ExtraLight	Swiss	Regular	Baltic	15 x 40	20 %
Source Sans Pro ExtraLight	Swiss	Regular	Central European	15 x 40	20 %
Source Sans Pro ExtraLight	Swiss	Regular	Cyrillic	15 x 40	20 %
Source Sans Pro ExtraLight	Swiss	Regular	Greek	15 x 40	20 %
Source Sans Pro ExtraLight	Swiss	Regular	Turkish	15 x 40	20 %
Source Sans Pro ExtraLight	Swiss	Regular	Vietnamese	15 x 40	20 %
Source Sans Pro ExtraLight	Swiss	Regular	Western	15 x 40	20 %
Source Sans Pro Light	Swiss	Regular	Baltic	15 x 40	30 %
Source Sans Pro Light	Swiss	Regular	Central European	15 x 40	30 %
Source Sans Pro Light	Swiss	Regular	Cyrillic	15 x 40	30 %
Source Sans Pro Light	Swiss	Regular	Greek	15 x 40	30 %
Source Sans Pro Light	Swiss	Regular	Turkish	15 x 40	30 %
Source Sans Pro Light	Swiss	Regular	Vietnamese	15 x 40	30 %
Source Sans Pro Light	Swiss	Regular	Western	15 x 40	30 %
Source Sans Pro Semibold	Swiss	Regular	Baltic	16 x 40	60 %
Source Sans Pro Semibold	Swiss	Regular	Central European	16 x 40	60 %
Source Sans Pro Semibold	Swiss	Regular	Cyrillic	16 x 40	60 %
Source Sans Pro Semibold	Swiss	Regular	Greek	16 x 40	60 %
Source Sans Pro Semibold	Swiss	Regular	Turkish	16 x 40	60 %
Source Sans Pro Semibold	Swiss	Regular	Vietnamese	16 x 40	60 %
Source Sans Pro Semibold	Swiss	Regular	Western	16 x 40	60 %
Source Sans Pro	Swiss	Regular	Baltic	16 x 40	40 %
Source Sans Pro	Swiss	Regular	Central European	16 x 40	40 %
Source Sans Pro	Swiss	Regular	Cyrillic	16 x 40	40 %
Source Sans Pro	Swiss	Regular	Greek	16 x 40	40 %
Source Sans Pro	Swiss	Regular	Turkish	16 x 40	40 %
Source Sans Pro	Swiss	Regular	Vietnamese	16 x 40	40 %
Source Sans Pro	Swiss	Regular	Western	16 x 40	40 %
Sylfaen	Roman	Regular	Baltic	13 x 42	40 %
Sylfaen	Roman	Regular	Central European	13 x 42	40 %
Sylfaen	Roman	Regular	Cyrillic	13 x 42	40 %
Sylfaen	Roman	Regular	Greek	13 x 42	40 %
Sylfaen	Roman	Regular	Turkish	13 x 42	40 %
Sylfaen	Roman	Regular	Western	13 x 42	40 %
Symbol	Roman	Regular	Symbol	19 x 39	40 %
System	Swiss		Western	7 x 16	70 %
Tahoma	Swiss	Regular	Arabic	14 x 39	40 %
Tahoma	Swiss	Regular	Baltic	14 x 39	40 %
Tahoma	Swiss	Regular	Central European	14 x 39	40 %
Tahoma	Swiss	Regular	Cyrillic	14 x 39	40 %
Tahoma	Swiss	Regular	Greek	14 x 39	40 %
Tahoma	Swiss	Regular	Hebrew	14 x 39	40 %
Tahoma	Swiss	Regular	Thai	14 x 39	40 %
Tahoma	Swiss	Regular	Turkish	14 x 39	40 %
Tahoma	Swiss	Regular	Vietnamese	14 x 39	40 %
Tahoma	Swiss	Regular	Western	14 x 39	40 %
TeamViewer10	Decorative	Medium	Other	23 x 32	50 %
Terminal	Modern		OEM/DOS	4 x 6	40 %
Times New Roman	Roman	Regular	Arabic	13 x 35	40 %
Times New Roman	Roman	Regular	Baltic	13 x 35	40 %
Times New Roman	Roman	Regular	Central European	13 x 35	40 %
Times New Roman	Roman	Regular	Cyrillic	13 x 35	40 %
Times New Roman	Roman	Regular	Greek	13 x 35	40 %
Times New Roman	Roman	Regular	Hebrew	13 x 35	40 %
Times New Roman	Roman	Regular	Turkish	13 x 35	40 %
Times New Roman	Roman	Regular	Vietnamese	13 x 35	40 %
Times New Roman	Roman	Regular	Western	13 x 35	40 %
Trebuchet MS	Swiss	Regular	Baltic	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Central European	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Cyrillic	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Greek	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Turkish	15 x 37	40 %
Trebuchet MS	Swiss	Regular	Western	15 x 37	40 %
Verdana	Swiss	Regular	Baltic	16 x 39	40 %
Verdana	Swiss	Regular	Central European	16 x 39	40 %
Verdana	Swiss	Regular	Cyrillic	16 x 39	40 %
Verdana	Swiss	Regular	Greek	16 x 39	40 %
Verdana	Swiss	Regular	Turkish	16 x 39	40 %
Verdana	Swiss	Regular	Vietnamese	16 x 39	40 %
Verdana	Swiss	Regular	Western	16 x 39	40 %
Webdings	Roman	Regular	Symbol	31 x 32	40 %
Wingdings 2	Roman	Regular	Symbol	27 x 34	40 %
Wingdings 3	Roman	Regular	Symbol	25 x 36	40 %
Wingdings	Special	Regular	Symbol	28 x 36	40 %
Yu Gothic Light	Swiss	Regular	Baltic	31 x 41	30 %
Yu Gothic Light	Swiss	Regular	Central European	31 x 41	30 %
Yu Gothic Light	Swiss	Regular	Cyrillic	31 x 41	30 %
Yu Gothic Light	Swiss	Regular	Greek	31 x 41	30 %
Yu Gothic Light	Swiss	Regular	Japanese	31 x 41	30 %
Yu Gothic Light	Swiss	Regular	Turkish	31 x 41	30 %
Yu Gothic Light	Swiss	Regular	Western	31 x 41	30 %
Yu Gothic Medium	Swiss	Regular	Baltic	31 x 41	50 %
Yu Gothic Medium	Swiss	Regular	Central European	31 x 41	50 %
Yu Gothic Medium	Swiss	Regular	Cyrillic	31 x 41	50 %
Yu Gothic Medium	Swiss	Regular	Greek	31 x 41	50 %
Yu Gothic Medium	Swiss	Regular	Japanese	31 x 41	50 %
Yu Gothic Medium	Swiss	Regular	Turkish	31 x 41	50 %
Yu Gothic Medium	Swiss	Regular	Western	31 x 41	50 %
Yu Gothic UI Light	Swiss	Regular	Baltic	17 x 43	30 %
Yu Gothic UI Light	Swiss	Regular	Central European	17 x 43	30 %
Yu Gothic UI Light	Swiss	Regular	Cyrillic	17 x 43	30 %
Yu Gothic UI Light	Swiss	Regular	Greek	17 x 43	30 %
Yu Gothic UI Light	Swiss	Regular	Japanese	17 x 43	30 %
Yu Gothic UI Light	Swiss	Regular	Turkish	17 x 43	30 %
Yu Gothic UI Light	Swiss	Regular	Western	17 x 43	30 %
Yu Gothic UI Semibold	Swiss	Regular	Baltic	19 x 43	60 %
Yu Gothic UI Semibold	Swiss	Regular	Central European	19 x 43	60 %
Yu Gothic UI Semibold	Swiss	Regular	Cyrillic	19 x 43	60 %
Yu Gothic UI Semibold	Swiss	Regular	Greek	19 x 43	60 %
Yu Gothic UI Semibold	Swiss	Regular	Japanese	19 x 43	60 %
Yu Gothic UI Semibold	Swiss	Regular	Turkish	19 x 43	60 %
Yu Gothic UI Semibold	Swiss	Regular	Western	19 x 43	60 %
Yu Gothic UI Semilight	Swiss	Regular	Baltic	17 x 43	35 %
Yu Gothic UI Semilight	Swiss	Regular	Central European	17 x 43	35 %
Yu Gothic UI Semilight	Swiss	Regular	Cyrillic	17 x 43	35 %
Yu Gothic UI Semilight	Swiss	Regular	Greek	17 x 43	35 %
Yu Gothic UI Semilight	Swiss	Regular	Japanese	17 x 43	35 %
Yu Gothic UI Semilight	Swiss	Regular	Turkish	17 x 43	35 %
Yu Gothic UI Semilight	Swiss	Regular	Western	17 x 43	35 %
Yu Gothic UI	Swiss	Regular	Baltic	17 x 43	40 %
Yu Gothic UI	Swiss	Regular	Central European	17 x 43	40 %
Yu Gothic UI	Swiss	Regular	Cyrillic	17 x 43	40 %
Yu Gothic UI	Swiss	Regular	Greek	17 x 43	40 %
Yu Gothic UI	Swiss	Regular	Japanese	17 x 43	40 %
Yu Gothic UI	Swiss	Regular	Turkish	17 x 43	40 %
Yu Gothic UI	Swiss	Regular	Western	17 x 43	40 %
Yu Gothic	Swiss	Regular	Baltic	31 x 41	40 %
Yu Gothic	Swiss	Regular	Central European	31 x 41	40 %
Yu Gothic	Swiss	Regular	Cyrillic	31 x 41	40 %
Yu Gothic	Swiss	Regular	Greek	31 x 41	40 %
Yu Gothic	Swiss	Regular	Japanese	31 x 41	40 %
Yu Gothic	Swiss	Regular	Turkish	31 x 41	40 %
Yu Gothic	Swiss	Regular	Western	31 x 41	40 %
Yu Mincho Demibold	Roman	Bold	Baltic	31 x 41	60 %
Yu Mincho Demibold	Roman	Bold	Central European	31 x 41	60 %
Yu Mincho Demibold	Roman	Bold	Cyrillic	31 x 41	60 %
Yu Mincho Demibold	Roman	Bold	Greek	31 x 41	60 %
Yu Mincho Demibold	Roman	Bold	Japanese	31 x 41	60 %
Yu Mincho Demibold	Roman	Bold	Turkish	31 x 41	60 %
Yu Mincho Demibold	Roman	Bold	Western	31 x 41	60 %
Yu Mincho Light	Roman	Regular	Baltic	31 x 41	30 %
Yu Mincho Light	Roman	Regular	Central European	31 x 41	30 %
Yu Mincho Light	Roman	Regular	Cyrillic	31 x 41	30 %
Yu Mincho Light	Roman	Regular	Greek	31 x 41	30 %
Yu Mincho Light	Roman	Regular	Japanese	31 x 41	30 %
Yu Mincho Light	Roman	Regular	Turkish	31 x 41	30 %
Yu Mincho Light	Roman	Regular	Western	31 x 41	30 %
Yu Mincho	Roman	Regular	Baltic	31 x 41	40 %
Yu Mincho	Roman	Regular	Central European	31 x 41	40 %
Yu Mincho	Roman	Regular	Cyrillic	31 x 41	40 %
Yu Mincho	Roman	Regular	Greek	31 x 41	40 %
Yu Mincho	Roman	Regular	Japanese	31 x 41	40 %
Yu Mincho	Roman	Regular	Turkish	31 x 41	40 %
Yu Mincho	Roman	Regular	Western	31 x 41	40 %

Windows Audio


Device	Identifier	Device Description
midi-out.0	0001 001B	Microsoft GS Wavetable Synth
mixer.0	0001 0068	Speakers (Realtek High Definiti
mixer.1	0001 0068	Microphone (Realtek High Defini
wave-in.0	0001 0065	Microphone (Realtek High Defini
wave-out.0	0001 0064	Speakers (Realtek High Definiti

PCI / PnP Audio


		Device Description	Type
		Intel Panther Point HDMI @ Intel Panther Point PCH - High Definition Audio Controller [C-1]	PCI
		Realtek ALC269 @ Intel Panther Point PCH - High Definition Audio Controller [C-1]	PCI

HD Audio


[ Intel Panther Point PCH - High Definition Audio Controller [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - High Definition Audio Controller [C-1]
		Device Description (Windows)	High Definition Audio Controller
		Bus Type	PCI
		Bus / Device / Function	0 / 27 / 0
		Device ID	8086-1E20
		Subsystem ID	1043-10AC
		Revision	04
		Hardware ID	PCI\VEN_8086&DEV_1E20&SUBSYS_10AC1043&REV_04

	Device Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ Realtek ALC269 ]

	Device Properties:
		Device Description	Realtek ALC269
		Device Description (Windows)	Realtek High Definition Audio
		Device Type	Audio
		Bus Type	HDAUDIO
		Device ID	10EC-0269
		Subsystem ID	1043-10AC
		Revision	1001
		Hardware ID	HDAUDIO\FUNC_01&VEN_10EC&DEV_0269&SUBSYS_104310AC&REV_1001

	Device Manufacturer:
		Company Name	Realtek Semiconductor Corp.
		Product Information	http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=8&PFid=14&Level=3&Conn=2
		Driver Download	http://www.realtek.com.tw/downloads
		Driver Update	http://www.aida64.com/driver-updates

[ Intel Panther Point HDMI ]

	Device Properties:
		Device Description	Intel Panther Point HDMI
		Device Description (Windows)	Intel(R) Display Audio
		Device Type	Audio
		Bus Type	HDAUDIO
		Device ID	8086-2806
		Subsystem ID	8086-0101
		Revision	1000
		Hardware ID	HDAUDIO\FUNC_01&VEN_8086&DEV_2806&SUBSYS_80860101&REV_1000

	Device Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		Driver Update	http://www.aida64.com/driver-updates

Audio Codecs


[ Fraunhofer IIS MPEG Layer-3 Codec (decode only) ]

	ACM Driver Properties:
		Driver Description	Fraunhofer IIS MPEG Layer-3 Codec (decode only)
		Copyright Notice	Copyright � 1996-1999 Fraunhofer Institut Integrierte Schaltungen IIS
		Driver Features	decoder only version
		Driver Version	1.09

[ Microsoft ADPCM CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft ADPCM CODEC
		Copyright Notice	Copyright (C) 1992-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses Microsoft ADPCM audio data.
		Driver Version	4.00

[ Microsoft CCITT G.711 A-Law and u-Law CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft CCITT G.711 A-Law and u-Law CODEC
		Copyright Notice	Copyright (c) 1993-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses CCITT G.711 A-Law and u-Law audio data.
		Driver Version	4.00

[ Microsoft GSM 6.10 Audio CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft GSM 6.10 Audio CODEC
		Copyright Notice	Copyright (C) 1993-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses audio data conforming to the ETSI-GSM (European Telecommunications Standards Institute-Groupe Special Mobile) recommendation 6.10.
		Driver Version	4.00

[ Microsoft IMA ADPCM CODEC ]

	ACM Driver Properties:
		Driver Description	Microsoft IMA ADPCM CODEC
		Copyright Notice	Copyright (C) 1992-1996 Microsoft Corporation
		Driver Features	Compresses and decompresses IMA ADPCM audio data.
		Driver Version	4.00

[ Microsoft PCM Converter ]

	ACM Driver Properties:
		Driver Description	Microsoft PCM Converter
		Copyright Notice	Copyright (C) 1992-1996 Microsoft Corporation
		Driver Features	Converts frequency and bits per sample of PCM audio data.
		Driver Version	5.00

Video Codecs


Driver	Version	Description
iccvid.dll	1.10.0.11	Cinepak� Codec
iyuv_32.dll	10.0.10240.16384 (th1.150709-1700)	Intel Indeo(R) Video YUV Codec
msrle32.dll	10.0.10240.16384 (th1.150709-1700)	Microsoft RLE Compressor
msvidc32.dll	10.0.10240.16384 (th1.150709-1700)	Microsoft Video 1 Compressor
msyuv.dll	10.0.10240.16384 (th1.150709-1700)	Microsoft UYVY Video Decompressor
tsbyuv.dll	10.0.10240.16384 (th1.150709-1700)	Toshiba Video Codec

MCI


[ AVIVideo ]

	MCI Device Properties:
		Device	AVIVideo
		Name	Video for Windows
		Description	Video For Windows MCI driver
		Type	Digital Video Device
		Driver	mciavi32.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Play In Reverse	Yes
		Can Record	No
		Can Save Data	No
		Can Freeze Data	No
		Can Lock Data	No
		Can Stretch Frame	Yes
		Can Stretch Input	No
		Can Test	Yes
		Audio Capable	Yes
		Video Capable	Yes
		Still Image Capable	No

[ CDAudio ]

	MCI Device Properties:
		Device	CDAudio
		Name	CD Audio
		Description	MCI driver for cdaudio devices
		Type	CD Audio Device
		Driver	mcicda.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	No
		File Based Device	No
		Can Eject	Yes
		Can Play	Yes
		Can Record	No
		Can Save Data	No
		Audio Capable	Yes
		Video Capable	No

[ MPEGVideo ]

	MCI Device Properties:
		Device	MPEGVideo
		Name	DirectShow
		Description	DirectShow MCI Driver
		Type	Digital Video Device
		Driver	mciqtz32.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Play In Reverse	No
		Can Record	No
		Can Save Data	No
		Can Freeze Data	No
		Can Lock Data	No
		Can Stretch Frame	Yes
		Can Stretch Input	No
		Can Test	Yes
		Audio Capable	Yes
		Video Capable	Yes
		Still Image Capable	No

[ Sequencer ]

	MCI Device Properties:
		Device	Sequencer
		Name	MIDI Sequencer
		Description	MCI driver for MIDI sequencer
		Type	Sequencer Device
		Driver	mciseq.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Record	No
		Can Save Data	No
		Audio Capable	Yes
		Video Capable	No

[ WaveAudio ]

	MCI Device Properties:
		Device	WaveAudio
		Name	Sound
		Description	MCI driver for waveform audio
		Type	Waveform Audio Device
		Driver	mciwave.dll
		Status	Enabled

	MCI Device Features:
		Compound Device	Yes
		File Based Device	Yes
		Can Eject	No
		Can Play	Yes
		Can Record	Yes
		Can Save Data	Yes
		Audio Capable	Yes
		Video Capable	No

SAPI


SAPI Properties:
	SAPI4 Version	-
	SAPI5 Version	5.3.18709.0

Voice (SAPI5):
	Name	Microsoft David Desktop - English (United States)
	Voice Path	C:\WINDOWS\Speech\Engines\TTS\en-US\M1033DAV
	Age	Adult
	Gender	Male
	Language	English (United States)
	Vendor	Microsoft
	Version	11.0
	DLL File	C:\Windows\SysWOW64\speech\engines\tts\MSTTSEngine.dll (x86)
	CLSID	{C64501F6-E6E6-451f-A150-25D0839BC510}

Voice (SAPI5):
	Name	Microsoft Zira Desktop - English (United States)
	Voice Path	C:\WINDOWS\Speech\Engines\TTS\en-US\M1033ZIR
	Age	Adult
	Gender	Female
	Language	English (United States)
	Vendor	Microsoft
	Version	11.0
	DLL File	C:\Windows\SysWOW64\speech\engines\tts\MSTTSEngine.dll (x86)
	CLSID	{C64501F6-E6E6-451f-A150-25D0839BC510}

Speech Recognizer (SAPI5):
	Name	Microsoft Speech Recognizer 8.0 for Windows (English - US)
	Description	Microsoft Speech Recognizer 8.0 for Windows (English - US)
	FE Config Data File	C:\WINDOWS\Speech\Engines\SR\en-US\c1033dsk.fe
	Language	English (United States); English
	Speaking Style	Discrete;Continuous
	Supported Locales	English (United States); English (Canada); English (Philippines); English
	Vendor	Microsoft
	Version	8.0
	DLL File	C:\WINDOWS\System32\Speech\Engines\SR\spsreng.dll (x64)
	CLSID	{DAC9F469-0C67-4643-9258-87EC128C5941}
	RecoExtension	{4F4DB904-CA35-4A3A-90AF-C9D8BE7532AC}

Windows Storage


[ INTEL SSDSC2BW120A4 ]

	Device Properties:
		Driver Description	INTEL SSDSC2BW120A4
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	disk.inf

	Device Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/design/flash/nand/productinformation.htm

[ TOSHIBA MQ01ABD050 ]

	Device Properties:
		Driver Description	TOSHIBA MQ01ABD050
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	disk.inf

	Disk Device Physical Info:
		Manufacturer	Toshiba
		Hard Disk Name	MQ-01ABD050
		Form Factor	2.5"
		Formatted Capacity	500 GB
		Disks	1
		Recording Surfaces	2
		Physical Dimensions	100 x 69.85 x 9.5 mm
		Max. Weight	102 g
		Average Rotational Latency	5.55 ms
		Rotational Speed	5400 RPM
		Average Seek	12 ms
		Track-To-Track Seek	2 ms
		Interface	SATA-II
		Buffer-to-Host Data Rate	300 MB/s
		Buffer Size	8 MB

	Device Manufacturer:
		Company Name	Toshiba Corp., Storage Device Division
		Product Information	http://sdd.toshiba.com

[ Intel(R) 7 Series/C216 Chipset Family SATA AHCI Controller - 1E03 ]

	Device Properties:
		Driver Description	Intel(R) 7 Series/C216 Chipset Family SATA AHCI Controller - 1E03
		Driver Date	26-8-2011
		Driver Version	9.3.0.1011
		Driver Provider	Intel
		INF File	oem1.inf

	Device Resources:
		IRQ	19
		Memory	F7D16000-F7D167FF
		Port	F060-F07F
		Port	F080-F083
		Port	F090-F097
		Port	F0A0-F0A3
		Port	F0B0-F0B7

[ Microsoft Storage Spaces Controller ]

	Device Properties:
		Driver Description	Microsoft Storage Spaces Controller
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	spaceport.inf

Logical Drives


Drive	Drive Type	File System	Total Size	Used Space	Free Space	% Free	Volume Serial
C:	Local Disk	NTFS	56359 MB	34701 MB	21658 MB	38 %	CE53-3ACA
D: (hoctap)	Local Disk	NTFS	99999 MB	66050 MB	33949 MB	34 %	1803-26C9
E: (data)	Local Disk	NTFS	376937 MB	264802 MB	112135 MB	30 %	A00D-B0F3
F:	Optical Drive

Physical Drives


[ Drive #1 - INTEL SSDSC2BW120A4 (111 GB) ]

	Partition	Partition Type	Drive	Start Offset	Partition Length
	#1	EFI System		0 MB	200 MB
	#2	Unknown (GUID: {48465300-0000-11AA-AA11-00306543ECAC})		200 MB	56826 MB
	#3	Unknown (GUID: {426F6F74-0000-11AA-AA11-00306543ECAC})		57026 MB	619 MB
	#4	MS Reserved		57647 MB	16 MB
	#5	Basic Data	C:	57663 MB	56360 MB
	#6	MS Recovery		114023 MB	450 MB

[ Drive #2 - TOSHIBA MQ01ABD050 (465 GB) ]

	Partition	Partition Type	Drive	Start Offset	Partition Length
	#1	Basic Data	D: (hoctap)	1 MB	100000 MB
	#2	Basic Data	E: (data)	100001 MB	376938 MB

ASPI


Host	ID	LUN	Device Type	Vendor	Model	Rev	Extra Information
00	00	00	Disk Drive	INTEL	SSDSC2BW120A4
00	00	00	Disk Drive	TOSHIBA	MQ01ABD050
00	07	00	Host Adapter	storahci

ATA


[ INTEL SSDSC2BW120A4 (PHDA439501XQ1207GN) ]

	ATA Device Properties:
		Model ID	INTEL SSDSC2BW120A4
		Serial Number	PHDA439501XQ1207GN
		Revision	DC32
		World Wide Name	5-5CD2E4-04BA5C17A
		Device Type	SATA-III
		Parameters	232581 cylinders, 16 heads, 63 sectors per track, 512 bytes per sector
		LBA Sectors	234441648
		Multiple Sectors	16
		ECC Bytes	0
		Max. PIO Transfer Mode	PIO 4
		Max. MWDMA Transfer Mode	MWDMA 2
		Max. UDMA Transfer Mode	UDMA 6
		Active UDMA Transfer Mode	UDMA 5
		Unformatted Capacity	114473 MB

	ATA Device Features:
		48-bit LBA	Supported
		Advanced Power Management	Supported, Enabled
		Automatic Acoustic Management	Not Supported
		Device Configuration Overlay	Not Supported
		DMA Setup Auto-Activate	Supported, Disabled
		General Purpose Logging	Supported
		Host Protected Area	Supported, Enabled
		In-Order Data Delivery	Not Supported
		Native Command Queuing	Supported
		Phy Event Counters	Supported
		Power Management	Supported, Enabled
		Power-Up In Standby	Supported, Disabled
		Read Look-Ahead	Supported, Enabled
		Release Interrupt	Not Supported
		Security Mode	Supported, Disabled
		SMART	Supported, Enabled
		SMART Error Logging	Supported
		SMART Self-Test	Supported
		Software Settings Preservation	Supported, Enabled
		Streaming	Not Supported
		Tagged Command Queuing	Not Supported
		Write Cache	Supported, Enabled

	SSD Features:
		Data Set Management	Supported
		Deterministic Read After TRIM	Supported
		TRIM Command	Supported

	ATA Device Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/design/flash/nand/productinformation.htm
		Driver Update	http://www.aida64.com/driver-updates

[ TOSHIBA MQ01ABD050 (92Q2PAQET) ]

	ATA Device Properties:
		Model ID	TOSHIBA MQ01ABD050
		Serial Number	92Q2PAQET
		Revision	AX002J
		World Wide Name	5-000039-442209A68
		Device Type	SATA-III
		Parameters	969021 cylinders, 16 heads, 63 sectors per track, 512 bytes per sector
		LBA Sectors	976773168
		Buffer	8 MB
		Multiple Sectors	16
		ECC Bytes	0
		Max. PIO Transfer Mode	PIO 4
		Max. MWDMA Transfer Mode	MWDMA 2
		Max. UDMA Transfer Mode	UDMA 5
		Active UDMA Transfer Mode	UDMA 5
		Unformatted Capacity	476940 MB
		ATA Standard	ATA8-ACS

	ATA Device Features:
		48-bit LBA	Supported
		Advanced Power Management	Supported, Enabled
		Automatic Acoustic Management	Not Supported
		Device Configuration Overlay	Supported
		DMA Setup Auto-Activate	Supported, Disabled
		General Purpose Logging	Supported
		Host Protected Area	Supported, Enabled
		In-Order Data Delivery	Not Supported
		Native Command Queuing	Supported
		Phy Event Counters	Supported
		Power Management	Supported, Enabled
		Power-Up In Standby	Not Supported
		Read Look-Ahead	Supported, Enabled
		Release Interrupt	Not Supported
		Security Mode	Supported, Disabled
		SMART	Supported, Enabled
		SMART Error Logging	Supported
		SMART Self-Test	Supported
		Software Settings Preservation	Supported, Enabled
		Streaming	Not Supported
		Tagged Command Queuing	Not Supported
		Write Cache	Supported, Enabled

	SSD Features:
		Data Set Management	Not Supported
		Deterministic Read After TRIM	Not Supported
		TRIM Command	Not Supported

	ATA Device Physical Info:
		Manufacturer	Toshiba
		Hard Disk Name	MQ-01ABD050
		Form Factor	2.5"
		Formatted Capacity	500 GB
		Disks	1
		Recording Surfaces	2
		Physical Dimensions	100 x 69.85 x 9.5 mm
		Max. Weight	102 g
		Average Rotational Latency	5.55 ms
		Rotational Speed	5400 RPM
		Average Seek	12 ms
		Track-To-Track Seek	2 ms
		Interface	SATA-II
		Buffer-to-Host Data Rate	300 MB/s
		Buffer Size	8 MB

	ATA Device Manufacturer:
		Company Name	Toshiba Corp., Storage Device Division
		Product Information	http://sdd.toshiba.com
		Driver Update	http://www.aida64.com/driver-updates

SMART


[ INTEL SSDSC2BW120A4 (PHDA439501XQ1207GN) ]

	ID	Attribute Description	Threshold	Value	Worst	Data	Status
	05	Reallocated Sector Count	0	100	100	0	OK: Always passes
	09	Power-On Time Count	0	100	100	644	OK: Always passes
	0C	Power Cycle Count	0	100	100	774	OK: Always passes
	AA	<vendor-specific>	10	100	100	0	OK: Value is normal
	AB	<vendor-specific>	0	100	100	0	OK: Always passes
	AC	<vendor-specific>	0	100	100	0	OK: Always passes
	AE	<vendor-specific>	0	100	100	19	OK: Always passes
	B7	<vendor-specific>	0	100	100	0	OK: Always passes
	B8	End-to-End Error	90	100	100	0	OK: Value is normal
	BB	Reported Uncorrectable Errors	0	100	100	0	OK: Always passes
	BE	Airflow Temperature	0	35	46	24, 46, 35	OK: Always passes
	C0	Power-Off Retract Count	0	100	100	19	OK: Always passes
	C7	Ultra ATA CRC Error Rate	0	100	100	0	OK: Always passes
	E1	Load/Unload Cycle Count	0	100	100	92732	OK: Always passes
	E2	Load-In Time	0	100	100	65535	OK: Always passes
	E3	Torque Amplification Count	0	100	100	50	OK: Always passes
	E4	Power-Off Retract Count	0	100	100	65535	OK: Always passes
	E8	<vendor-specific>	10	100	100	0	OK: Value is normal
	E9	<vendor-specific>	0	100	100	0	OK: Always passes
	F1	<vendor-specific>	0	100	100	92732	OK: Always passes
	F2	<vendor-specific>	0	100	100	91730	OK: Always passes
	F9	<vendor-specific>	0	100	100	10853	OK: Always passes

[ TOSHIBA MQ01ABD050 (92Q2PAQET) ]

	ID	Attribute Description	Threshold	Value	Worst	Data	Status
	01	Raw Read Error Rate	50	100	100	0	OK: Value is normal
	02	Throughput Performance	50	100	100	0	OK: Value is normal
	03	Spinup Time	1	100	100	1036	OK: Value is normal
	04	Start/Stop Count	0	100	100	3906	OK: Always passes
	05	Reallocated Sector Count	50	100	100	0	OK: Value is normal
	07	Seek Error Rate	50	100	100	0	OK: Value is normal
	08	Seek Time Performance	50	100	100	0	OK: Value is normal
	09	Power-On Time Count	0	87	87	5415	OK: Always passes
	0A	Spinup Retry Count	30	177	100	0	OK: Value is normal
	0C	Power Cycle Count	0	100	100	3157	OK: Always passes
	BF	Mechanical Shock	0	100	100	144	OK: Always passes
	C0	Power-Off Retract Count	0	99	99	528	OK: Always passes
	C1	Load/Unload Cycle Count	0	97	97	36137	OK: Always passes
	C2	Temperature	0	100	100	51, 22, 30	OK: Always passes
	C4	Reallocation Event Count	0	100	100	0	OK: Always passes
	C5	Current Pending Sector Count	0	100	100	8	OK: Always passes
	C6	Offline Uncorrectable Sector Count	0	100	100	0	OK: Always passes
	C7	Ultra ATA CRC Error Rate	0	200	200	0	OK: Always passes
	DC	Disk Shift	0	100	100	0	OK: Always passes
	DE	Loaded Hours	0	91	91	3845	OK: Always passes
	DF	Load/Unload Retry Count	0	100	100	0	OK: Always passes
	E0	Load Friction	0	100	100	0	OK: Always passes
	E2	Load-In Time	0	100	100	255	OK: Always passes
	F0	Head Flying Hours	1	100	100	0	OK: Value is normal

Windows Network


[ Bluetooth Device (Personal Area Network) ]

	Network Adapter Properties:
		Network Adapter	Bluetooth Device (Personal Area Network)
		Interface Type	Bluetooth Ethernet
		Hardware Address	74-2F-68-35-DF-99
		Connection Name	Bluetooth Network Connection
		Connection Speed	3 Mbps
		MTU	1500 bytes
		Bytes Received	0
		Bytes Sent	0

[ Microsoft Wi-Fi Direct Virtual Adapter ]

	Network Adapter Properties:
		Network Adapter	Microsoft Wi-Fi Direct Virtual Adapter
		Interface Type	802.11 Wireless Ethernet
		Hardware Address	16-2F-68-38-E4-62
		Connection Name	Local Area Connection* 2
		MTU	1500 bytes
		Bytes Received	0
		Bytes Sent	0

[ Qualcomm Atheros AR9002WB-1NG Wireless Network Adapter ]

	Network Adapter Properties:
		Network Adapter	Qualcomm Atheros AR9002WB-1NG Wireless Network Adapter
		Interface Type	802.11 Wireless Ethernet
		Hardware Address	74-2F-68-38-E4-62
		Connection Name	Wi-Fi
		Connection Speed	150 Mbps
		MTU	1500 bytes
		Bytes Received	2352179306 (2243.2 MB)
		Bytes Sent	111054255 (105.9 MB)

	Network Adapter Addresses:
		Gateway	192.168.1.1
		DNS	8.8.8.8
		DNS	8.8.4.4

[ Realtek PCIe GBE Family Controller ]

	Network Adapter Properties:
		Network Adapter	Realtek PCIe GBE Family Controller
		Interface Type	Ethernet
		Hardware Address	08-60-6E-8C-F3-D8
		Connection Name	Ethernet
		MTU	1500 bytes
		Bytes Received	0
		Bytes Sent	0

	Network Adapter Manufacturer:
		Company Name	Realtek Semiconductor Corp.
		Product Information	http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=7&PFid=10&Level=3&Conn=2
		Driver Download	http://www.realtek.com.tw/downloads
		Driver Update	http://www.aida64.com/driver-updates

PCI / PnP Network


		Device Description	Type
		Atheros AR9285 802.11b/g/n Wireless Network Adapter	PCI
		Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter	PCI

IAM


[ Microsoft Communities ]

	Account Properties:
		Account Name	Microsoft Communities
		Account ID	account{B5CFD6E6-98CA-4E9D-8B89-05B439FB7405}.oeaccount
		Account Type	News (Default)
		Application Name	Microsoft Windows Mail
		Connection Name	Not Specified (IE Default)
		NNTP Server	msnews.microsoft.com

	Account Features:
		NNTP Prompt For Password	No
		NNTP Secure Authentication	No
		NNTP Secure Connection	No
		NNTP Use Group Descriptions	No
		NNTP Post Using Plain Text Format	No
		NNTP Post Using HTML Format	No

[ Active Directory ]

	Account Properties:
		Account Name	Active Directory
		Account ID	account{918BA2FF-98C8-425A-9D3B-CB37680F11CD}.oeaccount
		Account Type	LDAP
		Application Name	Microsoft Windows Mail
		Connection Name	Not Specified (IE Default)
		LDAP Server	NULL:3268
		LDAP User Name	NULL
		LDAP Search Base	NULL
		LDAP Search Timeout	1 min

	Account Features:
		LDAP Authentication Required	Yes
		LDAP Secure Authentication	Yes
		LDAP Secure Connection	No
		LDAP Simple Search Filter	No

[ VeriSign Internet Directory Service ]

	Account Properties:
		Account Name	VeriSign Internet Directory Service
		Account ID	account{F52E6761-44E4-4C2E-A426-221BAEAA7D7C}.oeaccount
		Account Type	LDAP
		Application Name	Microsoft Windows Mail
		Connection Name	Not Specified (IE Default)
		LDAP Server	directory.verisign.com
		LDAP URL	http://www.verisign.com
		LDAP Search Base	NULL
		LDAP Search Timeout	1 min

	Account Features:
		LDAP Authentication Required	No
		LDAP Secure Authentication	No
		LDAP Secure Connection	No
		LDAP Simple Search Filter	Yes

Internet


Internet Settings:
	Start Page	http://www.google.com/
	Search Page	http://go.microsoft.com/fwlink/?LinkId=54896
	Local Page	C:\Windows\system32\blank.htm
	Download Folder

Current Proxy:
	Proxy Status	Disabled

LAN Proxy:
	Proxy Status	Disabled

Routes


Type	Net Destination	Netmask	Gateway	Metric	Interface
Active	127.0.0.0	255.0.0.0	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	127.0.0.1	255.255.255.255	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	127.255.255.255	255.255.255.255	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	224.0.0.0	240.0.0.0	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)
Active	255.255.255.255	255.255.255.255	127.0.0.1	306	127.0.0.1 (Software Loopback Interface 1)

IE Cookie


		Last Access	URL
		2015-09-21 15:23:37	truong@col402-m.hotmail.com/
		2015-09-21 15:26:24	truong@skype.com/
		2015-09-21 15:26:25	truong@~~local~~/
		2015-09-21 15:26:25	truong@~~local~~/C:/Users/Truong/AppData/Local/Skype/Apps/login/
		2015-09-21 15:31:32	truong@apps.skypeassets.com/
		2015-09-21 15:31:32	truong@skypeassets.com/
		2015-09-25 14:51:12	truong@microsoft.com/
		2015-09-25 22:52:57	truong@127.0.0.1/

Browser History


		Last Access	URL
		2015-09-20 22:53:55	Truong@file:///E:/Download/Video/Private/linhtinh/old/a1505191.avi
		2015-09-20 22:54:03	Truong@file:///E:/Download/Video/Private/linhtinh/Nerdy%20girl%20with%20glasses%20on%20the%20Case!%20-%20Teen%20sex%20video%20-%20Tube8.com.mp4
		2015-09-20 22:55:04	Truong@file:///E:/Download/Video/Download%20phim%20Em%20H,%20y%20ta%20BV%20Hoan%20My%20full.mp4
		2015-09-20 22:55:07	Truong@http://www.kmplayer.com/down/kmpup.htm
		2015-09-20 22:55:08	Truong@about:blank
		2015-09-20 22:55:08	Truong@http://forums.kmplayer.com/down/kmpup.htm
		2015-09-20 22:55:08	Truong@http://log.kmplayer.com/KMP20?cate01=a03&cate02=a02&cate03=
		2015-09-21 15:19:45	Truong@file:///C:/Users/Truong/Pictures/IMG_20141109_180955.jpg
		2015-09-21 22:16:24	Truong@https://nydus.battle.net/App/enUS/client/account/create?targetRegion=US
		2015-09-21 22:49:43	Truong@file:///E:/Download/Video/em%20th_aacute;_ordm;_pound;o%20t_acirc;y%20xinh%20nh_AElig;_deg;%20m_aacute;_raquo;_trade;ng%20ch_aacute;t%20sex%204%20-%20XNXX.COM.flv
		2015-09-21 22:50:23	Truong@file:///E:/Download/Video/vn%20346%20-%20XNXX.COM.flv
		2015-09-21 22:53:56	Truong@file:///E:/Download/Video/VID-20150501-WA0000%20-%20XNXX.COM.flv
		2015-09-21 22:54:26	Truong@file:///E:/Download/Video/Private
		2015-09-24 11:53:44	Truong@file:///E:/Download/Video/Private/AsianScandal.Net%20B343%20-%20XNXX.COM.flv
		2015-09-24 11:54:38	Truong@file:///E:/Download/Video/Private/Tiny%20japanese%20girl%20fucked%20by%20huge%20black%20guy%20-%20XNXX.COM.flv
		2015-09-24 11:55:27	Truong@file:///E:/Download/Video/Private/Sexual%20foursome%20sex%20-%20XNXX.COM.flv
		2015-09-24 11:59:33	Truong@file:///E:/Download/Video/Private/pisshhunters%20pee%208524%20jo%20-%20XNXX.COM.flv
		2015-09-24 12:00:41	Truong@file:///E:/Download/Video/Private/Homemade%20Amateur%20Sextape%20-%20XNXX.COM_2.flv
		2015-09-25 22:45:17	Truong@file:///E:/Download/Video/Private/Big%20Tits%20Japanese%20Girl%20Get%20Banged%20Hardcore%20clip-06%20-%20XNXX.COM.FLV
		2015-09-25 22:45:52	Truong@file:///E:/Download/Video/Private/fucking%20Tegan%20fleshlight%20-%20XNXX.COM.flv
		2015-09-25 22:46:30	Truong@file:///E:/Download/Video/Private/gangbang%20no%20mato%20-%20XNXX.COM.flv
		2015-09-25 22:51:35	Truong@file:///E:/Download/Video/Private/Hardcore%20prison%20sex%20from%20tokyo%20-%20XNXX.COM.flv
		2015-09-25 22:51:45	Truong@file:///E:/Download/Video/Private/high%20school%20iniyot%20ng%20pulis%20-%20XNXX.COM.FLV
		2015-09-25 22:52:56	Truong@file:///E:/Download/Video/Private/Homemade%20Amateur%20Sextape%20-%20XNXX.COM.flv
		2015-09-25 22:52:57	Truong@http://127.0.0.1:65156/EXECLOG?version=3.6.0.0
		2015-09-26 17:59:50	Truong@file:///E:/Soft/AIDA64%20Extreme%20Edition%202.80.2300%20Final

DirectX Files


Name	Version	Type	Language	Size	Date
amstream.dll	6.02.10240.16384	Final Retail	English	82944	10-7-2015 6:00:28 PM
bdaplgin.ax	6.02.10240.16384	Final Retail	English	78336	10-7-2015 6:01:12 PM
d3d8.dll	6.02.10240.16384	Final Retail	English	1074176	10-7-2015 6:00:34 PM
d3d8thk.dll	6.02.10240.16384	Final Retail	English	12800	10-7-2015 6:00:34 PM
d3d9.dll	6.02.10240.16412	Final Retail	English	1867160	30-7-2015 11:26:17 AM
d3dim.dll	6.02.10240.16384	Final Retail	English	402432	10-7-2015 6:00:34 PM
d3dim700.dll	6.02.10240.16384	Final Retail	English	889856	10-7-2015 6:00:34 PM
d3dramp.dll	6.02.10240.16384	Final Retail	English	595456	10-7-2015 6:00:34 PM
d3dxof.dll	6.02.10240.16384	Final Retail	English	58880	10-7-2015 6:00:34 PM
ddraw.dll	6.02.10240.16384	Final Retail	English	536064	10-7-2015 6:00:34 PM
ddrawex.dll	6.02.10240.16384	Final Retail	English	39936	10-7-2015 6:00:34 PM
devenum.dll	6.02.10240.16384	Final Retail	English	82104	10-7-2015 6:00:28 PM
dinput.dll	6.02.10240.16384	Final Retail	English	136192	10-7-2015 6:00:31 PM
dinput8.dll	6.02.10240.16384	Final Retail	English	172032	10-7-2015 6:00:31 PM
dmband.dll	6.02.10240.16384	Final Retail	English	35328	10-7-2015 6:00:23 PM
dmcompos.dll	6.02.10240.16384	Final Retail	English	75776	10-7-2015 6:00:23 PM
dmime.dll	6.02.10240.16384	Final Retail	English	206848	10-7-2015 6:00:23 PM
dmloader.dll	6.02.10240.16384	Final Retail	English	43008	10-7-2015 6:00:23 PM
dmscript.dll	6.02.10240.16384	Final Retail	English	96256	10-7-2015 6:00:23 PM
dmstyle.dll	6.02.10240.16384	Final Retail	English	121856	10-7-2015 6:00:23 PM
dmsynth.dll	6.02.10240.16384	Final Retail	English	114688	10-7-2015 6:00:23 PM
dmusic.dll	6.02.10240.16384	Final Retail	English	113664	10-7-2015 6:00:23 PM
dplaysvr.exe	10.00.10240.16384	Final Retail	English	8192	10-7-2015 6:00:31 PM
dplayx.dll	10.00.10240.16384	Final Retail	English	8192	10-7-2015 6:00:31 PM
dpmodemx.dll	10.00.10240.16384	Final Retail	English	8192	10-7-2015 6:00:31 PM
dpnaddr.dll	10.00.10240.16384	Final Retail	English	8192	10-7-2015 6:00:31 PM
dpnet.dll	10.00.10240.16384	Final Retail	English	8192	10-7-2015 6:00:31 PM
dpnhpast.dll	10.00.10240.16384	Final Retail	English	8192	10-7-2015 6:00:31 PM
dpnhupnp.dll	10.00.10240.16384	Final Retail	English	8192	10-7-2015 6:00:31 PM
dpnlobby.dll	10.00.10240.16384	Final Retail	English	8192	10-7-2015 6:00:31 PM
dpnsvr.exe	10.00.10240.16384	Final Retail	English	8192	10-7-2015 6:00:31 PM
dpwsockx.dll	10.00.10240.16384	Final Retail	English	8192	10-7-2015 6:00:31 PM
dsdmo.dll	6.02.10240.16384	Final Retail	English	186880	10-7-2015 6:00:28 PM
dsound.dll	6.02.10240.16384	Final Retail	English	527360	10-7-2015 6:00:28 PM
dswave.dll	6.02.10240.16384	Final Retail	English	24064	10-7-2015 6:00:23 PM
dxdiagn.dll	6.02.10240.16384	Final Retail	English	272896	10-7-2015 6:00:34 PM
dxmasf.dll	12.00.10240.16384	Final Retail	English	4608	10-7-2015 6:01:37 PM
encapi.dll	6.02.10240.16384	Final Retail	English	22016	10-7-2015 6:00:28 PM
gcdef.dll	6.02.10240.16384	Final Retail	English	123904	10-7-2015 6:00:31 PM
iac25_32.ax	2.00.0005.0053	Final Retail	English	197632	10-7-2015 6:00:23 PM
ir41_32.ax	6.02.10240.16384	Final Retail	English	9216	10-7-2015 6:00:23 PM
ir41_qc.dll	6.02.10240.16384	Final Retail	English	9216	10-7-2015 6:00:23 PM
ir41_qcx.dll	6.02.10240.16384	Final Retail	English	9216	10-7-2015 6:00:23 PM
ir50_32.dll	6.02.10240.16384	Final Retail	English	9216	10-7-2015 6:00:23 PM
ir50_qc.dll	6.02.10240.16384	Final Retail	English	9216	10-7-2015 6:00:23 PM
ir50_qcx.dll	6.02.10240.16384	Final Retail	English	9216	10-7-2015 6:00:23 PM
ivfsrc.ax	5.10.0002.0051	Final Retail	English	146944	10-7-2015 6:00:23 PM
joy.cpl	6.02.10240.16384	Final Retail	English	137216	10-7-2015 6:00:31 PM
ksproxy.ax	6.02.10240.16384	Final Retail	English	235008	10-7-2015 6:00:28 PM
kstvtune.ax	6.02.10240.16384	Final Retail	English	93696	10-7-2015 6:01:12 PM
ksuser.dll	6.02.10240.16384	Final Retail	English	19136	10-7-2015 6:00:28 PM
kswdmcap.ax	6.02.10240.16384	Final Retail	English	118784	10-7-2015 6:00:28 PM
ksxbar.ax	6.02.10240.16384	Final Retail	English	57856	10-7-2015 6:01:12 PM
mciqtz32.dll	6.02.10240.16384	Final Retail	English	39936	10-7-2015 6:00:28 PM
mfc40.dll	4.01.0000.6140	Final Retail	English	924944	10-7-2015 6:00:27 PM
mfc42.dll	6.06.8063.0000	Beta Retail	English	1206784	10-7-2015 6:00:27 PM
mpeg2data.ax	6.02.10240.16384	Final Retail	English	82944	10-7-2015 6:01:12 PM
mpg2splt.ax	6.02.10240.16384	Final Retail	English	221696	10-7-2015 6:00:31 PM
msdmo.dll	6.02.10240.16384	Final Retail	English	28424	10-7-2015 6:00:28 PM
msdvbnp.ax	6.02.10240.16384	Final Retail	English	72192	10-7-2015 6:01:12 PM
msvidctl.dll	6.05.10240.16384	Final Retail	English	2362368	10-7-2015 6:01:12 PM
msyuv.dll	6.02.10240.16384	Final Retail	English	23552	10-7-2015 6:00:28 PM
pid.dll	6.02.10240.16384	Final Retail	English	37888	10-7-2015 6:00:31 PM
psisdecd.dll	6.02.10240.16384	Final Retail	English	499200	10-7-2015 6:01:12 PM
psisrndr.ax	6.02.10240.16384	Final Retail	English	87552	10-7-2015 6:01:12 PM
qasf.dll	12.00.10240.16384	Final Retail	English	236544	10-7-2015 6:00:31 PM
qcap.dll	6.02.10240.16384	Final Retail	English	218624	10-7-2015 6:00:28 PM
qdv.dll	6.02.10240.16384	Final Retail	English	296960	10-7-2015 6:00:28 PM
qdvd.dll	6.02.10240.16384	Final Retail	English	563200	10-7-2015 6:00:28 PM
qedit.dll	6.02.10240.16384	Final Retail	English	573440	10-7-2015 6:01:12 PM
qedwipes.dll	6.02.10240.16384	Final Retail	English	734208	10-7-2015 6:01:12 PM
quartz.dll	6.02.10240.16384	Final Retail	English	1541632	10-7-2015 6:00:28 PM
vbisurf.ax	6.02.10240.16384	Final Retail	English	40960	10-7-2015 6:01:12 PM
vfwwdm32.dll	6.02.10240.16384	Final Retail	English	58880	10-7-2015 6:00:28 PM
wsock32.dll	6.02.10240.16384	Final Retail	English	16384	10-7-2015 6:00:32 PM

DirectX Video


[ Primary Display Driver ]

	DirectDraw Device Properties:
		DirectDraw Driver Name	display
		DirectDraw Driver Description	Primary Display Driver
		Hardware Driver	igdumdim32.dll (10.18.10.4252)
		Hardware Description	Intel(R) HD Graphics 4000

	Direct3D Device Properties:
		Rendering Bit Depths	16, 32
		Z-Buffer Bit Depths	16, 24, 32
		Multisample Anti-Aliasing Modes	MSAA 2x, MSAA 4x, MSAA 8x
		Min Texture Size	1 x 1
		Max Texture Size	8192 x 8192
		Unified Shader Version	5.0
		DirectX Hardware Support	DirectX v11.0

	Direct3D Device Features:
		Additive Texture Blending	Supported
		AGP Texturing	Not Supported
		Anisotropic Filtering	Supported
		Automatic Mipmap Generation	Supported
		Bilinear Filtering	Supported
		Compute Shader	Supported
		Cubic Environment Mapping	Supported
		Cubic Filtering	Not Supported
		Decal-Alpha Texture Blending	Supported
		Decal Texture Blending	Supported
		DirectX Texture Compression	Not Supported
		DirectX Volumetric Texture Compression	Not Supported
		Dithering	Supported
		Dot3 Texture Blending	Supported
		Double-Precision Floating-Point	Supported
		Driver Concurrent Creates	Supported
		Driver Command Lists	Not Supported
		Dynamic Textures	Supported
		Edge Anti-Aliasing	Not Supported
		Environmental Bump Mapping	Supported
		Environmental Bump Mapping + Luminance	Supported
		Factor Alpha Blending	Supported
		Geometric Hidden-Surface Removal	Not Supported
		Geometry Shader	Supported
		Guard Band	Supported
		Hardware Scene Rasterization	Supported
		Hardware Transform & Lighting	Supported
		Legacy Depth Bias	Supported
		Mipmap LOD Bias Adjustments	Supported
		Mipmapped Cube Textures	Supported
		Mipmapped Volume Textures	Supported
		Modulate-Alpha Texture Blending	Supported
		Modulate Texture Blending	Supported
		Non-Square Textures	Supported
		N-Patches	Not Supported
		Perspective Texture Correction	Supported
		Point Sampling	Supported
		Projective Textures	Not Supported
		Quintic Bezier Curves & B-Splines	Not Supported
		Range-Based Fog	Not Supported
		Rectangular & Triangular Patches	Not Supported
		Rendering In Windowed Mode	Supported
		Scissor Test	Supported
		Slope-Scale Based Depth Bias	Supported
		Specular Flat Shading	Supported
		Specular Gouraud Shading	Supported
		Specular Phong Shading	Not Supported
		Spherical Mapping	Supported
		Stencil Buffers	Supported
		Sub-Pixel Accuracy	Supported
		Subtractive Texture Blending	Supported
		Table Fog	Supported
		Texture Alpha Blending	Supported
		Texture Clamping	Supported
		Texture Mirroring	Supported
		Texture Transparency	Supported
		Texture Wrapping	Supported
		Triangle Culling	Not Supported
		Trilinear Filtering	Supported
		Two-Sided Stencil Test	Supported
		Vertex Alpha Blending	Supported
		Vertex Fog	Supported
		Vertex Tweening	Supported
		Volume Textures	Supported
		W-Based Fog	Supported
		W-Buffering	Not Supported
		Z-Based Fog	Supported
		Z-Bias	Supported
		Z-Test	Supported

	Supported FourCC Codes:
		AI44	Supported
		AYUV	Supported
		I420	Supported
		IA44	Supported
		IMC1	Supported
		IMC2	Supported
		IMC3	Supported
		IMC4	Supported
		IYUV	Supported
		NV11	Supported
		NV12	Supported
		P208	Supported
		UYVY	Supported
		VYUY	Supported
		YUY2	Supported
		YV12	Supported
		YVU9	Supported
		YVYU	Supported

	Video Adapter Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

DirectX Sound


[ Primary Sound Driver ]

	DirectSound Device Properties:
		Device Description	Primary Sound Driver
		Driver Module
		Primary Buffers	1
		Min / Max Secondary Buffers Sample Rate	100 / 200000 Hz
		Primary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Secondary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Total / Free Sound Buffers	1 / 0
		Total / Free Static Sound Buffers	1 / 0
		Total / Free Streaming Sound Buffers	1 / 0
		Total / Free 3D Sound Buffers	0 / 0
		Total / Free 3D Static Sound Buffers	0 / 0
		Total / Free 3D Streaming Sound Buffers	0 / 0

	DirectSound Device Features:
		Certified Driver	No
		Emulated Device	No
		Precise Sample Rate	Supported
		DirectSound3D	Not Supported
		Creative EAX 1.0	Not Supported
		Creative EAX 2.0	Not Supported
		Creative EAX 3.0	Not Supported
		Creative EAX 4.0	Not Supported
		Creative EAX 5.0	Not Supported
		I3DL2	Not Supported
		Sensaura ZoomFX	Not Supported

[ Speakers (Realtek High Definition Audio) ]

	DirectSound Device Properties:
		Device Description	Speakers (Realtek High Definition Audio)
		Driver Module	{0.0.0.00000000}.{0d022605-bad1-41a3-a4f5-419f25a5f334}
		Primary Buffers	1
		Min / Max Secondary Buffers Sample Rate	100 / 200000 Hz
		Primary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Secondary Buffers Sound Formats	8-bit, 16-bit, Mono, Stereo
		Total / Free Sound Buffers	1 / 0
		Total / Free Static Sound Buffers	1 / 0
		Total / Free Streaming Sound Buffers	1 / 0
		Total / Free 3D Sound Buffers	0 / 0
		Total / Free 3D Static Sound Buffers	0 / 0
		Total / Free 3D Streaming Sound Buffers	0 / 0

	DirectSound Device Features:
		Certified Driver	No
		Emulated Device	No
		Precise Sample Rate	Supported
		DirectSound3D	Not Supported
		Creative EAX 1.0	Not Supported
		Creative EAX 2.0	Not Supported
		Creative EAX 3.0	Not Supported
		Creative EAX 4.0	Not Supported
		Creative EAX 5.0	Not Supported
		I3DL2	Not Supported
		Sensaura ZoomFX	Not Supported

DirectX Input


[ Mouse ]

	DirectInput Device Properties:
		Device Description	Mouse
		Device Type	Unknown
		Device Subtype	Unknown
		Axes	3
		Buttons/Keys	8

	DirectInput Device Features:
		Emulated Device	Yes
		Alias Device	No
		Polled Device	No
		Polled Data Format	No
		Attack Force Feedback	Not Supported
		Deadband Force Feedback	Not Supported
		Fade Force Feedback	Not Supported
		Force Feedback	Not Supported
		Saturation Force Feedback	Not Supported
		+/- Force Feedback Coefficients	Not Supported
		+/- Force Feedback Saturation	Not Supported

[ Keyboard ]

	DirectInput Device Properties:
		Device Description	Keyboard
		Device Type	Unknown
		Device Subtype	Unknown
		Buttons/Keys	128

	DirectInput Device Features:
		Emulated Device	Yes
		Alias Device	No
		Polled Device	No
		Polled Data Format	No
		Attack Force Feedback	Not Supported
		Deadband Force Feedback	Not Supported
		Fade Force Feedback	Not Supported
		Force Feedback	Not Supported
		Saturation Force Feedback	Not Supported
		+/- Force Feedback Coefficients	Not Supported
		+/- Force Feedback Saturation	Not Supported

[ ASUS Wireless Radio Control ]

	DirectInput Device Properties:
		Device Description	ASUS Wireless Radio Control
		Device Type	Unknown
		Device Subtype	Unknown
		Buttons/Keys	1

	DirectInput Device Features:
		Emulated Device	Yes
		Alias Device	No
		Polled Device	No
		Polled Data Format	No
		Attack Force Feedback	Not Supported
		Deadband Force Feedback	Not Supported
		Fade Force Feedback	Not Supported
		Force Feedback	Not Supported
		Saturation Force Feedback	Not Supported
		+/- Force Feedback Coefficients	Not Supported
		+/- Force Feedback Saturation	Not Supported

[ USB Mouse ]

	DirectInput Device Properties:
		Device Description	USB Mouse
		Device Type	Unknown
		Device Subtype	Unknown

	DirectInput Device Features:
		Emulated Device	Yes
		Alias Device	No
		Polled Device	No
		Polled Data Format	No
		Attack Force Feedback	Not Supported
		Deadband Force Feedback	Not Supported
		Fade Force Feedback	Not Supported
		Force Feedback	Not Supported
		Saturation Force Feedback	Not Supported
		+/- Force Feedback Coefficients	Not Supported
		+/- Force Feedback Saturation	Not Supported

Windows Devices


[ Devices ]

	Audio inputs and outputs:
		Microphone (Realtek High Definition Audio)	10.0.10240.16384
		Speakers (Realtek High Definition Audio)	10.0.10240.16384

	Batteries:
		Microsoft AC Adapter	10.0.10240.16384
		Microsoft ACPI-Compliant Control Method Battery	10.0.10240.16384

	Bluetooth:
		Audio Source Service	10.0.10240.16463
		AV Remote Target Service	10.0.10240.16463
		Bluetooth Module	8.0.1.244
		Handsfree Audio Gateway Service	10.0.10240.16463
		Headset Audio Gateway Service	10.0.10240.16463
		IM-A870	10.0.10240.16463
		Microsoft Bluetooth Enumerator	10.0.10240.16463
		Obex File Transfer Service	10.0.10240.16463
		Object Push Service	10.0.10240.16463
		Personal Area Network NAP Service	10.0.10240.16463
		Phonebook Access Pse Service	10.0.10240.16463

	Computer:
		ACPI x64-based PC	10.0.10240.16384

	Disk drives:
		INTEL SSDSC2BW120A4	10.0.10240.16384
		TOSHIBA MQ01ABD050	10.0.10240.16384

	Display adapters:
		Intel(R) HD Graphics 4000	10.18.10.4252

	Human Interface Devices:
		HID-compliant vendor-defined device	10.0.10240.16384
		HID-compliant wireless radio controls	10.0.10240.16384
		IM-A870 Audio/Video Remote Control HID	10.0.10240.16384
		USB Input Device	10.0.10240.16384

	IDE ATA/ATAPI controllers:
		Intel(R) 7 Series/C216 Chipset Family SATA AHCI Controller - 1E03	9.3.0.1011

	Imaging devices:
		USB2.0 UVC HD Webcam	10.0.10240.16384

	Keyboards:
		Keyboard Device Filter	1.0.0.5

	Mice and other pointing devices:
		ASUS Touchpad	1.0.0.262
		HID-compliant mouse	10.0.10240.16384

	Monitors:
		Generic PnP Monitor	10.0.10240.16384

	Network adapters:
		Bluetooth Device (Personal Area Network)	10.0.10240.16384
		Bluetooth Device (RFCOMM Protocol TDI)	10.0.10240.16384
		Microsoft Kernel Debug Network Adapter	10.0.10240.16384
		Microsoft Teredo Tunneling Adapter	10.0.10240.16384
		Microsoft Wi-Fi Direct Virtual Adapter	10.0.10240.16384
		Qualcomm Atheros AR9002WB-1NG Wireless Network Adapter	10.0.0.260
		Realtek PCIe GBE Family Controller	9.1.401.2015

	Print queues:
		Fax	10.0.10240.16384
		Microsoft Print to PDF	10.0.10240.16384
		Microsoft XPS Document Writer	10.0.10240.16384
		Root Print Queue	10.0.10240.16384

	Processors:
		Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz	10.0.10240.16384
		Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz	10.0.10240.16384
		Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz	10.0.10240.16384
		Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz	10.0.10240.16384

	Software devices:
		Bluetooth	10.0.10240.16384
		Microsoft Device Association Root Enumerator	10.0.10240.16384
		Microsoft GS Wavetable Synth	10.0.10240.16384
		Microsoft IPv4 IPv6 Transition Adapter Bus	10.0.10240.16384
		Microsoft Radio Device Enumeration Bus	10.0.10240.16384
		Wi-Fi	10.0.10240.16384

	Sound, video and game controllers:
		Intel(R) Display Audio	6.16.0.3123
		Realtek High Definition Audio	6.0.1.6657

	Storage controllers:
		Microsoft Storage Spaces Controller	10.0.10240.16384

	Storage volumes:
		Generic volume	10.0.10240.16384
		Generic volume	10.0.10240.16384
		Generic volume	10.0.10240.16384
		Generic volume	10.0.10240.16384
		Generic volume	10.0.10240.16384
		Generic volume	10.0.10240.16384
		Generic volume	10.0.10240.16384
		Generic volume	10.0.10240.16384

	System devices:
		ACPI Fan	10.0.10240.16384
		ACPI Fan	10.0.10240.16384
		ACPI Fan	10.0.10240.16384
		ACPI Fan	10.0.10240.16384
		ACPI Fan	10.0.10240.16384
		ACPI Fixed Feature Button	10.0.10240.16384
		ACPI Lid	10.0.10240.16384
		ACPI Power Button	10.0.10240.16384
		ACPI Sleep Button	10.0.10240.16384
		ACPI Thermal Zone	10.0.10240.16384
		ACPI Thermal Zone	10.0.10240.16384
		ASUS Wireless Radio Control	1.0.0.3
		Composite Bus Enumerator	10.0.10240.16384
		Direct memory access controller	10.0.10240.16384
		High Definition Audio Controller	10.0.10240.16384
		High precision event timer	10.0.10240.16384
		Intel(R) Management Engine Interface	8.1.0.1263
		IWD Bus Enumerator	4.5.61.0
		Legacy device	10.0.10240.16384
		LPC Controller	10.0.10240.16384
		Memory Controller	10.0.10240.16384
		Microsoft ACPI-Compliant Embedded Controller	10.0.10240.16384
		Microsoft ACPI-Compliant System	10.0.10240.16397
		Microsoft Basic Display Driver	10.0.10240.16384
		Microsoft Basic Render Driver	10.0.10240.16384
		Microsoft System Management BIOS Driver	10.0.10240.16384
		Microsoft Virtual Drive Enumerator	10.0.10240.16384
		Microsoft Windows Management Interface for ACPI	10.0.10240.16384
		Motherboard resources	10.0.10240.16384
		Motherboard resources	10.0.10240.16384
		Motherboard resources	10.0.10240.16384
		Motherboard resources	10.0.10240.16384
		Motherboard resources	10.0.10240.16384
		NDIS Virtual Network Adapter Enumerator	10.0.10240.16384
		Numeric data processor	10.0.10240.16384
		PCI Express Root Complex	10.0.10240.16390
		PCI-to-PCI Bridge	10.0.10240.16390
		PCI-to-PCI Bridge	10.0.10240.16390
		PCI-to-PCI Bridge	10.0.10240.16390
		Plug and Play Software Device Enumerator	10.0.10240.16384
		Programmable interrupt controller	10.0.10240.16384
		Remote Desktop Device Redirector Bus	10.0.10240.16384
		Synaptics SMBus Driver	19.0.9.5
		System board	10.0.10240.16384
		System board	10.0.10240.16384
		System CMOS/real time clock	10.0.10240.16384
		System timer	10.0.10240.16384
		UMBus Root Bus Enumerator	10.0.10240.16384
		Volume Manager	10.0.10240.16384

	Universal Serial Bus controllers:
		Generic USB Hub	10.0.10240.16384
		Generic USB Hub	10.0.10240.16384
		Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26	10.0.10240.16401
		Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D	10.0.10240.16401
		Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)	10.0.10240.16461
		Realtek USB 2.0 Card Reader	10.0.10125.31214
		USB Composite Device	10.0.10240.16384
		USB Root Hub (xHCI)	10.0.10240.16425
		USB Root Hub	10.0.10240.16401
		USB Root Hub	10.0.10240.16401

	Unknown:
		Bluetooth Peripheral Device
		Bluetooth Peripheral Device
		MAP SMS/MMS
		Unknown

[ Audio inputs and outputs / Microphone (Realtek High Definition Audio) ]

	Device Properties:
		Driver Description	Microphone (Realtek High Definition Audio)
		Driver Date	9-7-2015
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	audioendpoint.inf
		Hardware ID	MMDEVAPI\AudioEndpoints

[ Audio inputs and outputs / Speakers (Realtek High Definition Audio) ]

	Device Properties:
		Driver Description	Speakers (Realtek High Definition Audio)
		Driver Date	9-7-2015
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	audioendpoint.inf
		Hardware ID	MMDEVAPI\AudioEndpoints

[ Batteries / Microsoft AC Adapter ]

	Device Properties:
		Driver Description	Microsoft AC Adapter
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	cmbatt.inf
		Hardware ID	ACPI\VEN_ACPI&DEV_0003

[ Batteries / Microsoft ACPI-Compliant Control Method Battery ]

	Device Properties:
		Driver Description	Microsoft ACPI-Compliant Control Method Battery
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	cmbatt.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C0A

[ Bluetooth / Audio Source Service ]

	Device Properties:
		Driver Description	Audio Source Service
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16463
		Driver Provider	Microsoft
		INF File	bth.inf
		Hardware ID	BTHENUM\{0000110a-0000-1000-8000-00805f9b34fb}_LOCALMFG&0045

[ Bluetooth / AV Remote Target Service ]

	Device Properties:
		Driver Description	AV Remote Target Service
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16463
		Driver Provider	Microsoft
		INF File	bth.inf
		Hardware ID	BTHENUM\{0000110c-0000-1000-8000-00805f9b34fb}_LOCALMFG&0045

[ Bluetooth / Bluetooth Module ]

	Device Properties:
		Driver Description	Bluetooth Module
		Driver Date	31-7-2013
		Driver Version	8.0.1.244
		Driver Provider	Qualcomm Atheros Communications
		INF File	oem24.inf
		Hardware ID	USB\VID_13D3&PID_3304&REV_0001
		Location Information	Port_#0003.Hub_#0004

[ Bluetooth / Handsfree Audio Gateway Service ]

	Device Properties:
		Driver Description	Handsfree Audio Gateway Service
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16463
		Driver Provider	Microsoft
		INF File	bth.inf
		Hardware ID	BTHENUM\{0000111f-0000-1000-8000-00805f9b34fb}_LOCALMFG&0045

[ Bluetooth / Headset Audio Gateway Service ]

	Device Properties:
		Driver Description	Headset Audio Gateway Service
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16463
		Driver Provider	Microsoft
		INF File	bth.inf
		Hardware ID	BTHENUM\{00001112-0000-1000-8000-00805f9b34fb}_LOCALMFG&0045

[ Bluetooth / IM-A870 ]

	Device Properties:
		Driver Description	IM-A870
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16463
		Driver Provider	Microsoft
		INF File	bth.inf
		Hardware ID	BTHENUM\Dev_000FE47BDBF9

[ Bluetooth / Microsoft Bluetooth Enumerator ]

	Device Properties:
		Driver Description	Microsoft Bluetooth Enumerator
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16463
		Driver Provider	Microsoft
		INF File	bth.inf
		Hardware ID	BTH\MS_BTHBRB

[ Bluetooth / Obex File Transfer Service ]

	Device Properties:
		Driver Description	Obex File Transfer Service
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16463
		Driver Provider	Microsoft
		INF File	bth.inf
		Hardware ID	BTHENUM\{00001106-0000-1000-8000-00805f9b34fb}_LOCALMFG&0045

[ Bluetooth / Object Push Service ]

	Device Properties:
		Driver Description	Object Push Service
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16463
		Driver Provider	Microsoft
		INF File	bth.inf
		Hardware ID	BTHENUM\{00001105-0000-1000-8000-00805f9b34fb}_LOCALMFG&0045

[ Bluetooth / Personal Area Network NAP Service ]

	Device Properties:
		Driver Description	Personal Area Network NAP Service
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16463
		Driver Provider	Microsoft
		INF File	bth.inf
		Hardware ID	BTHENUM\{00001116-0000-1000-8000-00805f9b34fb}_LOCALMFG&0045

[ Bluetooth / Phonebook Access Pse Service ]

	Device Properties:
		Driver Description	Phonebook Access Pse Service
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16463
		Driver Provider	Microsoft
		INF File	bth.inf
		Hardware ID	BTHENUM\{0000112f-0000-1000-8000-00805f9b34fb}_LOCALMFG&0045

[ Computer / ACPI x64-based PC ]

	Device Properties:
		Driver Description	ACPI x64-based PC
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	hal.inf
		Hardware ID	acpiapic

[ Disk drives / INTEL SSDSC2BW120A4 ]

	Device Properties:
		Driver Description	INTEL SSDSC2BW120A4
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	disk.inf
		Hardware ID	SCSI\DiskINTEL______SSDSC2BW120A4DC32
		Location Information	Bus Number 0, Target Id 0, LUN 0

	Device Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/design/flash/nand/productinformation.htm
		Driver Update	http://www.aida64.com/driver-updates

[ Disk drives / TOSHIBA MQ01ABD050 ]

	Device Properties:
		Driver Description	TOSHIBA MQ01ABD050
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	disk.inf
		Hardware ID	SCSI\DiskTOSHIBA_______MQ01ABD050AX00
		Location Information	Bus Number 2, Target Id 0, LUN 0

	Device Manufacturer:
		Company Name	Toshiba Corp., Storage Device Division
		Product Information	http://sdd.toshiba.com
		Driver Update	http://www.aida64.com/driver-updates

[ Display adapters / Intel(R) HD Graphics 4000 ]

	Device Properties:
		Driver Description	Intel(R) HD Graphics 4000
		Driver Date	10-7-2015
		Driver Version	10.18.10.4252
		Driver Provider	Intel Corporation
		INF File	oem27.inf
		Hardware ID	PCI\VEN_8086&DEV_0166&SUBSYS_10AC1043&REV_09
		Location Information	PCI bus 0, device 2, function 0
		PCI Device	Intel Ivy Bridge-MB - Integrated Graphics Controller (MB GT2)

	Device Resources:
		IRQ	65536
		Memory	000A0000-000BFFFF
		Memory	E0000000-EFFFFFFF
		Memory	F7800000-F7BFFFFF
		Port	03B0-03BB
		Port	03C0-03DF
		Port	F000-F03F

	Video Adapter Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/graphics
		Driver Update	http://www.aida64.com/driver-updates

[ Human Interface Devices / HID-compliant vendor-defined device ]

	Device Properties:
		Driver Description	HID-compliant vendor-defined device
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	input.inf
		Hardware ID	HID\VID_09DA&PID_C10A&REV_0314&Col02

[ Human Interface Devices / HID-compliant wireless radio controls ]

	Device Properties:
		Driver Description	HID-compliant wireless radio controls
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	input.inf
		Hardware ID	HID\VEN_ATK&DEV_4001

[ Human Interface Devices / IM-A870 Audio/Video Remote Control HID ]

	Device Properties:
		Driver Description	IM-A870 Audio/Video Remote Control HID
		Driver Date	9-7-2015
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	bthaudhid.inf
		Hardware ID	BTHENUM\{0000110e-0000-1000-8000-00805f9b34fb}_LOCALMFG&0045

[ Human Interface Devices / USB Input Device ]

	Device Properties:
		Driver Description	USB Input Device
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	input.inf
		Hardware ID	USB\VID_09DA&PID_C10A&REV_0314
		Location Information	Port_#0003.Hub_#0005

[ IDE ATA/ATAPI controllers / Intel(R) 7 Series/C216 Chipset Family SATA AHCI Controller - 1E03 ]

	Device Properties:
		Driver Description	Intel(R) 7 Series/C216 Chipset Family SATA AHCI Controller - 1E03
		Driver Date	26-8-2011
		Driver Version	9.3.0.1011
		Driver Provider	Intel
		INF File	oem1.inf
		Hardware ID	PCI\VEN_8086&DEV_1E03&SUBSYS_10AC1043&REV_04
		Location Information	PCI bus 0, device 31, function 2
		PCI Device	Intel Panther Point-M PCH - SATA AHCI Controller [C-1]

	Device Resources:
		IRQ	19
		Memory	F7D16000-F7D167FF
		Port	F060-F07F
		Port	F080-F083
		Port	F090-F097
		Port	F0A0-F0A3
		Port	F0B0-F0B7

[ Imaging devices / USB2.0 UVC HD Webcam ]

	Device Properties:
		Driver Description	USB2.0 UVC HD Webcam
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	usbvideo.inf
		Hardware ID	USB\VID_13D3&PID_5166&REV_0530&MI_00
		Location Information	0000.001a.0000.001.004.000.000.000.000

[ Keyboards / Keyboard Device Filter ]

	Device Properties:
		Driver Description	Keyboard Device Filter
		Driver Date	2-8-2012
		Driver Version	1.0.0.5
		Driver Provider	ATK
		INF File	oem2.inf
		Hardware ID	ACPI\VEN_ATK&DEV_3001

	Device Resources:
		IRQ	01
		Port	0060-0060
		Port	0064-0064

[ Mice and other pointing devices / ASUS Touchpad ]

	Device Properties:
		Driver Description	ASUS Touchpad
		Driver Date	17-6-2015
		Driver Version	1.0.0.262
		Driver Provider	ASUS
		INF File	oem17.inf
		Hardware ID	ACPI\VEN_ETD&DEV_010A

	Device Resources:
		IRQ	12

[ Mice and other pointing devices / HID-compliant mouse ]

	Device Properties:
		Driver Description	HID-compliant mouse
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	msmouse.inf
		Hardware ID	HID\VID_09DA&PID_C10A&REV_0314&Col01

[ Monitors / Generic PnP Monitor ]

	Device Properties:
		Driver Description	Generic PnP Monitor
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	monitor.inf
		Hardware ID	MONITOR\BOE05B1

[ Network adapters / Bluetooth Device (Personal Area Network) ]

	Device Properties:
		Driver Description	Bluetooth Device (Personal Area Network)
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	bthpan.inf
		Hardware ID	BTH\MS_BTHPAN

[ Network adapters / Bluetooth Device (RFCOMM Protocol TDI) ]

	Device Properties:
		Driver Description	Bluetooth Device (RFCOMM Protocol TDI)
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	tdibth.inf
		Hardware ID	BTH\MS_RFCOMM

[ Network adapters / Microsoft Kernel Debug Network Adapter ]

	Device Properties:
		Driver Description	Microsoft Kernel Debug Network Adapter
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	kdnic.inf
		Hardware ID	root\kdnic

[ Network adapters / Microsoft Teredo Tunneling Adapter ]

	Device Properties:
		Driver Description	Microsoft Teredo Tunneling Adapter
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	nettun.inf
		Hardware ID	*TEREDO

[ Network adapters / Microsoft Wi-Fi Direct Virtual Adapter ]

	Device Properties:
		Driver Description	Microsoft Wi-Fi Direct Virtual Adapter
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	netvwifimp.inf
		Hardware ID	{5d624f94-8850-40c3-a3fa-a4fd2080baf3}\vwifimp_wfd
		Location Information	VWiFi Bus 0

[ Network adapters / Qualcomm Atheros AR9002WB-1NG Wireless Network Adapter ]

	Device Properties:
		Driver Description	Qualcomm Atheros AR9002WB-1NG Wireless Network Adapter
		Driver Date	15-7-2013
		Driver Version	10.0.0.260
		Driver Provider	Qualcomm Atheros Communications Inc.
		INF File	oem14.inf
		Hardware ID	PCI\VEN_168C&DEV_002B&SUBSYS_2C371A3B&REV_01
		Location Information	PCI bus 3, device 0, function 0
		PCI Device	Atheros AR9285 802.11b/g/n Wireless Network Adapter

	Device Resources:
		IRQ	17
		Memory	F7CF0000-F7CFFFFF

	Network Adapter Manufacturer:
		Company Name	Atheros Communications, Inc.
		Product Information	http://www.atheros.com/networking
		Driver Download	http://www.atheros.com
		Driver Update	http://www.aida64.com/driver-updates

[ Network adapters / Realtek PCIe GBE Family Controller ]

	Device Properties:
		Driver Description	Realtek PCIe GBE Family Controller
		Driver Date	1-4-2015
		Driver Version	9.1.401.2015
		Driver Provider	Realtek
		INF File	rt640x64.inf
		Hardware ID	PCI\VEN_10EC&DEV_8168&SUBSYS_10AC1043&REV_07
		Location Information	PCI bus 2, device 0, function 0
		PCI Device	Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter

	Device Resources:
		IRQ	65536
		Memory	F0000000-F0003FFF
		Memory	F0004000-F0004FFF
		Port	E000-E0FF

	Network Adapter Manufacturer:
		Company Name	Realtek Semiconductor Corp.
		Product Information	http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=7&PFid=10&Level=3&Conn=2
		Driver Download	http://www.realtek.com.tw/downloads
		Driver Update	http://www.aida64.com/driver-updates

[ Print queues / Fax ]

	Device Properties:
		Driver Description	Fax
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	printqueue.inf
		Hardware ID	PRINTENUM\microsoftmicrosoft_s7d14

[ Print queues / Microsoft Print to PDF ]

	Device Properties:
		Driver Description	Microsoft Print to PDF
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	printqueue.inf
		Hardware ID	PRINTENUM\{084f01fa-e634-4d77-83ee-074817c03581}

[ Print queues / Microsoft XPS Document Writer ]

	Device Properties:
		Driver Description	Microsoft XPS Document Writer
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	printqueue.inf
		Hardware ID	PRINTENUM\{0f4130dd-19c7-7ab6-99a1-980f03b2ee4e}

[ Print queues / Root Print Queue ]

	Device Properties:
		Driver Description	Root Print Queue
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	printqueue.inf
		Hardware ID	PRINTENUM\LocalPrintQueue

[ Processors / Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz ]

	Device Properties:
		Driver Description	Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
		Driver Date	21-4-2009
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	cpu.inf
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_58

[ Processors / Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz ]

	Device Properties:
		Driver Description	Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
		Driver Date	21-4-2009
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	cpu.inf
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_58

[ Processors / Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz ]

	Device Properties:
		Driver Description	Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
		Driver Date	21-4-2009
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	cpu.inf
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_58

[ Processors / Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz ]

	Device Properties:
		Driver Description	Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
		Driver Date	21-4-2009
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	cpu.inf
		Hardware ID	ACPI\GenuineIntel_-_Intel64_Family_6_Model_58

[ Software devices / Bluetooth ]

	Device Properties:
		Driver Description	Bluetooth
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	c_swdevice.inf

[ Software devices / Microsoft Device Association Root Enumerator ]

	Device Properties:
		Driver Description	Microsoft Device Association Root Enumerator
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	c_swdevice.inf

[ Software devices / Microsoft GS Wavetable Synth ]

	Device Properties:
		Driver Description	Microsoft GS Wavetable Synth
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	c_swdevice.inf

[ Software devices / Microsoft IPv4 IPv6 Transition Adapter Bus ]

	Device Properties:
		Driver Description	Microsoft IPv4 IPv6 Transition Adapter Bus
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	c_swdevice.inf
		Hardware ID	(null)

[ Software devices / Microsoft Radio Device Enumeration Bus ]

	Device Properties:
		Driver Description	Microsoft Radio Device Enumeration Bus
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	c_swdevice.inf

[ Software devices / Wi-Fi ]

	Device Properties:
		Driver Description	Wi-Fi
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	c_swdevice.inf

[ Sound, video and game controllers / Intel(R) Display Audio ]

	Device Properties:
		Driver Description	Intel(R) Display Audio
		Driver Date	29-8-2013
		Driver Version	6.16.0.3123
		Driver Provider	Intel(R) Corporation
		INF File	oem18.inf
		Hardware ID	HDAUDIO\FUNC_01&VEN_8086&DEV_2806&SUBSYS_80860101&REV_1000
		Location Information	Internal High Definition Audio Bus

[ Sound, video and game controllers / Realtek High Definition Audio ]

	Device Properties:
		Driver Description	Realtek High Definition Audio
		Driver Date	12-6-2012
		Driver Version	6.0.1.6657
		Driver Provider	Realtek Semiconductor Corp.
		INF File	oem7.inf
		Hardware ID	HDAUDIO\FUNC_01&VEN_10EC&DEV_0269&SUBSYS_104310AC&REV_1001
		Location Information	Internal High Definition Audio Bus

	Device Manufacturer:
		Company Name	Realtek Semiconductor Corp.
		Product Information	http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=8&PFid=14&Level=3&Conn=2
		Driver Download	http://www.realtek.com.tw/downloads
		Driver Update	http://www.aida64.com/driver-updates

[ Storage controllers / Microsoft Storage Spaces Controller ]

	Device Properties:
		Driver Description	Microsoft Storage Spaces Controller
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	spaceport.inf
		Hardware ID	Root\Spaceport

[ Storage volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	volume.inf
		Hardware ID	STORAGE\Volume

[ Storage volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	volume.inf
		Hardware ID	STORAGE\Volume

[ Storage volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	volume.inf
		Hardware ID	STORAGE\Volume

[ Storage volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	volume.inf
		Hardware ID	STORAGE\Volume

[ Storage volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	volume.inf
		Hardware ID	STORAGE\Volume

[ Storage volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	volume.inf
		Hardware ID	STORAGE\Volume

[ Storage volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	volume.inf
		Hardware ID	STORAGE\Volume

[ Storage volumes / Generic volume ]

	Device Properties:
		Driver Description	Generic volume
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	volume.inf
		Hardware ID	STORAGE\Volume

[ System devices / ACPI Fan ]

	Device Properties:
		Driver Description	ACPI Fan
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C0B

[ System devices / ACPI Fan ]

	Device Properties:
		Driver Description	ACPI Fan
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C0B

[ System devices / ACPI Fan ]

	Device Properties:
		Driver Description	ACPI Fan
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C0B

[ System devices / ACPI Fan ]

	Device Properties:
		Driver Description	ACPI Fan
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C0B

[ System devices / ACPI Fan ]

	Device Properties:
		Driver Description	ACPI Fan
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C0B

[ System devices / ACPI Fixed Feature Button ]

	Device Properties:
		Driver Description	ACPI Fixed Feature Button
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\FixedButton

[ System devices / ACPI Lid ]

	Device Properties:
		Driver Description	ACPI Lid
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C0D

[ System devices / ACPI Power Button ]

	Device Properties:
		Driver Description	ACPI Power Button
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C0C

[ System devices / ACPI Sleep Button ]

	Device Properties:
		Driver Description	ACPI Sleep Button
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C0E

[ System devices / ACPI Thermal Zone ]

	Device Properties:
		Driver Description	ACPI Thermal Zone
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\ThermalZone

[ System devices / ACPI Thermal Zone ]

	Device Properties:
		Driver Description	ACPI Thermal Zone
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\ThermalZone

[ System devices / ASUS Wireless Radio Control ]

	Device Properties:
		Driver Description	ASUS Wireless Radio Control
		Driver Date	7-10-2013
		Driver Version	1.0.0.3
		Driver Provider	ASUS
		INF File	oem12.inf
		Hardware ID	ACPI\VEN_ATK&DEV_4001

[ System devices / Composite Bus Enumerator ]

	Device Properties:
		Driver Description	Composite Bus Enumerator
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	compositebus.inf
		Hardware ID	ROOT\CompositeBus

[ System devices / Direct memory access controller ]

	Device Properties:
		Driver Description	Direct memory access controller
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0200

[ System devices / High Definition Audio Controller ]

	Device Properties:
		Driver Description	High Definition Audio Controller
		Driver Date	9-7-2015
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	hdaudbus.inf
		Hardware ID	PCI\VEN_8086&DEV_1E20&SUBSYS_10AC1043&REV_04
		Location Information	PCI bus 0, device 27, function 0
		PCI Device	Intel Panther Point PCH - High Definition Audio Controller [C-1]

	Device Resources:
		IRQ	22
		Memory	FEAFC000-FEAFFFFF

[ System devices / High precision event timer ]

	Device Properties:
		Driver Description	High precision event timer
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0103

[ System devices / Intel(R) Management Engine Interface ]

	Device Properties:
		Driver Description	Intel(R) Management Engine Interface
		Driver Date	2-7-2012
		Driver Version	8.1.0.1263
		Driver Provider	Intel
		INF File	oem11.inf
		Hardware ID	PCI\VEN_8086&DEV_1E3A&SUBSYS_10AC1043&REV_04
		Location Information	PCI bus 0, device 22, function 0
		PCI Device	Intel Panther Point PCH - Host Embedded Controller Interface 1 (HECI1) [C-1]

	Device Resources:
		IRQ	16
		Memory	F7D1A000-F7D1A00F

[ System devices / IWD Bus Enumerator ]

	Device Properties:
		Driver Description	IWD Bus Enumerator
		Driver Date	8-6-2015
		Driver Version	4.5.61.0
		Driver Provider	Intel Corporation
		INF File	oem16.inf
		Hardware ID	root\iwdbus

[ System devices / Legacy device ]

	Device Properties:
		Driver Description	Legacy device
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_INT&DEV_0800

[ System devices / LPC Controller ]

	Device Properties:
		Driver Description	LPC Controller
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	PCI\VEN_8086&DEV_1E59&SUBSYS_10AC1043&REV_04
		Location Information	PCI bus 0, device 31, function 0
		PCI Device	Intel HM76 Chipset - LPC Interface Controller [C-1]

[ System devices / Memory Controller ]

	Device Properties:
		Driver Description	Memory Controller
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	PCI\VEN_8086&DEV_0154&SUBSYS_10AC1043&REV_09
		Location Information	PCI bus 0, device 0, function 0
		PCI Device	Intel Ivy Bridge-MB - Host Bridge/DRAM Controller

[ System devices / Microsoft ACPI-Compliant Embedded Controller ]

	Device Properties:
		Driver Description	Microsoft ACPI-Compliant Embedded Controller
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C09

	Device Resources:
		Port	0062-0062
		Port	0066-0066

[ System devices / Microsoft ACPI-Compliant System ]

	Device Properties:
		Driver Description	Microsoft ACPI-Compliant System
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16397
		Driver Provider	Microsoft
		INF File	acpi.inf
		Hardware ID	ACPI_HAL\PNP0C08
		PnP Device	ACPI Driver/BIOS

	Device Resources:
		IRQ	100
		IRQ	101
		IRQ	102
		IRQ	103
		IRQ	104
		IRQ	105
		IRQ	106
		IRQ	107
		IRQ	108
		IRQ	109
		IRQ	110
		IRQ	111
		IRQ	112
		IRQ	113
		IRQ	114
		IRQ	115
		IRQ	116
		IRQ	117
		IRQ	118
		IRQ	119
		IRQ	120
		IRQ	121
		IRQ	122
		IRQ	123
		IRQ	124
		IRQ	125
		IRQ	126
		IRQ	127
		IRQ	128
		IRQ	129
		IRQ	130
		IRQ	131
		IRQ	132
		IRQ	133
		IRQ	134
		IRQ	135
		IRQ	136
		IRQ	137
		IRQ	138
		IRQ	139
		IRQ	140
		IRQ	141
		IRQ	142
		IRQ	143
		IRQ	144
		IRQ	145
		IRQ	146
		IRQ	147
		IRQ	148
		IRQ	149
		IRQ	150
		IRQ	151
		IRQ	152
		IRQ	153
		IRQ	154
		IRQ	155
		IRQ	156
		IRQ	157
		IRQ	158
		IRQ	159
		IRQ	160
		IRQ	161
		IRQ	162
		IRQ	163
		IRQ	164
		IRQ	165
		IRQ	166
		IRQ	167
		IRQ	168
		IRQ	169
		IRQ	170
		IRQ	171
		IRQ	172
		IRQ	173
		IRQ	174
		IRQ	175
		IRQ	176
		IRQ	177
		IRQ	178
		IRQ	179
		IRQ	180
		IRQ	181
		IRQ	182
		IRQ	183
		IRQ	184
		IRQ	185
		IRQ	186
		IRQ	187
		IRQ	188
		IRQ	189
		IRQ	190
		IRQ	191
		IRQ	192
		IRQ	193
		IRQ	194
		IRQ	195
		IRQ	196
		IRQ	197
		IRQ	198
		IRQ	199
		IRQ	200
		IRQ	201
		IRQ	202
		IRQ	203
		IRQ	204
		IRQ	256
		IRQ	257
		IRQ	258
		IRQ	259
		IRQ	260
		IRQ	261
		IRQ	262
		IRQ	263
		IRQ	264
		IRQ	265
		IRQ	266
		IRQ	267
		IRQ	268
		IRQ	269
		IRQ	270
		IRQ	271
		IRQ	272
		IRQ	273
		IRQ	274
		IRQ	275
		IRQ	276
		IRQ	277
		IRQ	278
		IRQ	279
		IRQ	280
		IRQ	281
		IRQ	282
		IRQ	283
		IRQ	284
		IRQ	285
		IRQ	286
		IRQ	287
		IRQ	288
		IRQ	289
		IRQ	290
		IRQ	291
		IRQ	292
		IRQ	293
		IRQ	294
		IRQ	295
		IRQ	296
		IRQ	297
		IRQ	298
		IRQ	299
		IRQ	300
		IRQ	301
		IRQ	302
		IRQ	303
		IRQ	304
		IRQ	305
		IRQ	306
		IRQ	307
		IRQ	308
		IRQ	309
		IRQ	310
		IRQ	311
		IRQ	312
		IRQ	313
		IRQ	314
		IRQ	315
		IRQ	316
		IRQ	317
		IRQ	318
		IRQ	319
		IRQ	320
		IRQ	321
		IRQ	322
		IRQ	323
		IRQ	324
		IRQ	325
		IRQ	326
		IRQ	327
		IRQ	328
		IRQ	329
		IRQ	330
		IRQ	331
		IRQ	332
		IRQ	333
		IRQ	334
		IRQ	335
		IRQ	336
		IRQ	337
		IRQ	338
		IRQ	339
		IRQ	340
		IRQ	341
		IRQ	342
		IRQ	343
		IRQ	344
		IRQ	345
		IRQ	346
		IRQ	347
		IRQ	348
		IRQ	349
		IRQ	350
		IRQ	351
		IRQ	352
		IRQ	353
		IRQ	354
		IRQ	355
		IRQ	356
		IRQ	357
		IRQ	358
		IRQ	359
		IRQ	360
		IRQ	361
		IRQ	362
		IRQ	363
		IRQ	364
		IRQ	365
		IRQ	366
		IRQ	367
		IRQ	368
		IRQ	369
		IRQ	370
		IRQ	371
		IRQ	372
		IRQ	373
		IRQ	374
		IRQ	375
		IRQ	376
		IRQ	377
		IRQ	378
		IRQ	379
		IRQ	380
		IRQ	381
		IRQ	382
		IRQ	383
		IRQ	384
		IRQ	385
		IRQ	386
		IRQ	387
		IRQ	388
		IRQ	389
		IRQ	390
		IRQ	391
		IRQ	392
		IRQ	393
		IRQ	394
		IRQ	395
		IRQ	396
		IRQ	397
		IRQ	398
		IRQ	399
		IRQ	400
		IRQ	401
		IRQ	402
		IRQ	403
		IRQ	404
		IRQ	405
		IRQ	406
		IRQ	407
		IRQ	408
		IRQ	409
		IRQ	410
		IRQ	411
		IRQ	412
		IRQ	413
		IRQ	414
		IRQ	415
		IRQ	416
		IRQ	417
		IRQ	418
		IRQ	419
		IRQ	420
		IRQ	421
		IRQ	422
		IRQ	423
		IRQ	424
		IRQ	425
		IRQ	426
		IRQ	427
		IRQ	428
		IRQ	429
		IRQ	430
		IRQ	431
		IRQ	432
		IRQ	433
		IRQ	434
		IRQ	435
		IRQ	436
		IRQ	437
		IRQ	438
		IRQ	439
		IRQ	440
		IRQ	441
		IRQ	442
		IRQ	443
		IRQ	444
		IRQ	445
		IRQ	446
		IRQ	447
		IRQ	448
		IRQ	449
		IRQ	450
		IRQ	451
		IRQ	452
		IRQ	453
		IRQ	454
		IRQ	455
		IRQ	456
		IRQ	457
		IRQ	458
		IRQ	459
		IRQ	460
		IRQ	461
		IRQ	462
		IRQ	463
		IRQ	464
		IRQ	465
		IRQ	466
		IRQ	467
		IRQ	468
		IRQ	469
		IRQ	470
		IRQ	471
		IRQ	472
		IRQ	473
		IRQ	474
		IRQ	475
		IRQ	476
		IRQ	477
		IRQ	478
		IRQ	479
		IRQ	480
		IRQ	481
		IRQ	482
		IRQ	483
		IRQ	484
		IRQ	485
		IRQ	486
		IRQ	487
		IRQ	488
		IRQ	489
		IRQ	490
		IRQ	491
		IRQ	492
		IRQ	493
		IRQ	494
		IRQ	495
		IRQ	496
		IRQ	497
		IRQ	498
		IRQ	499
		IRQ	500
		IRQ	501
		IRQ	502
		IRQ	503
		IRQ	504
		IRQ	505
		IRQ	506
		IRQ	507
		IRQ	508
		IRQ	509
		IRQ	510
		IRQ	511
		IRQ	54
		IRQ	55
		IRQ	56
		IRQ	57
		IRQ	58
		IRQ	59
		IRQ	60
		IRQ	61
		IRQ	62
		IRQ	63
		IRQ	64
		IRQ	65
		IRQ	66
		IRQ	67
		IRQ	68
		IRQ	69
		IRQ	70
		IRQ	71
		IRQ	72
		IRQ	73
		IRQ	74
		IRQ	75
		IRQ	76
		IRQ	77
		IRQ	78
		IRQ	79
		IRQ	80
		IRQ	81
		IRQ	82
		IRQ	83
		IRQ	84
		IRQ	85
		IRQ	86
		IRQ	87
		IRQ	88
		IRQ	89
		IRQ	90
		IRQ	91
		IRQ	92
		IRQ	93
		IRQ	94
		IRQ	95
		IRQ	96
		IRQ	97
		IRQ	98
		IRQ	99

[ System devices / Microsoft Basic Display Driver ]

	Device Properties:
		Driver Description	Microsoft Basic Display Driver
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	basicdisplay.inf
		Hardware ID	ROOT\BasicDisplay

[ System devices / Microsoft Basic Render Driver ]

	Device Properties:
		Driver Description	Microsoft Basic Render Driver
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	basicrender.inf
		Hardware ID	ROOT\BasicRender

[ System devices / Microsoft System Management BIOS Driver ]

	Device Properties:
		Driver Description	Microsoft System Management BIOS Driver
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	mssmbios.inf
		Hardware ID	ROOT\mssmbios

[ System devices / Microsoft Virtual Drive Enumerator ]

	Device Properties:
		Driver Description	Microsoft Virtual Drive Enumerator
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	vdrvroot.inf
		Hardware ID	ROOT\vdrvroot

[ System devices / Microsoft Windows Management Interface for ACPI ]

	Device Properties:
		Driver Description	Microsoft Windows Management Interface for ACPI
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	wmiacpi.inf
		Hardware ID	ACPI\VEN_PnP&DEV_0C14

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_INT&DEV_340E

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C02

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C02

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_INT&DEV_3F0D

[ System devices / Motherboard resources ]

	Device Properties:
		Driver Description	Motherboard resources
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C02

[ System devices / NDIS Virtual Network Adapter Enumerator ]

	Device Properties:
		Driver Description	NDIS Virtual Network Adapter Enumerator
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	ndisvirtualbus.inf
		Hardware ID	ROOT\NdisVirtualBus

[ System devices / Numeric data processor ]

	Device Properties:
		Driver Description	Numeric data processor
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C04

[ System devices / PCI Express Root Complex ]

	Device Properties:
		Driver Description	PCI Express Root Complex
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16390
		Driver Provider	Microsoft
		INF File	pci.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0A08

	Device Resources:
		Memory	000A0000-000BFFFF
		Memory	000D0000-000D3FFF
		Memory	000D4000-000D7FFF
		Memory	000D8000-000DBFFF
		Memory	000DC000-000DFFFF
		Memory	DF200000-FEAFFFFF
		Port	0000-0CF7
		Port	0D00-FFFF

[ System devices / PCI-to-PCI Bridge ]

	Device Properties:
		Driver Description	PCI-to-PCI Bridge
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16390
		Driver Provider	Microsoft
		INF File	pci.inf
		Hardware ID	PCI\VEN_8086&DEV_0151&SUBSYS_10AC1043&REV_09
		Location Information	PCI bus 0, device 1, function 0
		PCI Device	Intel Ivy Bridge-DT - PCI Express Graphics Root Port

[ System devices / PCI-to-PCI Bridge ]

	Device Properties:
		Driver Description	PCI-to-PCI Bridge
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16390
		Driver Provider	Microsoft
		INF File	pci.inf
		Hardware ID	PCI\VEN_8086&DEV_1E10&SUBSYS_10AC1043&REV_C4
		Location Information	PCI bus 0, device 28, function 0
		PCI Device	Intel Panther Point PCH - PCI Express Port 1

	Device Resources:
		Memory	F0000000-F00FFFFF
		Port	E000-EFFF

[ System devices / PCI-to-PCI Bridge ]

	Device Properties:
		Driver Description	PCI-to-PCI Bridge
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16390
		Driver Provider	Microsoft
		INF File	pci.inf
		Hardware ID	PCI\VEN_8086&DEV_1E12&SUBSYS_10AC1043&REV_C4
		Location Information	PCI bus 0, device 28, function 1
		PCI Device	Intel Panther Point PCH - PCI Express Port 2

	Device Resources:
		Memory	F7C00000-F7CFFFFF

[ System devices / Plug and Play Software Device Enumerator ]

	Device Properties:
		Driver Description	Plug and Play Software Device Enumerator
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	swenum.inf
		Hardware ID	ROOT\SWENUM

[ System devices / Programmable interrupt controller ]

	Device Properties:
		Driver Description	Programmable interrupt controller
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0000

[ System devices / Remote Desktop Device Redirector Bus ]

	Device Properties:
		Driver Description	Remote Desktop Device Redirector Bus
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	rdpbus.inf
		Hardware ID	ROOT\RDPBUS

[ System devices / Synaptics SMBus Driver ]

	Device Properties:
		Driver Description	Synaptics SMBus Driver
		Driver Date	29-5-2015
		Driver Version	19.0.9.5
		Driver Provider	Synaptics
		INF File	oem26.inf
		Hardware ID	PCI\VEN_8086&DEV_1E22&SUBSYS_10AC1043&REV_04
		Location Information	PCI bus 0, device 31, function 3
		PCI Device	Intel Panther Point PCH - SMBus Controller [C-1]

	Device Resources:
		IRQ	18
		Memory	F7D15000-F7D150FF
		Port	F040-F05F

[ System devices / System board ]

	Device Properties:
		Driver Description	System board
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C01

[ System devices / System board ]

	Device Properties:
		Driver Description	System board
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0C01

[ System devices / System CMOS/real time clock ]

	Device Properties:
		Driver Description	System CMOS/real time clock
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0B00

	Device Resources:
		IRQ	08
		Port	0070-0077

[ System devices / System timer ]

	Device Properties:
		Driver Description	System timer
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	machine.inf
		Hardware ID	ACPI\VEN_PNP&DEV_0100

[ System devices / UMBus Root Bus Enumerator ]

	Device Properties:
		Driver Description	UMBus Root Bus Enumerator
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	umbus.inf
		Hardware ID	root\umbus

[ System devices / Volume Manager ]

	Device Properties:
		Driver Description	Volume Manager
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	volmgr.inf
		Hardware ID	ROOT\VOLMGR

[ Universal Serial Bus controllers / Generic USB Hub ]

	Device Properties:
		Driver Description	Generic USB Hub
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	usb.inf
		Hardware ID	USB\VID_8087&PID_0024&REV_0000
		Location Information	Port_#0001.Hub_#0001

[ Universal Serial Bus controllers / Generic USB Hub ]

	Device Properties:
		Driver Description	Generic USB Hub
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	usb.inf
		Hardware ID	USB\VID_8087&PID_0024&REV_0000
		Location Information	Port_#0001.Hub_#0002

[ Universal Serial Bus controllers / Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26 ]

	Device Properties:
		Driver Description	Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16401
		Driver Provider	Microsoft
		INF File	usbport.inf
		Hardware ID	PCI\VEN_8086&DEV_1E26&SUBSYS_10AC1043&REV_04
		Location Information	PCI bus 0, device 29, function 0
		PCI Device	Intel Panther Point PCH - USB 2.0 EHCI Controller #1 [C-1]

	Device Resources:
		IRQ	23
		Memory	F7D17000-F7D173FF

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ Universal Serial Bus controllers / Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D ]

	Device Properties:
		Driver Description	Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16401
		Driver Provider	Microsoft
		INF File	usbport.inf
		Hardware ID	PCI\VEN_8086&DEV_1E2D&SUBSYS_10AC1043&REV_04
		Location Information	PCI bus 0, device 26, function 0
		PCI Device	Intel Panther Point PCH - USB 2.0 EHCI Controller #2 [C-1]

	Device Resources:
		IRQ	16
		Memory	F7D18000-F7D183FF

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ Universal Serial Bus controllers / Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft) ]

	Device Properties:
		Driver Description	Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)
		Driver Date	17-8-2015
		Driver Version	10.0.10240.16461
		Driver Provider	Microsoft
		INF File	usbxhci.inf
		Hardware ID	PCI\VEN_8086&DEV_1E31&SUBSYS_10AC1043&REV_04
		Location Information	PCI bus 0, device 20, function 0
		PCI Device	Intel Panther Point PCH - USB 3.0 xHCI Controller [C-1]

	Device Resources:
		IRQ	65536
		Memory	F7D00000-F7D0FFFF

	Chipset Manufacturer:
		Company Name	Intel Corporation
		Product Information	http://www.intel.com/products/chipsets
		Driver Download	http://support.intel.com/support/chipsets
		BIOS Upgrades	http://www.aida64.com/bios-updates
		Driver Update	http://www.aida64.com/driver-updates

[ Universal Serial Bus controllers / Realtek USB 2.0 Card Reader ]

	Device Properties:
		Driver Description	Realtek USB 2.0 Card Reader
		Driver Date	9-6-2015
		Driver Version	10.0.10125.31214
		Driver Provider	Realtek Semiconduct Corp.
		INF File	oem28.inf
		Hardware ID	USB\VID_0BDA&PID_0138&REV_3882
		Location Information	Port_#0004.Hub_#0005

[ Universal Serial Bus controllers / USB Composite Device ]

	Device Properties:
		Driver Description	USB Composite Device
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16384
		Driver Provider	Microsoft
		INF File	usb.inf
		Hardware ID	USB\VID_13D3&PID_5166&REV_0530
		Location Information	Port_#0004.Hub_#0004

[ Universal Serial Bus controllers / USB Root Hub (xHCI) ]

	Device Properties:
		Driver Description	USB Root Hub (xHCI)
		Driver Date	2-8-2015
		Driver Version	10.0.10240.16425
		Driver Provider	Microsoft
		INF File	usbhub3.inf
		Hardware ID	USB\ROOT_HUB30&VID8086&PID1E31&REV0004

[ Universal Serial Bus controllers / USB Root Hub ]

	Device Properties:
		Driver Description	USB Root Hub
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16401
		Driver Provider	Microsoft
		INF File	usbport.inf
		Hardware ID	USB\ROOT_HUB20&VID8086&PID1E2D&REV0004

[ Universal Serial Bus controllers / USB Root Hub ]

	Device Properties:
		Driver Description	USB Root Hub
		Driver Date	21-6-2006
		Driver Version	10.0.10240.16401
		Driver Provider	Microsoft
		INF File	usbport.inf
		Hardware ID	USB\ROOT_HUB20&VID8086&PID1E26&REV0004

[ Unknown / Bluetooth Peripheral Device ]

	Device Properties:
		Driver Description	Bluetooth Peripheral Device
		Hardware ID	BTHENUM\{00001800-0000-1000-8000-00805f9b34fb}_LOCALMFG&0045

[ Unknown / Bluetooth Peripheral Device ]

	Device Properties:
		Driver Description	Bluetooth Peripheral Device
		Hardware ID	BTHENUM\{00001801-0000-1000-8000-00805f9b34fb}_LOCALMFG&0045

[ Unknown / MAP SMS/MMS ]

	Device Properties:
		Driver Description	MAP SMS/MMS
		Hardware ID	BTHENUM\{00001132-0000-1000-8000-00805f9b34fb}_LOCALMFG&0045

[ Unknown / Unknown ]

	Device Properties:
		Driver Description	Unknown

Physical Devices


PCI Devices:
	Bus 3, Device 0, Function 0	Atheros AR9285 802.11b/g/n Wireless Network Adapter
	Bus 0, Device 31, Function 0	Intel HM76 Chipset - LPC Interface Controller [C-1]
	Bus 0, Device 1, Function 0	Intel Ivy Bridge-DT - PCI Express Graphics Root Port
	Bus 0, Device 0, Function 0	Intel Ivy Bridge-MB - Host Bridge/DRAM Controller
	Bus 0, Device 2, Function 0	Intel Ivy Bridge-MB - Integrated Graphics Controller (MB GT2)
	Bus 0, Device 27, Function 0	Intel Panther Point PCH - High Definition Audio Controller [C-1]
	Bus 0, Device 22, Function 0	Intel Panther Point PCH - Host Embedded Controller Interface 1 (HECI1) [C-1]
	Bus 0, Device 28, Function 0	Intel Panther Point PCH - PCI Express Port 1
	Bus 0, Device 28, Function 1	Intel Panther Point PCH - PCI Express Port 2
	Bus 0, Device 31, Function 3	Intel Panther Point PCH - SMBus Controller [C-1]
	Bus 0, Device 29, Function 0	Intel Panther Point PCH - USB 2.0 EHCI Controller #1 [C-1]
	Bus 0, Device 26, Function 0	Intel Panther Point PCH - USB 2.0 EHCI Controller #2 [C-1]
	Bus 0, Device 20, Function 0	Intel Panther Point PCH - USB 3.0 xHCI Controller [C-1]
	Bus 0, Device 31, Function 2	Intel Panther Point-M PCH - SATA AHCI Controller [C-1]
	Bus 2, Device 0, Function 0	Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter

PnP Devices:
	PNP0C08	ACPI Driver/BIOS
	FIXEDBUTTON	ACPI Fixed Feature Button
	PNP0C14	ACPI Management Interface
	THERMALZONE	ACPI Thermal Zone
	THERMALZONE	ACPI Thermal Zone
	PNP0A08	ACPI Three-wire Device Bus
	ATK3001	Asus Keyboard Device Filter
	ATK4001	Asus Wireless Radio Control
	PNP0C0A	Control Method Battery
	PNP0200	DMA Controller
	ETD010A	ELAN PS/2 Port Smart-Pad
	PNP0C09	Embedded Controller Device
	PNP0C0B	Fan
	PNP0C0B	Fan
	PNP0C0B	Fan
	PNP0C0B	Fan
	PNP0C0B	Fan
	PNP0103	High Precision Event Timer
	INT0800	Intel Flash EEPROM
	INT340E	Intel System Device
	INT3F0D	Intel Watchdog Timer
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_58_-________INTEL(R)_CORE(TM)_I3-3110M_CPU_@_2.40GHZ	Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_58_-________INTEL(R)_CORE(TM)_I3-3110M_CPU_@_2.40GHZ	Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_58_-________INTEL(R)_CORE(TM)_I3-3110M_CPU_@_2.40GHZ	Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
	GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_58_-________INTEL(R)_CORE(TM)_I3-3110M_CPU_@_2.40GHZ	Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
	PNP0C0D	Lid
	ACPI0003	Microsoft AC Adapter
	PNP0C04	Numeric Data Processor
	PNP0C0C	Power Button
	PNP0000	Programmable Interrupt Controller
	PNP0B00	Real-Time Clock
	PNP0C0E	Sleep Button
	PNP0C01	System Board Extension
	PNP0C01	System Board Extension
	PNP0100	System Timer
	PNP0C02	Thermal Monitoring ACPI Device
	PNP0C02	Thermal Monitoring ACPI Device
	PNP0C02	Thermal Monitoring ACPI Device

USB Devices:
	13D3 3304	Bluetooth Module
	8087 0024	Generic USB Hub
	8087 0024	Generic USB Hub
	0BDA 0138	Realtek USB 2.0 Card Reader
	13D3 5166	USB Composite Device
	09DA C10A	USB Input Device
	13D3 5166	USB2.0 UVC HD Webcam

PCI Devices


[ Atheros AR9285 802.11b/g/n Wireless Network Adapter ]

	Device Properties:
		Device Description	Atheros AR9285 802.11b/g/n Wireless Network Adapter
		Bus / Device / Function	3 / 0 / 0
		Device ID	168C-002B
		Subsystem ID	1A3B-2C37
		Revision	01

[ Intel HM76 Chipset - LPC Interface Controller [C-1] ]

	Device Properties:
		Device Description	Intel HM76 Chipset - LPC Interface Controller [C-1]
		Bus / Device / Function	0 / 31 / 0
		Device ID	8086-1E59
		Subsystem ID	1043-10AC
		Revision	04

[ Intel Ivy Bridge-DT - PCI Express Graphics Root Port ]

	Device Properties:
		Device Description	Intel Ivy Bridge-DT - PCI Express Graphics Root Port
		Bus / Device / Function	0 / 1 / 0
		Device ID	8086-0151
		Subsystem ID	1043-10AC
		Revision	09

[ Intel Ivy Bridge-MB - Host Bridge/DRAM Controller ]

	Device Properties:
		Device Description	Intel Ivy Bridge-MB - Host Bridge/DRAM Controller
		Bus / Device / Function	0 / 0 / 0
		Device ID	8086-0154
		Subsystem ID	1043-10AC
		Revision	09

[ Intel Ivy Bridge-MB - Integrated Graphics Controller (MB GT2) ]

	Device Properties:
		Device Description	Intel Ivy Bridge-MB - Integrated Graphics Controller (MB GT2)
		Bus / Device / Function	0 / 2 / 0
		Device ID	8086-0166
		Subsystem ID	1043-10AC
		Revision	09

[ Intel Panther Point PCH - High Definition Audio Controller [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - High Definition Audio Controller [C-1]
		Bus / Device / Function	0 / 27 / 0
		Device ID	8086-1E20
		Subsystem ID	1043-10AC
		Revision	04

[ Intel Panther Point PCH - Host Embedded Controller Interface 1 (HECI1) [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - Host Embedded Controller Interface 1 (HECI1) [C-1]
		Bus / Device / Function	0 / 22 / 0
		Device ID	8086-1E3A
		Subsystem ID	1043-10AC
		Revision	04

[ Intel Panther Point PCH - PCI Express Port 1 ]

	Device Properties:
		Device Description	Intel Panther Point PCH - PCI Express Port 1
		Bus / Device / Function	0 / 28 / 0
		Device ID	8086-1E10
		Subsystem ID	1043-10AC
		Revision	C4

[ Intel Panther Point PCH - PCI Express Port 2 ]

	Device Properties:
		Device Description	Intel Panther Point PCH - PCI Express Port 2
		Bus / Device / Function	0 / 28 / 1
		Device ID	8086-1E12
		Subsystem ID	1043-10AC
		Revision	C4

[ Intel Panther Point PCH - SMBus Controller [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - SMBus Controller [C-1]
		Bus / Device / Function	0 / 31 / 3
		Device ID	8086-1E22
		Subsystem ID	1043-10AC
		Revision	04

[ Intel Panther Point PCH - USB 2.0 EHCI Controller #1 [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - USB 2.0 EHCI Controller #1 [C-1]
		Bus / Device / Function	0 / 29 / 0
		Device ID	8086-1E26
		Subsystem ID	1043-10AC
		Revision	04

[ Intel Panther Point PCH - USB 2.0 EHCI Controller #2 [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - USB 2.0 EHCI Controller #2 [C-1]
		Bus / Device / Function	0 / 26 / 0
		Device ID	8086-1E2D
		Subsystem ID	1043-10AC
		Revision	04

[ Intel Panther Point PCH - USB 3.0 xHCI Controller [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point PCH - USB 3.0 xHCI Controller [C-1]
		Bus / Device / Function	0 / 20 / 0
		Device ID	8086-1E31
		Subsystem ID	1043-10AC
		Revision	04

[ Intel Panther Point-M PCH - SATA AHCI Controller [C-1] ]

	Device Properties:
		Device Description	Intel Panther Point-M PCH - SATA AHCI Controller [C-1]
		Bus / Device / Function	0 / 31 / 2
		Device ID	8086-1E03
		Subsystem ID	1043-10AC
		Revision	04

[ Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter ]

	Device Properties:
		Device Description	Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter
		Bus / Device / Function	2 / 0 / 0
		Device ID	10EC-8168
		Subsystem ID	1043-10AC
		Revision	07

USB Devices


[ Generic USB Hub ]

	Device Properties:
		Device Description	Generic USB Hub
		Device ID	8087-0024
		Device Class	09 / 00 (Hi-Speed Hub with single TT)
		Device Protocol	01
		Supported USB Version	2.00
		Current Speed	High (USB 2.0)

[ Bluetooth Module ]

	Device Properties:
		Device Description	Bluetooth Module
		Device ID	13D3-3304
		Device Class	E0 / 01 (Bluetooth)
		Device Protocol	01
		Supported USB Version	1.10
		Current Speed	Full (USB 1.1)

[ USB Composite Device ]

	Device Properties:
		Device Description	USB Composite Device
		Device ID	13D3-5166
		Device Class	EF / 02 (Interface Association Descriptor)
		Device Protocol	01
		Supported USB Version	2.00
		Current Speed	High (USB 2.0)

[ Generic USB Hub ]

	Device Properties:
		Device Description	Generic USB Hub
		Device ID	8087-0024
		Device Class	09 / 00 (Hi-Speed Hub with single TT)
		Device Protocol	01
		Supported USB Version	2.00
		Current Speed	High (USB 2.0)

[ USB Input Device (USB Mouse) ]

	Device Properties:
		Device Description	USB Input Device
		Device ID	09DA-C10A
		Device Class	03 / 01 (Human Interface Device)
		Device Protocol	02
		Manufacturer	A4Tech
		Product	USB Mouse
		Supported USB Version	1.10
		Current Speed	Low (USB 1.1)

[ Realtek USB 2.0 Card Reader (USB2.0-CRW) ]

	Device Properties:
		Device Description	Realtek USB 2.0 Card Reader
		Device ID	0BDA-0138
		Device Class	08 / 06 (Mass Storage)
		Device Protocol	50
		Manufacturer	Generic
		Product	USB2.0-CRW
		Serial Number	20090516388200000
		Supported USB Version	2.00
		Current Speed	High (USB 2.0)

Device Resources


Resource	Share	Device Description
IRQ 01	Exclusive	Keyboard Device Filter
IRQ 08	Exclusive	System CMOS/real time clock
IRQ 100	Exclusive	Microsoft ACPI-Compliant System
IRQ 101	Exclusive	Microsoft ACPI-Compliant System
IRQ 102	Exclusive	Microsoft ACPI-Compliant System
IRQ 103	Exclusive	Microsoft ACPI-Compliant System
IRQ 104	Exclusive	Microsoft ACPI-Compliant System
IRQ 105	Exclusive	Microsoft ACPI-Compliant System
IRQ 106	Exclusive	Microsoft ACPI-Compliant System
IRQ 107	Exclusive	Microsoft ACPI-Compliant System
IRQ 108	Exclusive	Microsoft ACPI-Compliant System
IRQ 109	Exclusive	Microsoft ACPI-Compliant System
IRQ 110	Exclusive	Microsoft ACPI-Compliant System
IRQ 111	Exclusive	Microsoft ACPI-Compliant System
IRQ 112	Exclusive	Microsoft ACPI-Compliant System
IRQ 113	Exclusive	Microsoft ACPI-Compliant System
IRQ 114	Exclusive	Microsoft ACPI-Compliant System
IRQ 115	Exclusive	Microsoft ACPI-Compliant System
IRQ 116	Exclusive	Microsoft ACPI-Compliant System
IRQ 117	Exclusive	Microsoft ACPI-Compliant System
IRQ 118	Exclusive	Microsoft ACPI-Compliant System
IRQ 119	Exclusive	Microsoft ACPI-Compliant System
IRQ 12	Exclusive	ASUS Touchpad
IRQ 120	Exclusive	Microsoft ACPI-Compliant System
IRQ 121	Exclusive	Microsoft ACPI-Compliant System
IRQ 122	Exclusive	Microsoft ACPI-Compliant System
IRQ 123	Exclusive	Microsoft ACPI-Compliant System
IRQ 124	Exclusive	Microsoft ACPI-Compliant System
IRQ 125	Exclusive	Microsoft ACPI-Compliant System
IRQ 126	Exclusive	Microsoft ACPI-Compliant System
IRQ 127	Exclusive	Microsoft ACPI-Compliant System
IRQ 128	Exclusive	Microsoft ACPI-Compliant System
IRQ 129	Exclusive	Microsoft ACPI-Compliant System
IRQ 130	Exclusive	Microsoft ACPI-Compliant System
IRQ 131	Exclusive	Microsoft ACPI-Compliant System
IRQ 132	Exclusive	Microsoft ACPI-Compliant System
IRQ 133	Exclusive	Microsoft ACPI-Compliant System
IRQ 134	Exclusive	Microsoft ACPI-Compliant System
IRQ 135	Exclusive	Microsoft ACPI-Compliant System
IRQ 136	Exclusive	Microsoft ACPI-Compliant System
IRQ 137	Exclusive	Microsoft ACPI-Compliant System
IRQ 138	Exclusive	Microsoft ACPI-Compliant System
IRQ 139	Exclusive	Microsoft ACPI-Compliant System
IRQ 140	Exclusive	Microsoft ACPI-Compliant System
IRQ 141	Exclusive	Microsoft ACPI-Compliant System
IRQ 142	Exclusive	Microsoft ACPI-Compliant System
IRQ 143	Exclusive	Microsoft ACPI-Compliant System
IRQ 144	Exclusive	Microsoft ACPI-Compliant System
IRQ 145	Exclusive	Microsoft ACPI-Compliant System
IRQ 146	Exclusive	Microsoft ACPI-Compliant System
IRQ 147	Exclusive	Microsoft ACPI-Compliant System
IRQ 148	Exclusive	Microsoft ACPI-Compliant System
IRQ 149	Exclusive	Microsoft ACPI-Compliant System
IRQ 150	Exclusive	Microsoft ACPI-Compliant System
IRQ 151	Exclusive	Microsoft ACPI-Compliant System
IRQ 152	Exclusive	Microsoft ACPI-Compliant System
IRQ 153	Exclusive	Microsoft ACPI-Compliant System
IRQ 154	Exclusive	Microsoft ACPI-Compliant System
IRQ 155	Exclusive	Microsoft ACPI-Compliant System
IRQ 156	Exclusive	Microsoft ACPI-Compliant System
IRQ 157	Exclusive	Microsoft ACPI-Compliant System
IRQ 158	Exclusive	Microsoft ACPI-Compliant System
IRQ 159	Exclusive	Microsoft ACPI-Compliant System
IRQ 16	Shared	Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
IRQ 16	Shared	Intel(R) Management Engine Interface
IRQ 160	Exclusive	Microsoft ACPI-Compliant System
IRQ 161	Exclusive	Microsoft ACPI-Compliant System
IRQ 162	Exclusive	Microsoft ACPI-Compliant System
IRQ 163	Exclusive	Microsoft ACPI-Compliant System
IRQ 164	Exclusive	Microsoft ACPI-Compliant System
IRQ 165	Exclusive	Microsoft ACPI-Compliant System
IRQ 166	Exclusive	Microsoft ACPI-Compliant System
IRQ 167	Exclusive	Microsoft ACPI-Compliant System
IRQ 168	Exclusive	Microsoft ACPI-Compliant System
IRQ 169	Exclusive	Microsoft ACPI-Compliant System
IRQ 17	Shared	Qualcomm Atheros AR9002WB-1NG Wireless Network Adapter
IRQ 170	Exclusive	Microsoft ACPI-Compliant System
IRQ 171	Exclusive	Microsoft ACPI-Compliant System
IRQ 172	Exclusive	Microsoft ACPI-Compliant System
IRQ 173	Exclusive	Microsoft ACPI-Compliant System
IRQ 174	Exclusive	Microsoft ACPI-Compliant System
IRQ 175	Exclusive	Microsoft ACPI-Compliant System
IRQ 176	Exclusive	Microsoft ACPI-Compliant System
IRQ 177	Exclusive	Microsoft ACPI-Compliant System
IRQ 178	Exclusive	Microsoft ACPI-Compliant System
IRQ 179	Exclusive	Microsoft ACPI-Compliant System
IRQ 18	Shared	Synaptics SMBus Driver
IRQ 180	Exclusive	Microsoft ACPI-Compliant System
IRQ 181	Exclusive	Microsoft ACPI-Compliant System
IRQ 182	Exclusive	Microsoft ACPI-Compliant System
IRQ 183	Exclusive	Microsoft ACPI-Compliant System
IRQ 184	Exclusive	Microsoft ACPI-Compliant System
IRQ 185	Exclusive	Microsoft ACPI-Compliant System
IRQ 186	Exclusive	Microsoft ACPI-Compliant System
IRQ 187	Exclusive	Microsoft ACPI-Compliant System
IRQ 188	Exclusive	Microsoft ACPI-Compliant System
IRQ 189	Exclusive	Microsoft ACPI-Compliant System
IRQ 19	Shared	Intel(R) 7 Series/C216 Chipset Family SATA AHCI Controller - 1E03
IRQ 190	Exclusive	Microsoft ACPI-Compliant System
IRQ 191	Exclusive	Microsoft ACPI-Compliant System
IRQ 192	Exclusive	Microsoft ACPI-Compliant System
IRQ 193	Exclusive	Microsoft ACPI-Compliant System
IRQ 194	Exclusive	Microsoft ACPI-Compliant System
IRQ 195	Exclusive	Microsoft ACPI-Compliant System
IRQ 196	Exclusive	Microsoft ACPI-Compliant System
IRQ 197	Exclusive	Microsoft ACPI-Compliant System
IRQ 198	Exclusive	Microsoft ACPI-Compliant System
IRQ 199	Exclusive	Microsoft ACPI-Compliant System
IRQ 200	Exclusive	Microsoft ACPI-Compliant System
IRQ 201	Exclusive	Microsoft ACPI-Compliant System
IRQ 202	Exclusive	Microsoft ACPI-Compliant System
IRQ 203	Exclusive	Microsoft ACPI-Compliant System
IRQ 204	Exclusive	Microsoft ACPI-Compliant System
IRQ 22	Shared	High Definition Audio Controller
IRQ 23	Shared	Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26
IRQ 256	Exclusive	Microsoft ACPI-Compliant System
IRQ 257	Exclusive	Microsoft ACPI-Compliant System
IRQ 258	Exclusive	Microsoft ACPI-Compliant System
IRQ 259	Exclusive	Microsoft ACPI-Compliant System
IRQ 260	Exclusive	Microsoft ACPI-Compliant System
IRQ 261	Exclusive	Microsoft ACPI-Compliant System
IRQ 262	Exclusive	Microsoft ACPI-Compliant System
IRQ 263	Exclusive	Microsoft ACPI-Compliant System
IRQ 264	Exclusive	Microsoft ACPI-Compliant System
IRQ 265	Exclusive	Microsoft ACPI-Compliant System
IRQ 266	Exclusive	Microsoft ACPI-Compliant System
IRQ 267	Exclusive	Microsoft ACPI-Compliant System
IRQ 268	Exclusive	Microsoft ACPI-Compliant System
IRQ 269	Exclusive	Microsoft ACPI-Compliant System
IRQ 270	Exclusive	Microsoft ACPI-Compliant System
IRQ 271	Exclusive	Microsoft ACPI-Compliant System
IRQ 272	Exclusive	Microsoft ACPI-Compliant System
IRQ 273	Exclusive	Microsoft ACPI-Compliant System
IRQ 274	Exclusive	Microsoft ACPI-Compliant System
IRQ 275	Exclusive	Microsoft ACPI-Compliant System
IRQ 276	Exclusive	Microsoft ACPI-Compliant System
IRQ 277	Exclusive	Microsoft ACPI-Compliant System
IRQ 278	Exclusive	Microsoft ACPI-Compliant System
IRQ 279	Exclusive	Microsoft ACPI-Compliant System
IRQ 280	Exclusive	Microsoft ACPI-Compliant System
IRQ 281	Exclusive	Microsoft ACPI-Compliant System
IRQ 282	Exclusive	Microsoft ACPI-Compliant System
IRQ 283	Exclusive	Microsoft ACPI-Compliant System
IRQ 284	Exclusive	Microsoft ACPI-Compliant System
IRQ 285	Exclusive	Microsoft ACPI-Compliant System
IRQ 286	Exclusive	Microsoft ACPI-Compliant System
IRQ 287	Exclusive	Microsoft ACPI-Compliant System
IRQ 288	Exclusive	Microsoft ACPI-Compliant System
IRQ 289	Exclusive	Microsoft ACPI-Compliant System
IRQ 290	Exclusive	Microsoft ACPI-Compliant System
IRQ 291	Exclusive	Microsoft ACPI-Compliant System
IRQ 292	Exclusive	Microsoft ACPI-Compliant System
IRQ 293	Exclusive	Microsoft ACPI-Compliant System
IRQ 294	Exclusive	Microsoft ACPI-Compliant System
IRQ 295	Exclusive	Microsoft ACPI-Compliant System
IRQ 296	Exclusive	Microsoft ACPI-Compliant System
IRQ 297	Exclusive	Microsoft ACPI-Compliant System
IRQ 298	Exclusive	Microsoft ACPI-Compliant System
IRQ 299	Exclusive	Microsoft ACPI-Compliant System
IRQ 300	Exclusive	Microsoft ACPI-Compliant System
IRQ 301	Exclusive	Microsoft ACPI-Compliant System
IRQ 302	Exclusive	Microsoft ACPI-Compliant System
IRQ 303	Exclusive	Microsoft ACPI-Compliant System
IRQ 304	Exclusive	Microsoft ACPI-Compliant System
IRQ 305	Exclusive	Microsoft ACPI-Compliant System
IRQ 306	Exclusive	Microsoft ACPI-Compliant System
IRQ 307	Exclusive	Microsoft ACPI-Compliant System
IRQ 308	Exclusive	Microsoft ACPI-Compliant System
IRQ 309	Exclusive	Microsoft ACPI-Compliant System
IRQ 310	Exclusive	Microsoft ACPI-Compliant System
IRQ 311	Exclusive	Microsoft ACPI-Compliant System
IRQ 312	Exclusive	Microsoft ACPI-Compliant System
IRQ 313	Exclusive	Microsoft ACPI-Compliant System
IRQ 314	Exclusive	Microsoft ACPI-Compliant System
IRQ 315	Exclusive	Microsoft ACPI-Compliant System
IRQ 316	Exclusive	Microsoft ACPI-Compliant System
IRQ 317	Exclusive	Microsoft ACPI-Compliant System
IRQ 318	Exclusive	Microsoft ACPI-Compliant System
IRQ 319	Exclusive	Microsoft ACPI-Compliant System
IRQ 320	Exclusive	Microsoft ACPI-Compliant System
IRQ 321	Exclusive	Microsoft ACPI-Compliant System
IRQ 322	Exclusive	Microsoft ACPI-Compliant System
IRQ 323	Exclusive	Microsoft ACPI-Compliant System
IRQ 324	Exclusive	Microsoft ACPI-Compliant System
IRQ 325	Exclusive	Microsoft ACPI-Compliant System
IRQ 326	Exclusive	Microsoft ACPI-Compliant System
IRQ 327	Exclusive	Microsoft ACPI-Compliant System
IRQ 328	Exclusive	Microsoft ACPI-Compliant System
IRQ 329	Exclusive	Microsoft ACPI-Compliant System
IRQ 330	Exclusive	Microsoft ACPI-Compliant System
IRQ 331	Exclusive	Microsoft ACPI-Compliant System
IRQ 332	Exclusive	Microsoft ACPI-Compliant System
IRQ 333	Exclusive	Microsoft ACPI-Compliant System
IRQ 334	Exclusive	Microsoft ACPI-Compliant System
IRQ 335	Exclusive	Microsoft ACPI-Compliant System
IRQ 336	Exclusive	Microsoft ACPI-Compliant System
IRQ 337	Exclusive	Microsoft ACPI-Compliant System
IRQ 338	Exclusive	Microsoft ACPI-Compliant System
IRQ 339	Exclusive	Microsoft ACPI-Compliant System
IRQ 340	Exclusive	Microsoft ACPI-Compliant System
IRQ 341	Exclusive	Microsoft ACPI-Compliant System
IRQ 342	Exclusive	Microsoft ACPI-Compliant System
IRQ 343	Exclusive	Microsoft ACPI-Compliant System
IRQ 344	Exclusive	Microsoft ACPI-Compliant System
IRQ 345	Exclusive	Microsoft ACPI-Compliant System
IRQ 346	Exclusive	Microsoft ACPI-Compliant System
IRQ 347	Exclusive	Microsoft ACPI-Compliant System
IRQ 348	Exclusive	Microsoft ACPI-Compliant System
IRQ 349	Exclusive	Microsoft ACPI-Compliant System
IRQ 350	Exclusive	Microsoft ACPI-Compliant System
IRQ 351	Exclusive	Microsoft ACPI-Compliant System
IRQ 352	Exclusive	Microsoft ACPI-Compliant System
IRQ 353	Exclusive	Microsoft ACPI-Compliant System
IRQ 354	Exclusive	Microsoft ACPI-Compliant System
IRQ 355	Exclusive	Microsoft ACPI-Compliant System
IRQ 356	Exclusive	Microsoft ACPI-Compliant System
IRQ 357	Exclusive	Microsoft ACPI-Compliant System
IRQ 358	Exclusive	Microsoft ACPI-Compliant System
IRQ 359	Exclusive	Microsoft ACPI-Compliant System
IRQ 360	Exclusive	Microsoft ACPI-Compliant System
IRQ 361	Exclusive	Microsoft ACPI-Compliant System
IRQ 362	Exclusive	Microsoft ACPI-Compliant System
IRQ 363	Exclusive	Microsoft ACPI-Compliant System
IRQ 364	Exclusive	Microsoft ACPI-Compliant System
IRQ 365	Exclusive	Microsoft ACPI-Compliant System
IRQ 366	Exclusive	Microsoft ACPI-Compliant System
IRQ 367	Exclusive	Microsoft ACPI-Compliant System
IRQ 368	Exclusive	Microsoft ACPI-Compliant System
IRQ 369	Exclusive	Microsoft ACPI-Compliant System
IRQ 370	Exclusive	Microsoft ACPI-Compliant System
IRQ 371	Exclusive	Microsoft ACPI-Compliant System
IRQ 372	Exclusive	Microsoft ACPI-Compliant System
IRQ 373	Exclusive	Microsoft ACPI-Compliant System
IRQ 374	Exclusive	Microsoft ACPI-Compliant System
IRQ 375	Exclusive	Microsoft ACPI-Compliant System
IRQ 376	Exclusive	Microsoft ACPI-Compliant System
IRQ 377	Exclusive	Microsoft ACPI-Compliant System
IRQ 378	Exclusive	Microsoft ACPI-Compliant System
IRQ 379	Exclusive	Microsoft ACPI-Compliant System
IRQ 380	Exclusive	Microsoft ACPI-Compliant System
IRQ 381	Exclusive	Microsoft ACPI-Compliant System
IRQ 382	Exclusive	Microsoft ACPI-Compliant System
IRQ 383	Exclusive	Microsoft ACPI-Compliant System
IRQ 384	Exclusive	Microsoft ACPI-Compliant System
IRQ 385	Exclusive	Microsoft ACPI-Compliant System
IRQ 386	Exclusive	Microsoft ACPI-Compliant System
IRQ 387	Exclusive	Microsoft ACPI-Compliant System
IRQ 388	Exclusive	Microsoft ACPI-Compliant System
IRQ 389	Exclusive	Microsoft ACPI-Compliant System
IRQ 390	Exclusive	Microsoft ACPI-Compliant System
IRQ 391	Exclusive	Microsoft ACPI-Compliant System
IRQ 392	Exclusive	Microsoft ACPI-Compliant System
IRQ 393	Exclusive	Microsoft ACPI-Compliant System
IRQ 394	Exclusive	Microsoft ACPI-Compliant System
IRQ 395	Exclusive	Microsoft ACPI-Compliant System
IRQ 396	Exclusive	Microsoft ACPI-Compliant System
IRQ 397	Exclusive	Microsoft ACPI-Compliant System
IRQ 398	Exclusive	Microsoft ACPI-Compliant System
IRQ 399	Exclusive	Microsoft ACPI-Compliant System
IRQ 400	Exclusive	Microsoft ACPI-Compliant System
IRQ 401	Exclusive	Microsoft ACPI-Compliant System
IRQ 402	Exclusive	Microsoft ACPI-Compliant System
IRQ 403	Exclusive	Microsoft ACPI-Compliant System
IRQ 404	Exclusive	Microsoft ACPI-Compliant System
IRQ 405	Exclusive	Microsoft ACPI-Compliant System
IRQ 406	Exclusive	Microsoft ACPI-Compliant System
IRQ 407	Exclusive	Microsoft ACPI-Compliant System
IRQ 408	Exclusive	Microsoft ACPI-Compliant System
IRQ 409	Exclusive	Microsoft ACPI-Compliant System
IRQ 410	Exclusive	Microsoft ACPI-Compliant System
IRQ 411	Exclusive	Microsoft ACPI-Compliant System
IRQ 412	Exclusive	Microsoft ACPI-Compliant System
IRQ 413	Exclusive	Microsoft ACPI-Compliant System
IRQ 414	Exclusive	Microsoft ACPI-Compliant System
IRQ 415	Exclusive	Microsoft ACPI-Compliant System
IRQ 416	Exclusive	Microsoft ACPI-Compliant System
IRQ 417	Exclusive	Microsoft ACPI-Compliant System
IRQ 418	Exclusive	Microsoft ACPI-Compliant System
IRQ 419	Exclusive	Microsoft ACPI-Compliant System
IRQ 420	Exclusive	Microsoft ACPI-Compliant System
IRQ 421	Exclusive	Microsoft ACPI-Compliant System
IRQ 422	Exclusive	Microsoft ACPI-Compliant System
IRQ 423	Exclusive	Microsoft ACPI-Compliant System
IRQ 424	Exclusive	Microsoft ACPI-Compliant System
IRQ 425	Exclusive	Microsoft ACPI-Compliant System
IRQ 426	Exclusive	Microsoft ACPI-Compliant System
IRQ 427	Exclusive	Microsoft ACPI-Compliant System
IRQ 428	Exclusive	Microsoft ACPI-Compliant System
IRQ 429	Exclusive	Microsoft ACPI-Compliant System
IRQ 430	Exclusive	Microsoft ACPI-Compliant System
IRQ 431	Exclusive	Microsoft ACPI-Compliant System
IRQ 432	Exclusive	Microsoft ACPI-Compliant System
IRQ 433	Exclusive	Microsoft ACPI-Compliant System
IRQ 434	Exclusive	Microsoft ACPI-Compliant System
IRQ 435	Exclusive	Microsoft ACPI-Compliant System
IRQ 436	Exclusive	Microsoft ACPI-Compliant System
IRQ 437	Exclusive	Microsoft ACPI-Compliant System
IRQ 438	Exclusive	Microsoft ACPI-Compliant System
IRQ 439	Exclusive	Microsoft ACPI-Compliant System
IRQ 440	Exclusive	Microsoft ACPI-Compliant System
IRQ 441	Exclusive	Microsoft ACPI-Compliant System
IRQ 442	Exclusive	Microsoft ACPI-Compliant System
IRQ 443	Exclusive	Microsoft ACPI-Compliant System
IRQ 444	Exclusive	Microsoft ACPI-Compliant System
IRQ 445	Exclusive	Microsoft ACPI-Compliant System
IRQ 446	Exclusive	Microsoft ACPI-Compliant System
IRQ 447	Exclusive	Microsoft ACPI-Compliant System
IRQ 448	Exclusive	Microsoft ACPI-Compliant System
IRQ 449	Exclusive	Microsoft ACPI-Compliant System
IRQ 450	Exclusive	Microsoft ACPI-Compliant System
IRQ 451	Exclusive	Microsoft ACPI-Compliant System
IRQ 452	Exclusive	Microsoft ACPI-Compliant System
IRQ 453	Exclusive	Microsoft ACPI-Compliant System
IRQ 454	Exclusive	Microsoft ACPI-Compliant System
IRQ 455	Exclusive	Microsoft ACPI-Compliant System
IRQ 456	Exclusive	Microsoft ACPI-Compliant System
IRQ 457	Exclusive	Microsoft ACPI-Compliant System
IRQ 458	Exclusive	Microsoft ACPI-Compliant System
IRQ 459	Exclusive	Microsoft ACPI-Compliant System
IRQ 460	Exclusive	Microsoft ACPI-Compliant System
IRQ 461	Exclusive	Microsoft ACPI-Compliant System
IRQ 462	Exclusive	Microsoft ACPI-Compliant System
IRQ 463	Exclusive	Microsoft ACPI-Compliant System
IRQ 464	Exclusive	Microsoft ACPI-Compliant System
IRQ 465	Exclusive	Microsoft ACPI-Compliant System
IRQ 466	Exclusive	Microsoft ACPI-Compliant System
IRQ 467	Exclusive	Microsoft ACPI-Compliant System
IRQ 468	Exclusive	Microsoft ACPI-Compliant System
IRQ 469	Exclusive	Microsoft ACPI-Compliant System
IRQ 470	Exclusive	Microsoft ACPI-Compliant System
IRQ 471	Exclusive	Microsoft ACPI-Compliant System
IRQ 472	Exclusive	Microsoft ACPI-Compliant System
IRQ 473	Exclusive	Microsoft ACPI-Compliant System
IRQ 474	Exclusive	Microsoft ACPI-Compliant System
IRQ 475	Exclusive	Microsoft ACPI-Compliant System
IRQ 476	Exclusive	Microsoft ACPI-Compliant System
IRQ 477	Exclusive	Microsoft ACPI-Compliant System
IRQ 478	Exclusive	Microsoft ACPI-Compliant System
IRQ 479	Exclusive	Microsoft ACPI-Compliant System
IRQ 480	Exclusive	Microsoft ACPI-Compliant System
IRQ 481	Exclusive	Microsoft ACPI-Compliant System
IRQ 482	Exclusive	Microsoft ACPI-Compliant System
IRQ 483	Exclusive	Microsoft ACPI-Compliant System
IRQ 484	Exclusive	Microsoft ACPI-Compliant System
IRQ 485	Exclusive	Microsoft ACPI-Compliant System
IRQ 486	Exclusive	Microsoft ACPI-Compliant System
IRQ 487	Exclusive	Microsoft ACPI-Compliant System
IRQ 488	Exclusive	Microsoft ACPI-Compliant System
IRQ 489	Exclusive	Microsoft ACPI-Compliant System
IRQ 490	Exclusive	Microsoft ACPI-Compliant System
IRQ 491	Exclusive	Microsoft ACPI-Compliant System
IRQ 492	Exclusive	Microsoft ACPI-Compliant System
IRQ 493	Exclusive	Microsoft ACPI-Compliant System
IRQ 494	Exclusive	Microsoft ACPI-Compliant System
IRQ 495	Exclusive	Microsoft ACPI-Compliant System
IRQ 496	Exclusive	Microsoft ACPI-Compliant System
IRQ 497	Exclusive	Microsoft ACPI-Compliant System
IRQ 498	Exclusive	Microsoft ACPI-Compliant System
IRQ 499	Exclusive	Microsoft ACPI-Compliant System
IRQ 500	Exclusive	Microsoft ACPI-Compliant System
IRQ 501	Exclusive	Microsoft ACPI-Compliant System
IRQ 502	Exclusive	Microsoft ACPI-Compliant System
IRQ 503	Exclusive	Microsoft ACPI-Compliant System
IRQ 504	Exclusive	Microsoft ACPI-Compliant System
IRQ 505	Exclusive	Microsoft ACPI-Compliant System
IRQ 506	Exclusive	Microsoft ACPI-Compliant System
IRQ 507	Exclusive	Microsoft ACPI-Compliant System
IRQ 508	Exclusive	Microsoft ACPI-Compliant System
IRQ 509	Exclusive	Microsoft ACPI-Compliant System
IRQ 510	Exclusive	Microsoft ACPI-Compliant System
IRQ 511	Exclusive	Microsoft ACPI-Compliant System
IRQ 54	Exclusive	Microsoft ACPI-Compliant System
IRQ 55	Exclusive	Microsoft ACPI-Compliant System
IRQ 56	Exclusive	Microsoft ACPI-Compliant System
IRQ 57	Exclusive	Microsoft ACPI-Compliant System
IRQ 58	Exclusive	Microsoft ACPI-Compliant System
IRQ 59	Exclusive	Microsoft ACPI-Compliant System
IRQ 60	Exclusive	Microsoft ACPI-Compliant System
IRQ 61	Exclusive	Microsoft ACPI-Compliant System
IRQ 62	Exclusive	Microsoft ACPI-Compliant System
IRQ 63	Exclusive	Microsoft ACPI-Compliant System
IRQ 64	Exclusive	Microsoft ACPI-Compliant System
IRQ 65	Exclusive	Microsoft ACPI-Compliant System
IRQ 65536	Exclusive	Realtek PCIe GBE Family Controller
IRQ 65536	Exclusive	Intel(R) HD Graphics 4000
IRQ 65536	Exclusive	Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)
IRQ 66	Exclusive	Microsoft ACPI-Compliant System
IRQ 67	Exclusive	Microsoft ACPI-Compliant System
IRQ 68	Exclusive	Microsoft ACPI-Compliant System
IRQ 69	Exclusive	Microsoft ACPI-Compliant System
IRQ 70	Exclusive	Microsoft ACPI-Compliant System
IRQ 71	Exclusive	Microsoft ACPI-Compliant System
IRQ 72	Exclusive	Microsoft ACPI-Compliant System
IRQ 73	Exclusive	Microsoft ACPI-Compliant System
IRQ 74	Exclusive	Microsoft ACPI-Compliant System
IRQ 75	Exclusive	Microsoft ACPI-Compliant System
IRQ 76	Exclusive	Microsoft ACPI-Compliant System
IRQ 77	Exclusive	Microsoft ACPI-Compliant System
IRQ 78	Exclusive	Microsoft ACPI-Compliant System
IRQ 79	Exclusive	Microsoft ACPI-Compliant System
IRQ 80	Exclusive	Microsoft ACPI-Compliant System
IRQ 81	Exclusive	Microsoft ACPI-Compliant System
IRQ 82	Exclusive	Microsoft ACPI-Compliant System
IRQ 83	Exclusive	Microsoft ACPI-Compliant System
IRQ 84	Exclusive	Microsoft ACPI-Compliant System
IRQ 85	Exclusive	Microsoft ACPI-Compliant System
IRQ 86	Exclusive	Microsoft ACPI-Compliant System
IRQ 87	Exclusive	Microsoft ACPI-Compliant System
IRQ 88	Exclusive	Microsoft ACPI-Compliant System
IRQ 89	Exclusive	Microsoft ACPI-Compliant System
IRQ 90	Exclusive	Microsoft ACPI-Compliant System
IRQ 91	Exclusive	Microsoft ACPI-Compliant System
IRQ 92	Exclusive	Microsoft ACPI-Compliant System
IRQ 93	Exclusive	Microsoft ACPI-Compliant System
IRQ 94	Exclusive	Microsoft ACPI-Compliant System
IRQ 95	Exclusive	Microsoft ACPI-Compliant System
IRQ 96	Exclusive	Microsoft ACPI-Compliant System
IRQ 97	Exclusive	Microsoft ACPI-Compliant System
IRQ 98	Exclusive	Microsoft ACPI-Compliant System
IRQ 99	Exclusive	Microsoft ACPI-Compliant System
Memory 000A0000-000BFFFF	Shared	Intel(R) HD Graphics 4000
Memory 000A0000-000BFFFF	Shared	PCI Express Root Complex
Memory 000D0000-000D3FFF	Shared	PCI Express Root Complex
Memory 000D4000-000D7FFF	Shared	PCI Express Root Complex
Memory 000D8000-000DBFFF	Shared	PCI Express Root Complex
Memory 000DC000-000DFFFF	Shared	PCI Express Root Complex
Memory DF200000-FEAFFFFF	Shared	PCI Express Root Complex
Memory E0000000-EFFFFFFF	Exclusive	Intel(R) HD Graphics 4000
Memory F0000000-F0003FFF	Exclusive	Realtek PCIe GBE Family Controller
Memory F0000000-F00FFFFF	Exclusive	PCI-to-PCI Bridge
Memory F0004000-F0004FFF	Exclusive	Realtek PCIe GBE Family Controller
Memory F7800000-F7BFFFFF	Exclusive	Intel(R) HD Graphics 4000
Memory F7C00000-F7CFFFFF	Exclusive	PCI-to-PCI Bridge
Memory F7CF0000-F7CFFFFF	Exclusive	Qualcomm Atheros AR9002WB-1NG Wireless Network Adapter
Memory F7D00000-F7D0FFFF	Exclusive	Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)
Memory F7D15000-F7D150FF	Exclusive	Synaptics SMBus Driver
Memory F7D16000-F7D167FF	Exclusive	Intel(R) 7 Series/C216 Chipset Family SATA AHCI Controller - 1E03
Memory F7D17000-F7D173FF	Exclusive	Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26
Memory F7D18000-F7D183FF	Exclusive	Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
Memory F7D1A000-F7D1A00F	Exclusive	Intel(R) Management Engine Interface
Memory FEAFC000-FEAFFFFF	Exclusive	High Definition Audio Controller
Port 0000-0CF7	Shared	PCI Express Root Complex
Port 0060-0060	Exclusive	Keyboard Device Filter
Port 0062-0062	Exclusive	Microsoft ACPI-Compliant Embedded Controller
Port 0064-0064	Exclusive	Keyboard Device Filter
Port 0066-0066	Exclusive	Microsoft ACPI-Compliant Embedded Controller
Port 0070-0077	Exclusive	System CMOS/real time clock
Port 03B0-03BB	Shared	Intel(R) HD Graphics 4000
Port 03C0-03DF	Shared	Intel(R) HD Graphics 4000
Port 0D00-FFFF	Shared	PCI Express Root Complex
Port E000-E0FF	Exclusive	Realtek PCIe GBE Family Controller
Port E000-EFFF	Exclusive	PCI-to-PCI Bridge
Port F000-F03F	Exclusive	Intel(R) HD Graphics 4000
Port F040-F05F	Exclusive	Synaptics SMBus Driver
Port F060-F07F	Exclusive	Intel(R) 7 Series/C216 Chipset Family SATA AHCI Controller - 1E03
Port F080-F083	Exclusive	Intel(R) 7 Series/C216 Chipset Family SATA AHCI Controller - 1E03
Port F090-F097	Exclusive	Intel(R) 7 Series/C216 Chipset Family SATA AHCI Controller - 1E03
Port F0A0-F0A3	Exclusive	Intel(R) 7 Series/C216 Chipset Family SATA AHCI Controller - 1E03
Port F0B0-F0B7	Exclusive	Intel(R) 7 Series/C216 Chipset Family SATA AHCI Controller - 1E03

Input


[ Keyboard Device Filter ]

	Keyboard Properties:
		Keyboard Name	Keyboard Device Filter
		Keyboard Type	Japanese keyboard
		Keyboard Layout	US
		ANSI Code Page	1252 - Western European (Windows)
		OEM Code Page	437
		Repeat Delay	1
		Repeat Rate	31

[ ASUS Touchpad ]

	Mouse Properties:
		Mouse Name	ASUS Touchpad
		Mouse Buttons	8
		Mouse Hand	Right
		Pointer Speed	0
		Double-Click Time	500 msec
		X/Y Threshold	0 / 0
		Wheel Scroll Lines	4

	Mouse Features:
		Active Window Tracking	Disabled
		ClickLock	Disabled
		Hide Pointer While Typing	Enabled
		Mouse Wheel	Present
		Move Pointer To Default Button	Disabled
		Pointer Trails	Disabled
		Sonar	Disabled

Printers


[ Fax ]

	Printer Properties:
		Printer Name	Fax
		Default Printer	No
		Share Point	Not shared
		Printer Port	SHRFAX:
		Printer Driver	Microsoft Shared Fax Driver (v4.00)
		Device Name	Fax
		Print Processor	winprint
		Separator Page	None
		Availability	8:00 AM - 8:00 AM
		Priority	1
		Print Jobs Queued	0
		Status	Unknown

	Paper Properties:
		Paper Size	Letter, 8.5 x 11 in
		Orientation	Portrait
		Print Quality	200 x 200 dpi Mono

[ Microsoft Print to PDF ]

	Printer Properties:
		Printer Name	Microsoft Print to PDF
		Default Printer	No
		Share Point	Not shared
		Printer Port	PORTPROMPT:
		Printer Driver	Microsoft Print To PDF (v6.03)
		Device Name	Microsoft Print to PDF
		Print Processor	winprint
		Separator Page	None
		Availability	Always
		Priority	1
		Print Jobs Queued	0
		Status	Unknown

	Paper Properties:
		Paper Size	Letter, 8.5 x 11 in
		Orientation	Portrait
		Print Quality	600 x 600 dpi Color

[ Microsoft XPS Document Writer (Default) ]

	Printer Properties:
		Printer Name	Microsoft XPS Document Writer
		Default Printer	Yes
		Share Point	Not shared
		Printer Port	PORTPROMPT:
		Printer Driver	Microsoft XPS Document Writer v4 (v6.03)
		Device Name	Microsoft XPS Document Writer
		Print Processor	winprint
		Separator Page	None
		Availability	8:00 AM - 8:00 AM
		Priority	1
		Print Jobs Queued	0
		Status	Unknown

	Paper Properties:
		Paper Size	Letter, 8.5 x 11 in
		Orientation	Portrait
		Print Quality	600 x 600 dpi Color

Auto Start


Application Description	Start From	Application Command
AdobeAAMUpdater-1.0	Registry\Common\Run	C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
AdobeCEPServiceManager	Registry\Common\Run	C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe -launchedbylogin
AirDroid 3	Registry\User\Run	C:\Program Files (x86)\AirDroid\AirDroid.exe /start
ETDCtrl	Registry\Common\Run	%ProgramFiles%\Elantech\ETDCtrl.exe
IDM trial reset	Registry\User\Run	E:\Soft\[opensource] IDM trial reset\idm_trial_reset.exe /trial
IDMan	Registry\User\Run	C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
LibreOffice 5.0	StartMenu\User	C:\Program Files (x86)\LibreOffice 5\program\quickstart.exe
OneDrive	Registry\User\Run	C:\Users\Truong\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background
OscarEditor	Registry\User\Run	C:\Program Files (x86)\GXStandard16-in-1\GXStandard16in1.exe Minimum
RTHDVCPL	Registry\Common\Run	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
SnippingTool	Registry\User\Run	C:\Program Files (x86)\ScreenCaptureTool\ScreenCapture.exe Minimum
Steam	Registry\User\Run	C:\Program Files (x86)\Steam\steam.exe -silent
SunJavaUpdateSched	Registry\Common\Run	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
UniKey	Registry\User\Run	D:\appnotremove\unikey42RC4-140823-win64\UniKeyNT.exe

Scheduled


[ {08F395C6-D129-43D9-B2C1-1A0B3F247EE2} ]

	Task Properties:
		Task Name	{08F395C6-D129-43D9-B2C1-1A0B3F247EE2}
		Status	Enabled
		Application Name	"c:\program files\internet explorer\iexplore.exe"
		Application Parameters	http://www.skype.com/go/downloading?source=lightinstaller&ver=7.2.0.103&LastError=12007
		Working Folder
		Comment
		Account Name
		Creator	SkypeSetupLight
		Last Run	12-6-2015 7:56:54 PM
		Next Run	Unknown

[ {8DCBD1CA-4F0B-499C-A0D2-5DF4DF26FD9C} ]

	Task Properties:
		Task Name	{8DCBD1CA-4F0B-499C-A0D2-5DF4DF26FD9C}
		Status	Enabled
		Application Name	C:\WINDOWS\system32\pcalua.exe
		Application Parameters	-a "C:\Program Files\Elantech\ETDUn_inst.exe"
		Working Folder
		Comment
		Account Name	Truong
		Creator
		Last Run	18-7-2015 7:53:02 PM
		Next Run	Unknown

[ {FE016D01-424E-40D6-9C17-0A3036398A76} ]

	Task Properties:
		Task Name	{FE016D01-424E-40D6-9C17-0A3036398A76}
		Status	Enabled
		Application Name	C:\Windows\system32\pcalua.exe
		Application Parameters	-a E:\Download\Programs\win64_153332.exe -d C:\Users\Truong\AppData\Roaming\IDM
		Working Folder
		Comment
		Account Name	Truong
		Creator
		Last Run	16-6-2015 11:07:04 AM
		Next Run	Unknown

[ AdobeAAMUpdater-1.0-MicrosoftAccount-truongvanbang@hotmail ]


[ ASUS Smart Gesture Launcher ]

	Task Properties:
		Task Name	ASUS Smart Gesture Launcher
		Status	Enabled
		Application Name	C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
		Application Parameters
		Working Folder
		Comment	ASUS Smart Gesture Launcher
		Account Name
		Creator	ASUS
		Last Run	26-9-2015 5:58:59 PM
		Next Run	Unknown

	Task Triggers:
		At log on	At log on of any user

[ ATK Package 36D18D69AFC3 ]

	Task Properties:
		Task Name	ATK Package 36D18D69AFC3
		Status	Enabled
		Application Name	"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe"
		Application Parameters	-CancelShutdown
		Working Folder
		Comment
		Account Name	SYSTEM
		Creator	ASUSTek Computer Inc.
		Last Run	30-11-1999
		Next Run	Unknown

[ ATK Package A22126881260 ]

	Task Properties:
		Task Name	ATK Package A22126881260
		Status	Enabled
		Application Name	"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe"
		Application Parameters
		Working Folder
		Comment
		Account Name
		Creator	ASUSTek Computer Inc.
		Last Run	30-11-1999
		Next Run	Unknown

[ GoogleUpdateTaskMachineCore ]

	Task Properties:
		Task Name	GoogleUpdateTaskMachineCore
		Status	Enabled
		Application Name	C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
		Application Parameters	/c
		Working Folder
		Comment	Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
		Account Name	SYSTEM
		Creator	WORKGROUP\VANBANGIT$
		Last Run	26-9-2015 5:58:55 PM
		Next Run	27-9-2015 5:27:00 PM

	Task Triggers:
		At log on	At log on of any user
		Daily	At 5:27:00 PM every day

[ GoogleUpdateTaskMachineUA ]

	Task Properties:
		Task Name	GoogleUpdateTaskMachineUA
		Status	Enabled
		Application Name	C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
		Application Parameters	/ua /installsource scheduler
		Working Folder
		Comment	Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
		Account Name	SYSTEM
		Creator	WORKGROUP\VANBANGIT$
		Last Run	25-9-2015 10:26:59 PM
		Next Run	26-9-2015 6:27:00 PM

	Task Triggers:
		Daily	At 5:27:00 PM every day - After triggered, repeat every 1 hour for a duration of 1 day

[ Optimize Start Menu Cache Files-S-1-5-21-886380259-2908458254-2842452784-1001 ]

	Task Properties:
		Task Name	Optimize Start Menu Cache Files-S-1-5-21-886380259-2908458254-2842452784-1001
		Status	Disabled
		Application Name
		Application Parameters
		Working Folder
		Comment	This idle task reorganizes the cache files used to display the start menu. It is enabled only when the cache files are not optimally organized.
		Account Name	Truong
		Creator	Microsoft Corporation
		Last Run	18-7-2015 9:36:46 AM
		Next Run	Unknown

	Task Triggers:
		On idle	When computer is idle

Installed Programs


Program	Version	Inst. Size	GUID	Publisher	Inst. Date
16-in-1	11.09.0002	Unknown	InstallShield_{F5102A3B-0990-4E26-A289-5158D77F6455}	A4TECH	2015-07-21
Adobe Dreamweaver CC	13	Unknown	{00E094E1-A852-11E2-803D-ACEA632352B4}	Adobe Systems Incorporated
Adobe Photoshop CC 2014	15.0	Unknown	{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}	Adobe Systems Incorporated
AIDA64 Extreme Edition v2.80	2.80	Unknown	AIDA64 Extreme Edition_is1	FinalWire Ltd.	2015-09-26
AirDroid 3.1.4.0	3.1.4.0	Unknown	AirDroid	Sand Studio
Aptana Studio	3.6.0	Unknown	Aptana Studio 3.6.0	Appcelerator
Aptana Studio	3.6.0	Unknown	Aptana Studio 3.6.0	Appcelerator
Aptana Studio	3.6.0	Unknown	{2D6C1116-78C6-469C-9923-3E549218773F}	Appcelerator	2015-08-28
ASUS Smart Gesture	4.0.5	Unknown	{4D3286A6-F6AB-498A-82A4-E4F040529F3D}	ASUS	2015-08-11
ATK Package	1.0.0038	Unknown	{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}	ASUS	2015-07-18
Battle.net		Unknown	Battle.net	Blizzard Entertainment
BlueStacks App Player	0.9.30.9239	Unknown	BlueStacks App Player	BlueStack Systems, Inc.
BlueStacks Notification Center	0.9.30.9239	Unknown	{4FCF716C-CEB4-499D-AFB8-A5375105EC2A}	BlueStack Systems, Inc.	2015-06-12
Bonjour	1.0.106	Unknown	{07287123-B8AC-41CE-8346-3D777245C35B}	Apple Inc.	2015-08-07
Composer - Php Dependency Manager		Unknown	{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1	getcomposer.org	2015-07-09
CPUID CPU-Z 1.73		Unknown	CPUID CPU-Z_is1		2015-09-13
DAO THAP 3D VGG version 1.4.6.1	1.4.6.1	Unknown	{60A3DBC9-9568-41F2-A89G-FAFC7D11A349}_is1	VGGJSC	2015-09-03
Dota 2		Unknown	Steam App 570	Valve
Foxit Reader 5.1	5.1.0.1021	Unknown	Foxit Reader_is1	Foxit Corporation	2015-06-12
Git version 1.9.5-preview20150319	1.9.5-preview20150319	Unknown	Git_is1	The Git Development Community	2015-07-14
Google Chrome	45.0.2454.99	Unknown	Google Chrome	Google Inc.	2015-06-12
Google Update Helper	1.3.28.15	Unknown	{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}	Google Inc.	2015-09-16
HD Tune Pro 5.50		Unknown	HD Tune Pro_is1	EFD Software	2015-09-12
Intel(R) Processor Graphics	10.18.10.3993	Unknown	{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}	Intel Corporation
Intel(R) SDK for OpenCL - CPU Only Runtime Package	2.0.0.37149	Unknown	{FCB3772C-B7D0-4933-B1A9-3707EBACC573}	Intel Corporation
Internet Download Manager		Unknown	Internet Download Manager	Tonec Inc.
Java 8 Update 51	8.0.510	Unknown	{26A24AE4-039D-4CA4-87B4-2F83218051F0}	Oracle Corporation	2015-08-29
Java Auto Updater	2.8.51.16	Unknown	{4A03706F-666A-4037-7777-5F2748764D10}	Oracle Corporation	2015-08-29
Koala version 2.0.4	2.0.4	Unknown	{434536F5-D7D0-4558-B756-F5D65705068A}_is1	Ethan Lai	2015-07-12
Lara Croft and the Guardian of Light		Unknown	Lara Croft and the Guardian of Light_is1		2015-06-16
LibreOffice 5.0.0.5	5.0.0.5	Unknown	{48806D1D-C8D3-4235-8893-D5A03BAFC307}	The Document Foundation	2015-08-05
Microsoft Office File Validation Add-In	14.0.5130.5003	Unknown	{90140000-2005-0000-0000-0000000FF1CE}	Microsoft Corporation	2015-07-18
Microsoft Silverlight	5.1.40728.0	Unknown	{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}	Microsoft Corporation	2015-08-12
Microsoft Visual C++ 2005 Redistributable	8.0.61001	Unknown	{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}	Microsoft Corporation	2015-07-18
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	9.0.30729.6161	Unknown	{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}	Microsoft Corporation	2015-06-12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	9.0.30729	Unknown	{9A25302D-30C0-39D9-BD6F-21E6EC160475}	Microsoft Corporation	2015-07-20
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	9.0.30729.6161	Unknown	{9BE518E6-ECC6-35A9-88E4-87755C07200F}	Microsoft Corporation	2015-06-12
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219	10.0.40219	Unknown	{1D8E6291-B0D5-35EC-8441-6616F567A0F7}	Microsoft Corporation	2015-08-29
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219	10.0.40219	Unknown	{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}	Microsoft Corporation	2015-08-29
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030	11.0.61030.0	Unknown	{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}	Microsoft Corporation
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030	11.0.61030.0	Unknown	{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}	Microsoft Corporation
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030	11.0.61030	Unknown	{37B8F9C7-03FB-3253-8781-2517C99D7C00}	Microsoft Corporation	2015-07-20
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030	11.0.61030	Unknown	{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}	Microsoft Corporation	2015-07-20
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030	11.0.61030	Unknown	{B175520C-86A2-35A7-8619-86DC379688B9}	Microsoft Corporation	2015-06-12
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030	11.0.61030	Unknown	{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}	Microsoft Corporation	2015-06-12
Mozilla Firefox 40.0 (x86 vi)	40.0	Unknown	Mozilla Firefox 40.0 (x86 vi)	Mozilla
Mozilla Maintenance Service	40.0.0.5697	Unknown	MozillaMaintenanceService	Mozilla
Node.js	0.10.13	Unknown	{2D41A012-35EE-4724-AE8E-E592EDD9F89D}	Joyent, Inc. and other Node contributors	2015-08-28
Notepad++	6.6.7	Unknown	Notepad++	Notepad++ Team
Oracle VM VirtualBox 5.0.0	5.0.0	Unknown	{FCD0B365-2189-45F3-9AF2-2BCED86C121A}	Oracle Corporation	2015-07-17
PowerISO	5.8	Unknown	PowerISO	Power Software Ltd
Realtek High Definition Audio Driver	6.0.1.6657	Unknown	{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}	Realtek Semiconductor Corp.
Screen capture tool	11.09.0001	Unknown	InstallShield_{5665DF50-0B98-4EF2-8081-CC1713021691}	A4TECH	2015-07-16
Skype Click to Call	7.4.0.9058	Unknown	{6D1221A9-17BF-4EC0-81F2-27D30EC30701}	Microsoft Corporation	2015-06-12
Skype� 7.8	7.8.102	Unknown	{6A0549A9-1B96-498C-ACBC-3943001FEB19}	Skype Technologies S.A.	2015-09-21
SQLyog 9.51	9.51	Unknown	SQLyog	Webyog Inc.
Steam	2.10.91.91	Unknown	Steam	Valve Corporation
TeamViewer 10	10.0.43879	Unknown	TeamViewer	TeamViewer
The KMPlayer (remove only)	3.6.0.87	Unknown	The KMPlayer	KMP Media co., Ltd
Tombraider		Unknown	Tombraider_is1		2015-06-16
Truy Kich 1.0	1.0	Unknown	{0B1B8DD9-FEE4-4342-94C2-A89E1A247AE6}_is1		2015-08-05
Vagrant	1.7.4	Unknown	{40886BCB-FC93-4ED9-AE73-22568B8972D7}	HashiCorp	2015-08-05
VEGA USB Driver	4.14.1.0	Unknown	{D14F9D82-65A0-4b1f-BF81-0D8AEE0B3A60}	Pantech. Co., Ltd
Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 1.0.0.262)	06/17/2015 1.0.0.262	Unknown	14588A15B66655338DBCC021FFA81E31DC281859	ASUS
WinRAR 5.21 (64-bit)	5.21.0	Unknown	WinRAR archiver	win.rar GmbH
Your Uninstaller! 7	7.5.2013.2	Unknown	YU2010_is1	URSoft, Inc.	2015-06-29
YTD Video Downloader 4.8	4.8	Unknown	{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}	GreenTree Applications SRL

Licenses


		Software	Product Key
		Microsoft Internet Explorer 9.11.10240.16384	BBBBB-BBBBB-BBBBB-BBBBB-BBBBB
		Microsoft Windows 8 Professional	QJNXR-YD97Q-K7WH4-RYWQ8-6MT6Y

File Types


Extension	File Type Description	Content Type
386	Virtual Device Driver
3DS	3DS File
3FR	3FR File
3G2	3GPP2 Audio/Video	video/3gpp2
3GP	3GPP Audio/Video	video/3gpp
3GP2	3GPP2 Audio/Video	video/3gpp2
3GPP	3GPP Audio/Video	video/3gpp
7Z	WinRAR archive
8BA	8BA File
8BC	8BC File
8BE	8BE File
8BF	8BF File
8BI	8BI File
8BP	8BP File
8BS	8BS File
8BX	8BX File
8BY	8BY File
8LI	8LI File
AAC	ADTS Audio	audio/vnd.dlna.adts
ABR	ABR File
ACB	ACB File
ACCOUNTPICTURE-MS	Account Picture File	application/windows-accountpicture
ACE	WinRAR archive
ACF	ACF File
ACO	ACO File
ACT	ACT File
ACV	ACV File
ADO	ADO File
ADT	ADTS Audio	audio/vnd.dlna.adts
ADTS	ADTS Audio	audio/vnd.dlna.adts
AHS	AHS File
AHU	AHU File
AIF	AIFF Format Sound	audio/aiff
AIFC	AIFF Format Sound	audio/aiff
AIFF	AIFF Format Sound	audio/aiff
ALV	ALV File
AMP	AMP File
AMS	AMS File
ANI	Animated Cursor
API	API File
APK	BlueStacks Android Package File
APL	APL File
APPCONTENT-MS	Application Content	application/windows-appcontent+xml
APPLICATION	Application Manifest	application/x-ms-application
APPREF-MS	Application Reference
ARJ	WinRAR archive
ASA	ASA File
ASE	ASE File
ASF	Windows Media Audio/Video file	video/x-ms-asf
ASHDISC	PowerISO File
ASL	ASL File
ASP	ASP File
AST	AST File
ASV	ASV File
ASX	Windows Media Audio/Video playlist	video/x-ms-asf
ATF	ATF File
ATN	ATN File
AU	AU Format Sound	audio/basic
AVA	AVA File
AVI	Video Clip	video/avi
AXT	AXT File
B5I	PowerISO File
BAT	Windows Batch File
BAU	LibreOffice Configuration File
BIF	PowerISO File
BIN	PowerISO File
BLG	Performance Monitor File
BLUESTACKS	BlueStacks Android App Runner
BLW	BLW File
BMP	Bitmap Image	image/bmp
BWI	PowerISO File
BZ	WinRAR archive
BZ2	WinRAR archive
C2D	PowerISO File
CAB	WinRAR archive
CAMP	WCS Viewing Condition Profile
CAT	Security Catalog	application/vnd.ms-pki.seccat
CDA	CD Audio Track
CDI	PowerISO File
CDMP	WCS Device Profile
CDX	CDX File
CDXML	CDXML File
CER	Security Certificate	application/x-x509-ca-cert
CHA	CHA File
CHK	Recovered File Fragments
CHM	Compiled HTML Help file
CIF	PowerISO File
CIN	CIN File
CMD	Windows Command Script
COM	MS-DOS Application
COMPOSITEFONT	Composite Font File
CONTACT	Contact File	text/x-ms-contact
CPL	Control Panel Item
CRL	Certificate Revocation List	application/pkix-crl
CRT	Security Certificate	application/x-x509-ca-cert
CSH	CSH File
CSS	Cascading Style Sheet Document	text/css
CUE	PowerISO File
CUR	Cursor
DAA	PowerISO File
DAE	DAE File
DB	Data Base File
DCP	DCP File
DCPR	DCPR File
DCR	DCR File
DCTX	Open Extended Dictionary
DCTXC	Open Extended Dictionary
DDS	DDS Image	image/vnd.ms-dds
DER	Security Certificate	application/x-x509-ca-cert
DESKLINK	Desktop Shortcut
DESKTHEMEPACK	Windows Desktop Theme Pack
DIAGCAB	Diagnostic Cabinet
DIAGCFG	Diagnostic Configuration
DIAGPKG	Diagnostic Document
DIB	Bitmap Image	image/bmp
DLL	Application Extension	application/x-msdownload
DMG	PowerISO File
DNG	DNG File	image/DNG
DRV	Device Driver
DSN	Microsoft OLE DB Provider for ODBC Drivers
DWFX	XPS Document	model/vnd.dwfx+xps
EAP	EAP File
EASMX	XPS Document	model/vnd.easmx+xps
EDRWX	XPS Document	model/vnd.edrwx+xps
EMF	EMF File	image/x-emf
EML	EML File
EPRTX	XPS Document	model/vnd.eprtx+xps
EVT	EVT File
EVTX	EVTX File
EXE	Application	application/x-msdownload
EXR	EXR File
FCD	PowerISO File
FDF	Foxit Reader FDF Document
FFF	FFF File
FFO	FFO File
FL3	FL3 File
FLAC	FLAC Audio	audio/x-flac
FLP	PowerISO File
FODG	OpenDocument Drawing	application/vnd.oasis.opendocument.graphics
FODP	OpenDocument Presentation	application/vnd.oasis.opendocument.presentation
FODS	OpenDocument Spreadsheet	application/vnd.oasis.opendocument.spreadsheet
FODT	OpenDocument Text	application/vnd.oasis.opendocument.text
FON	Font file
FXG	FXG File
GI	PowerISO File
GIF	GIF Image	image/gif
GMMP	WCS Gamut Mapping Profile
GRD	GRD File
GROUP	Contact Group File	text/x-ms-group
GRP	Microsoft Program Group
GZ	WinRAR archive	application/x-gzip
HDD	Virtual Hard Disk	application/x-virtualbox-hdd
HDR	HDR File
HLP	Help File
HTA	HTML Application	application/hta
HTM	HTML Document	text/html
HTML	HTML Document	text/html
ICC	ICC Profile
ICL	Icon Library
ICM	ICC Profile
ICO	Icon	image/x-icon
IGP	Intel Graphics Profiles
IIQ	IIQ File
IMA	PowerISO File
IMESX	IME Search provider definition
IMG	PowerISO File
INF	Setup Information
INI	Configuration Settings
IPR	IPR File
IROS	IROS File
IRS	IRS File
ISO	PowerISO File
ISZ	PowerISO File
JAR	Executable Jar File
JFIF	JPEG Image	image/jpeg
JNLP	JNLP File	application/x-java-jnlp-file
JNT	Journal Document
JOB	Task Scheduler Task Object
JOD	Microsoft.Jet.OLEDB.4.0
JPE	JPEG Image	image/jpeg
JPEG	JPEG Image	image/jpeg
JPG	JPEG Image	image/jpeg
JS	JavaScript File
JSE	JScript Encoded File
JTP	Journal Template
JTX	XPS Document	application/x-jtx+xps
JXR	Windows Media Photo	image/vnd.ms-photo
KMZ	KMZ File
KYS	KYS File
LABEL	Property List
LCD	PowerISO File
LHA	WinRAR archive
LIBRARY-MS	Library Folder	application/windows-library+xml
LNK	Shortcut
LOG	Text Document
LZH	WinRAR archive
M1V	Movie Clip	video/mpeg
M2T	AVCHD Video	video/vnd.dlna.mpeg-tts
M2TS	AVCHD Video	video/vnd.dlna.mpeg-tts
M2V	Movie Clip	video/mpeg
M3U	M3U file	audio/x-mpegurl
M4A	MPEG-4 Audio	audio/mp4
M4V	MP4 Video	video/mp4
MAPIMAIL	Mail Service
MDF	PowerISO File
MDS	PowerISO File
MEF	MEF File
MFW	MFW File
MHT	MHTML Document	message/rfc822
MHTML	MHTML Document	message/rfc822
MID	MIDI Sequence	audio/mid
MIDI	MIDI Sequence	audio/mid
MK3D	MK3D Video
MKA	MKA Audio	audio/x-matroska
MKV	MKV Video	video/x-matroska
MLC	Language Pack File_
MNU	MNU File
MOD	Movie Clip	video/mpeg
MOS	MOS File
MOV	QuickTime Movie	video/quicktime
MP2	MP3 Format Sound	audio/mpeg
MP2V	Movie Clip	video/mpeg
MP3	MP3 Format Sound	audio/mpeg
MP4	MP4 Video	video/mp4
MP4V	MP4 Video	video/mp4
MPA	Movie Clip	audio/mpeg
MPE	Movie Clip	video/mpeg
MPEG	Movie Clip	video/mpeg
MPG	Movie Clip	video/mpeg
MPV2	Movie Clip	video/mpeg
MSC	Microsoft Common Console Document
MSI	Windows Installer Package
MSP	Windows Installer Patch
MSRCINCIDENT	Windows Remote Assistance Invitation
MSSTYLES	Windows Visual Style File
MSU	Microsoft Update Standalone Package
MS-WINDOWS-STORE-LICENSE	Windows Store License
MTL	MTL File
MTS	AVCHD Video	video/vnd.dlna.mpeg-tts
MYDOCS	MyDocs Drop Target
NCD	PowerISO File
NFO	MSInfo Configuration File
NRG	PowerISO File
OCX	ActiveX control
ODB	OpenDocument Database	application/vnd.sun.xml.base
ODF	OpenDocument Formula	application/vnd.oasis.opendocument.formula
ODG	OpenDocument Drawing	application/vnd.oasis.opendocument.graphics
ODM	OpenDocument Master Document	application/vnd.oasis.opendocument.text-master
ODP	OpenDocument Presentation	application/vnd.oasis.opendocument.presentation
ODS	OpenDocument Spreadsheet	application/vnd.oasis.opendocument.spreadsheet
ODT	OpenDocument Text	application/vnd.oasis.opendocument.text
OSDX	OpenSearch Description File	application/opensearchdescription+xml
OTF	OpenType Font file
OTG	OpenDocument Drawing Template	application/vnd.oasis.opendocument.graphics-template
OTH	HTML Document Template	application/vnd.oasis.opendocument.text-web
OTP	OpenDocument Presentation Template	application/vnd.oasis.opendocument.presentation-template
OTS	OpenDocument Spreadsheet Template	application/vnd.oasis.opendocument.spreadsheet-template
OTT	OpenDocument Text Template	application/vnd.oasis.opendocument.text-template
OVA	Open Virtualization Format Archive	application/x-virtualbox-ova
OVF	Open Virtualization Format	application/x-virtualbox-ovf
OXPS	XPS Document
OXT	LibreOffice Extension	application/vnd.openofficeorg.extension
P01	PowerISO File
P10	Certificate Request	application/pkcs10
P12	Personal Information Exchange	application/x-pkcs12
P3L	P3L File
P3M	P3M File
P3R	P3R File
P7B	PKCS #7 Certificates	application/x-pkcs7-certificates
P7C	Digital ID File	application/pkcs7-mime
P7M	PKCS #7 MIME Message	application/pkcs7-mime
P7R	Certificate Request Response	application/x-pkcs7-certreqresp
P7S	PKCS #7 Signature	application/pkcs7-signature
PANO	PANO File	application/vnd.ms-pano
PARTIAL	Partial Download
PAT	PAT File
PBK	Dial-Up Phonebook
PBM	PBM File
PCD	PCD File
PCX	PCX File
PDD	PDD File
PDI	PowerISO File
PDP	PDP File
PERFMONCFG	Performance Monitor Configuration
PFM	Type 1 Font file
PFX	Personal Information Exchange	application/x-pkcs12
PHP	PHP File
PHTML	JetBrains PhpStorm
PIF	Shortcut to MS-DOS Program
PKO	Public Key Security Object	application/vnd.ms-pki.pko
PLE	PLE File
PNF	Precompiled Setup Information
PNG	PNG Image	image/png
PPKG	RunTime Provisioning Tool
PRF	PICS Rules File	application/pics-rules
PRINTEREXPORT	Printer Migration File
PS1	PS1 File
PS1XML	PS1XML File
PSB	PSB File
PSC1	PSC1 File	application/PowerShell
PSD	Adobe Photoshop Image 15
PSD1	PSD1 File
PSF	PSF File
PSM1	PSM1 File
PSP	PSP File
PSSC	PSSC File
PXI	PowerISO File
PXR	PXR File
QDS	Directory Query
R00	WinRAR archive
R01	WinRAR archive
R02	WinRAR archive
R03	WinRAR archive
R04	WinRAR archive
R05	WinRAR archive
R06	WinRAR archive
R07	WinRAR archive
R08	WinRAR archive
R09	WinRAR archive
R10	WinRAR archive
R11	WinRAR archive
R12	WinRAR archive
R13	WinRAR archive
R14	WinRAR archive
R15	WinRAR archive
R16	WinRAR archive
R17	WinRAR archive
R18	WinRAR archive
R19	WinRAR archive
R20	WinRAR archive
R21	WinRAR archive
R22	WinRAR archive
R23	WinRAR archive
R24	WinRAR archive
R25	WinRAR archive
R26	WinRAR archive
R27	WinRAR archive
R28	WinRAR archive
R29	WinRAR archive
RAR	WinRAR archive
RAT	Rating System File	application/rat-file
RDP	Remote Desktop Connection
REG	Registration Entries
RESMONCFG	Resource Monitor Configuration
REV	RAR recovery volume
RLE	RLE File
RLL	Application Extension
RMI	MIDI Sequence	audio/mid
SCF	File Explorer Command
SCP	Text Document
SCR	Screen saver
SCT	SCT File	text/scriptlet
SDG	LibreOffice Configuration File
SDV	LibreOffice Configuration File
SEARCHCONNECTOR-MS	Search Connector Folder	application/windows-search-connector+xml
SEARCH-MS	Saved Search
SETTINGCONTENT-MS	Setting Content
SFCACHE	ReadyBoost Cache File
SH	Shell Script
SHC	SHC File
SHH	SHH File
SHTML	SHTML File	text/html
SKYPE	Skype Content	application/x-skype
SND	AU Format Sound	audio/basic
SOB	LibreOffice Configuration File
SOC	LibreOffice Configuration File
SOD	LibreOffice Configuration File
SOE	LibreOffice Configuration File
SOG	LibreOffice Configuration File
SOH	LibreOffice Configuration File
SPC	PKCS #7 Certificates	application/x-pkcs7-certificates
SPL	Shockwave Flash Object	application/futuresplash
SRF	SRF File
SST	Microsoft Serialized Certificate Store	application/vnd.ms-pki.certstore
STA	STA File
STC	OpenOffice.org 1.1 Spreadsheet Template	application/vnd.sun.xml.calc.template
STD	OpenOffice.org 1.1 Drawing Template	application/vnd.sun.xml.draw.template
STI	OpenOffice.org 1.1 Presentation Template	application/vnd.sun.xml.impress.template
STW	OpenOffice.org 1.1 Text Document Template	application/vnd.sun.xml.writer.template
SVG	SVG Document	image/svg+xml
SWF	Shockwave Flash Object	application/x-shockwave-flash
SXC	OpenOffice.org 1.1 Spreadsheet	application/vnd.sun.xml.calc
SXD	OpenOffice.org 1.1 Drawing	application/vnd.sun.xml.draw
SXG	OpenOffice.org 1.1 Master Document	application/vnd.sun.xml.writer.global
SXI	OpenOffice.org 1.1 Presentation	application/vnd.sun.xml.impress
SXM	OpenOffice.org 1.1 Formula	application/vnd.sun.xml.math
SXW	OpenOffice.org 1.1 Text Document	application/vnd.sun.xml.writer
SYMLINK	.symlink
SYS	System file
TAR	WinRAR archive	application/x-tar
TAZ	WinRAR archive
TBZ	WinRAR archive
TBZ2	WinRAR archive
TGA	TGA File
TGZ	WinRAR archive	application/x-compressed
THEME	Windows Theme File
THEMEPACK	Windows Theme Pack
THM	LibreOffice Configuration File
TIF	TIF File	image/tiff
TIFF	TIFF File	image/tiff
TPL	TPL File
TS	MPEG-2 TS Video	video/vnd.dlna.mpeg-tts
TTC	TrueType Collection Font file
TTF	TrueType Font file
TTS	MPEG-2 TS Video	video/vnd.dlna.mpeg-tts
TVC	TVC File
TVLINK	Internet Shortcut
TVS	TVS File
TXT	Text Document	text/plain
TXZ	WinRAR archive
U3D	U3D File
UDL	Microsoft Data Link
UIF	PowerISO File
URL	Internet Shortcut
UU	WinRAR archive
UUE	WinRAR archive
VBE	VBScript Encoded File
VBOX	VirtualBox Machine Definition	application/x-virtualbox-vbox
VBOX-EXTPACK	VirtualBox Extension Pack	application/x-virtualbox-vbox-extpack
VBS	VBScript Script File
VCD	PowerISO File
VCF	vCard File	text/x-vcard
VDI	Virtual Disk Image	application/x-virtualbox-vdi
VHD	Virtual Hard Disk	application/x-virtualbox-vhd
VHDX	Disc Image File
VMDK	Virtual Machine Disk Format	application/x-virtualbox-vmdk
VSD	Microsoft Visio 2000/XP/2003 Document
VST	Microsoft Visio 2000/XP/2003 Template
VXD	Virtual Device Driver
WAB	Address Book File
WAV	Wave Sound	audio/wav
WAX	Windows Media Audio shortcut	audio/x-ms-wax
WBCAT	Windows Backup Catalog File
WCX	Workspace Configuration File
WDP	Windows Media Photo	image/vnd.ms-photo
WEBPNP	Web Point And Print File
WEBSITE	Pinned Site Shortcut	application/x-mswebsite
WIM	PowerISO File
WM	Windows Media Audio/Video file	video/x-ms-wm
WMA	Windows Media Audio file	audio/x-ms-wma
WMD	Windows Media Player Download Package	application/x-ms-wmd
WMDB	Windows Media Library
WMF	WMF File	image/x-wmf
WMS	Windows Media Player Skin File
WMV	Windows Media Audio/Video file	video/x-ms-wmv
WMX	Windows Media Audio/Video playlist	video/x-ms-wmx
WMZ	Windows Media Player Skin Package	application/x-ms-wmz
WPL	Windows Media playlist	application/vnd.ms-wpl
WSC	Windows Script Component	text/scriptlet
WSF	Windows Script File
WSH	Windows Script Host Settings File
WTX	Text Document
WVX	Windows Media Audio/Video playlist	video/x-ms-wvx
X3F	X3F File
XAML	Windows Markup File	application/xaml+xml
XBA	LibreOffice Configuration File
XBAP	XAML Browser Application	application/x-ms-xbap
XCS	LibreOffice Configuration File
XCU	LibreOffice Configuration File
XDL	LibreOffice Configuration File
XHT	XHTML Document	application/xhtml+xml
XHTML	XHTML Document	application/xhtml+xml
XML	XML Document	text/xml
XPS	XPS Document	application/vnd.ms-xpsdocument
XRM-MS	XrML Digital License	text/xml
XSL	XSL Stylesheet	text/xml
XXE	WinRAR archive
XZ	WinRAR archive
Z	WinRAR archive	application/x-compress
ZFSENDTOTARGET	Compressed (zipped) Folder SendTo Target
ZIP	WinRAR ZIP archive	application/x-zip-compressed

Windows Security


Operating System Properties:
	OS Name	Microsoft Windows 8 Professional
	OS Service Pack	-
	Winlogon Shell	explorer.exe
	User Account Control (UAC)	Enabled (Quiet Mode)
	System Restore	Enabled

Data Execution Prevention (DEP, NX, EDB):
	Supported by Operating System	Yes
	Supported by CPU	Yes
	Active (To Protect Applications)	Yes
	Active (To Protect Drivers)	Yes

Windows Update


Update Description	Update Type	Inst. Date
(Automatic Update)	Download:Notify, Install:Notify
ASUS - Other hardware - Asus Support Device	Update	6-8-2015
ASUS - Other hardware - Asus Support Device	Update	18-7-2015
ASUS - Other hardware - Asus Support Device	Update	18-7-2015
ASUS driver update for Asus Support Device	Update	11-8-2015
Cumulative Update for Windows 10 for x64-based Systems (KB3081424)	Update	6-8-2015
Cumulative Update for Windows 10 for x64-based Systems (KB3081436)	Update	12-8-2015
Cumulative Update for Windows 10 for x64-based Systems (KB3081438)	Update	17-8-2015
Cumulative Update for Windows 10 for x64-based Systems (KB3081444)	Update	19-8-2015
Cumulative Update for Windows 10 for x64-based Systems (KB3081448)	Update	31-8-2015
Cumulative Update for Windows 10 for x64-based Systems (KB3081455)	Update	9-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.201.2113.0)	Update	18-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.201.2140.0)	Update	18-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.201.2189.0)	Update	20-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.201.2203.0)	Update	20-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.201.2207.0)	Update	20-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.201.2284.0)	Update	21-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.201.2301.0)	Update	21-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.1212.0)	Update	4-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.1212.0)	Update	4-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.1219.0)	Update	4-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.125.0)	Update	23-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.1281.0)	Update	5-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.1304.0)	Update	5-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.1452.0)	Update	6-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.1472.0)	Update	6-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.1539.0)	Update	7-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.1578.0)	Update	7-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.1672.0)	Update	8-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.1726.0)	Update	9-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.1799.0)	Update	10-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.1805.0)	Update	10-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.1890.0)	Update	11-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.1977.0)	Update	12-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.205.0)	Update	23-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.2075.0)	Update	13-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.2139.0)	Update	14-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.216.0)	Update	23-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.2275.0)	Update	15-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.2476.0)	Update	17-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.2476.0)	Update	17-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.2582.0)	Update	18-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.2703.0)	Update	19-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.2809.0)	Update	20-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.342.0)	Update	24-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.357.0)	Update	24-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.37.0)	Update	22-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.37.0)	Update	22-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.459.0)	Update	25-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.466.0)	Update	25-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.529.0)	Update	26-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.565.0)	Update	27-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.59.0)	Update	22-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.638.0)	Update	28-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.69.0)	Update	22-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.712.0)	Update	29-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.723.0)	Update	29-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.727.0)	Update	29-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.736.0)	Update	29-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.761.0)	Update	29-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.808.0)	Update	30-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.823.0)	Update	30-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.902.0)	Update	31-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.203.913.0)	Update	31-7-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.1039.0)	Update	30-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.1065.0)	Update	31-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.1228.0)	Update	1-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.1374.0)	Update	3-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.1577.0)	Update	4-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.1627.0)	Update	4-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.1720.0)	Update	6-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.1793.0)	Update	7-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.1886.0)	Update	8-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.1966.0)	Update	9-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.203.0)	Update	22-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.203.0)	Update	22-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.2121.0)	Update	10-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.2244.0)	Update	11-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.2361.0)	Update	13-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.2410.0)	Update	14-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.2558.0)	Update	15-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.2633.0)	Update	16-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.378.0)	Update	24-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.497.0)	Update	25-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.789.0)	Update	27-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.918.0)	Update	28-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.205.999.0)	Update	29-8-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.207.243.0)	Update	18-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.207.387.0)	Update	20-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.207.446.0)	Update	21-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.207.574.0)	Update	22-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.207.631.0)	Update	23-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.207.724.0)	Update	23-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.207.79.0)	Update	17-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.207.809.0)	Update	24-9-2015
Definition Update for Windows Defender - KB2267602 (Definition 1.207.999.0)	Update	25-9-2015
Intel Corporation driver update for Intel(R) HD Graphics 4000	Update	18-7-2015
Intel Corporation driver update for Intel(R) HD Graphics 4000	Update	24-7-2015
Microsoft Office File Validation Add-in	Update	18-7-2015
Realtek Semiconduct Corp. - Other hardware - Realtek USB 2.0 Card Reader	Update	25-7-2015
Security Update for Internet Explorer Flash Player for Windows 10 for x64-based Systems (KB3087040)	Update	22-9-2015
Security Update for Internet Explorer Flash Player for Windows 10 for x64-based Systems (KB3087916)	Update	12-8-2015
Security Update for Microsoft Office 2007 suites (KB2596744)	Update	18-7-2015
Security Update for Microsoft Office 2007 suites (KB2596754)	Update	18-7-2015
Security Update for Microsoft Office 2007 suites (KB2596792)	Update	18-7-2015
Security Update for Microsoft Office 2007 suites (KB2596825)	Update	18-7-2015
Security Update for Microsoft Office 2007 suites (KB2596871)	Update	18-7-2015
Security Update for Microsoft Office 2007 suites (KB2596927)	Update	18-7-2015
Security Update for Microsoft Office 2007 suites (KB2597969)	Update	18-7-2015
Security Update for Microsoft Office 2007 suites (KB2597973)	Update	18-7-2015
Security Update for Microsoft Office 2007 suites (KB2687499)	Update	18-7-2015
Security Update for Microsoft Office 2007 suites (KB2760585)	Update	18-7-2015
Security Update for Microsoft Office 2007 suites (KB2760591)	Update	18-7-2015
Security Update for Microsoft Office 2007 suites (KB2817330)	Update	18-7-2015
Security Update for Microsoft Office 2007 suites (KB2850022)	Update	18-7-2015
Security Update for Microsoft Office 2007 suites (KB2880507)	Update	18-7-2015
Security Update for Microsoft Office 2007 suites (KB2880508)	Update	18-7-2015
Security Update for Microsoft Office 2007 suites (KB2881069)	Update	18-7-2015
Security Update for Microsoft Office 2007 suites (KB2883029)	Update	18-7-2015
Security Update for Microsoft Office 2007 suites (KB2920795)	Update	18-7-2015
Security Update for Microsoft Office 2007 suites (KB2965282)	Update	18-7-2015
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2863812)	Update	18-7-2015
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2965208)	Update	18-7-2015
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2965210)	Update	18-7-2015
Security Update for Microsoft Office Excel 2007 (KB2965281)	Update	18-7-2015
Security Update for Microsoft Office InfoPath 2007 (KB2687440)	Update	18-7-2015
Security Update for Microsoft Office Outlook 2007 (KB2825644)	Update	18-7-2015
Security Update for Microsoft Office PowerPoint 2007 (KB2596912)	Update	18-7-2015
Security Update for Microsoft Office PowerPoint 2007 (KB2965283)	Update	18-7-2015
Security Update for Microsoft Office Publisher 2007 (KB2817565)	Update	18-7-2015
Security Update for Microsoft Office Word 2007 (KB3054996)	Update	18-7-2015
Security Update for Microsoft Silverlight (KB3080333)	Update	12-8-2015
Security Update for Windows 10 for x64-based Systems (KB3074665)	Update	18-7-2015
Security Update for Windows 10 for x64-based Systems (KB3074667)	Update	21-7-2015
Security Update for Windows 10 for x64-based Systems (KB3074674)	Update	22-7-2015
Security Update for Windows 10 for x64-based Systems (KB3074679)	Update	24-7-2015
Security Update for Windows 10 for x64-based Systems (KB3074680)	Update	25-7-2015
Security Update for Windows 10 for x64-based Systems (KB3074681)	Update	26-7-2015
Security Update for Windows 10 for x64-based Systems (KB3074683)	Update	28-7-2015
Synaptics driver update for Synaptics SMBus Driver	Update	22-7-2015
Update for Microsoft Office 2007 suites (KB2596620)	Update	18-7-2015
Update for Microsoft Office 2007 suites (KB2596787)	Update	18-7-2015
Update for Microsoft Office 2007 suites (KB2767849)	Update	18-7-2015
Update for Microsoft Office 2007 suites (KB2965286)	Update	18-7-2015
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition	Update	18-7-2015
Update for Microsoft Office Outlook 2007 (KB2687404)	Update	18-7-2015
Update for Microsoft Office Outlook 2007 (KB2863811)	Update	18-7-2015
Update for Office File Validation 2010 (KB2553065), 32-bit Edition	Update	18-7-2015
Update for Windows 10 for x64-based Systems (KB3074678)	Update	28-7-2015
Update for Windows 10 for x64-based Systems (KB3074686)	Update	24-7-2015
Update for Windows 10 for x64-based Systems (KB3081441)	Update	19-8-2015
Update for Windows 10 for x64-based Systems (KB3081449)	Update	29-8-2015
Update for Windows 10 for x64-based Systems (KB3081452)	Update	29-8-2015
Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - August 2015 (KB890830)	Update	12-8-2015
Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - September 2015 (KB890830)	Update	12-9-2015
Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - September 2015 (KB890830)	Update	13-9-2015
Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - September 2015 (KB890830)	Update	14-9-2015
Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - September 2015 (KB890830)	Update	15-9-2015
Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - September 2015 (KB890830)	Update	22-9-2015
Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - September 2015 (KB890830)	Update	24-9-2015
Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - September 2015 (KB890830)	Update	9-9-2015

Anti-Virus


Software Description	Software Version	Virus Database Date	Known Viruses
Windows Defender	4.8.10240.16384(th1.150709-1700)	25-9-2015	?

Firewall


Software Description	Software Version	Status
Windows Firewall	6.2.10240.16384	Enabled

Regional


Time Zone:
	Current Time Zone	SE Asia Standard Time
	Current Time Zone Description	(UTC+07:00) Bangkok, Hanoi, Jakarta
	Change To Standard Time
	Change To Daylight Saving Time

Language:
	Language Name (Native)	English
	Language Name (English)	English
	Language Name (ISO 639)	en

Country/Region:
	Country Name (Native)	United States
	Country Name (English)	United States
	Country Name (ISO 3166)	US
	Country Code	1

Currency:
	Currency Name (Native)	US Dollar
	Currency Name (English)	US Dollar
	Currency Symbol (Native)	$
	Currency Symbol (ISO 4217)	USD
	Currency Format	$123,456,789.00
	Negative Currency Format	($123,456,789.00)

Formatting:
	Time Format	h:mm:ss tt
	Short Date Format	d-M-yyyy
	Long Date Format	dddd, MMMM d, yyyy
	Number Format	123,456,789.00
	Negative Number Format	-123,456,789.00
	List Format	first, second, third
	Native Digits	0123456789

Days of Week:
	Native Name for Monday	Monday / Mon
	Native Name for Tuesday	Tuesday / Tue
	Native Name for Wednesday	Wednesday / Wed
	Native Name for Thursday	Thursday / Thu
	Native Name for Friday	Friday / Fri
	Native Name for Saturday	Saturday / Sat
	Native Name for Sunday	Sunday / Sun

Months:
	Native Name for January	January / Jan
	Native Name for February	February / Feb
	Native Name for March	March / Mar
	Native Name for April	April / Apr
	Native Name for May	May / May
	Native Name for June	June / Jun
	Native Name for July	July / Jul
	Native Name for August	August / Aug
	Native Name for September	September / Sep
	Native Name for October	October / Oct
	Native Name for November	November / Nov
	Native Name for December	December / Dec

Miscellaneous:
	Calendar Type	Gregorian (localized)
	Default Paper Size	US Letter
	Measurement System	U.S.

Display Languages:
	LCID 0409h (Active)	English (United States)

Environment


		Variable	Value
		__COMPAT_LAYER	DetectorsWin8 Installer
		ALLUSERSPROFILE	C:\ProgramData
		APPDATA	C:\Users\Truong\AppData\Roaming
		CommonProgramFiles(x86)	C:\Program Files (x86)\Common Files
		CommonProgramFiles	C:\Program Files (x86)\Common Files
		CommonProgramW6432	C:\Program Files\Common Files
		COMPUTERNAME	VANBANGIT
		ComSpec	C:\WINDOWS\system32\cmd.exe
		FP_NO_HOST_CHECK	NO
		FPS_BROWSER_APP_PROFILE_STRING	Internet Explorer
		FPS_BROWSER_USER_PROFILE_STRING	Default
		HOMEDRIVE	C:
		HOMEPATH	\Users\Truong
		LOCALAPPDATA	C:\Users\Truong\AppData\Local
		LOGONSERVER	\\MicrosoftAccount
		NUMBER_OF_PROCESSORS	4
		OS	Windows_NT
		Path	C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files (x86)\Skype\Phone\ ;D:\wamp\bin\php\php5.5.12;C:\ProgramData\ComposerSetup\bin;D:\wamp\bin\mysql\mysql5.6.17\bin;C:\Program Files (x86)\Git\cmd;C:\HashiCorp\Vagrant\bin;C:\Program Files (x86)\nodejs\;C:\Program Files (x86)\Skype\Phone\;C:\Users\Truong\AppData\Roaming\npm;C:\Program Files (x86)\Java\jre7\bin
		PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
		PROCESSOR_ARCHITECTURE	x86
		PROCESSOR_ARCHITEW6432	AMD64
		PROCESSOR_IDENTIFIER	Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
		PROCESSOR_LEVEL	6
		PROCESSOR_REVISION	3a09
		ProgramData	C:\ProgramData
		ProgramFiles(x86)	C:\Program Files (x86)
		ProgramFiles	C:\Program Files (x86)
		ProgramW6432	C:\Program Files
		PSModulePath	C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
		PUBLIC	C:\Users\Public
		SystemDrive	C:
		SystemRoot	C:\WINDOWS
		TEMP	C:\Users\Truong\AppData\Local\Temp
		TMP	C:\Users\Truong\AppData\Local\Temp
		USERDOMAIN_ROAMINGPROFILE	VANBANGIT
		USERDOMAIN	VANBANGIT
		USERNAME	Truong
		USERPROFILE	C:\Users\Truong
		VBOX_MSI_INSTALL_PATH	C:\Program Files\Oracle\VirtualBox\
		windir	C:\WINDOWS

Control Panel


		Name	Comment
		Flash Player	Manage Flash Player Settings
		Java	Java Control Panel

Recycle Bin


Drive	Items Size	Items Count	Space %	Recycle Bin
C:	0	0	?	?
D:	0	0	?	?
E:	0	0	?	?

System Files


	[ system.ini ]

		; for 16-bit app support
		[386Enh]
		woafont=dosapp.fon
		EGA80WOA.FON=EGA80WOA.FON
		EGA40WOA.FON=EGA40WOA.FON
		CGA80WOA.FON=CGA80WOA.FON
		CGA40WOA.FON=CGA40WOA.FON

		[drivers]
		wave=mmdrv.dll
		timer=timer.drv

		[mci]

	[ win.ini ]

		; for 16-bit app support
		[fonts]
		[extensions]
		[mci extensions]
		[files]
		[Mail]
		MAPI=1

	[ hosts ]



	[ lmhosts.sam ]

System Folders


		System Folder	Path
		Administrative Tools	C:\Users\Truong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
		AppData	C:\Users\Truong\AppData\Roaming
		Cache	C:\Users\Truong\AppData\Local\Microsoft\Windows\INetCache
		CD Burning	C:\Users\Truong\AppData\Local\Microsoft\Windows\Burn\Burn
		Common Administrative Tools	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
		Common AppData	C:\ProgramData
		Common Desktop	C:\Users\Public\Desktop
		Common Documents	C:\Users\Public\Documents
		Common Favorites	C:\Users\Truong\Favorites
		Common Files (x86)	C:\Program Files (x86)\Common Files
		Common Files	C:\Program Files (x86)\Common Files
		Common Music	C:\Users\Public\Music
		Common Pictures	C:\Users\Public\Pictures
		Common Programs	C:\ProgramData\Microsoft\Windows\Start Menu\Programs
		Common Start Menu	C:\ProgramData\Microsoft\Windows\Start Menu
		Common Startup	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
		Common Templates	C:\ProgramData\Microsoft\Windows\Templates
		Common Video	C:\Users\Public\Videos
		Cookies	C:\Users\Truong\AppData\Local\Microsoft\Windows\INetCookies
		Desktop	C:\Users\Truong\Desktop
		Device	C:\WINDOWS\inf
		Favorites	C:\Users\Truong\Favorites
		Fonts	C:\WINDOWS\Fonts
		History	C:\Users\Truong\AppData\Local\Microsoft\Windows\History
		Local AppData	C:\Users\Truong\AppData\Local
		My Documents	C:\Users\Truong\Documents
		My Music	C:\Users\Truong\Music
		My Pictures	C:\Users\Truong\Pictures
		My Video	C:\Users\Truong\Videos
		NetHood	C:\Users\Truong\AppData\Roaming\Microsoft\Windows\Network Shortcuts
		PrintHood	C:\Users\Truong\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
		Profile	C:\Users\Truong
		Program Files (x86)	C:\Program Files (x86)
		Program Files	C:\Program Files (x86)
		Programs	C:\Users\Truong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
		Recent	C:\Users\Truong\AppData\Roaming\Microsoft\Windows\Recent
		Resources	C:\WINDOWS\resources
		SendTo	C:\Users\Truong\AppData\Roaming\Microsoft\Windows\SendTo
		Start Menu	C:\Users\Truong\AppData\Roaming\Microsoft\Windows\Start Menu
		Startup	C:\Users\Truong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
		System (x86)	C:\WINDOWS\SysWOW64
		System	C:\WINDOWS\system32
		Temp	C:\Users\Truong\AppData\Local\Temp\
		Templates	C:\Users\Truong\AppData\Roaming\Microsoft\Windows\Templates
		Windows	C:\WINDOWS

Event Logs


Log Name	Event Type	Category	Generated On	User	Source	Description
Application	Error	5973	2015-09-21 16:10:06	Truong	Microsoft-Windows-Immersive-Shell	5973: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Application	Error	100	2015-09-22 18:48:08		Application Error	1000: Faulting application name: SystemSettingsBroker.exe, version: 10.0.10240.16384, time stamp: 0x559f39c2 Faulting module name: NetworkMobileSettings.dll, version: 10.0.10240.16461, time stamp: 0x55d2dad2 Exception code: 0xc0000005 Fault offset: 0x00000000000b7ac0 Faulting process id: 0x1580 Faulting application start time: 0x01d0f52c8cfc6273 Faulting application path: C:\Windows\System32\SystemSettingsBroker.exe Faulting module path: C:\Windows\System32\NetworkMobileSettings.dll Report Id: 2a605275-84a2-409b-944e-dba949853de6 Faulting package full name: Faulting package-relative application ID:
Security	Audit Failure	12290	2015-09-20 15:15:22		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-20 15:15:22		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12290	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x17436e2 Linked Logon ID: 0x1743710 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1743710 Linked Logon ID: 0x17436e2 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x17438d2 Linked Logon ID: 0x17438fe Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x17438fe Linked Logon ID: 0x17438d2 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x17438fe Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x17438d2 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x17436e2 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x17438d2 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x944 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-09-20 15:15:26		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Failure	12290	2015-09-20 15:15:27		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-20 15:15:27		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	13824	2015-09-20 15:15:29		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1743710 Additional Information: Caller Workstation: VANBANGIT Target Account Name: Administrator Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-20 15:15:29		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1743710 Additional Information: Caller Workstation: VANBANGIT Target Account Name: DefaultAccount Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-20 15:15:29		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1743710 Additional Information: Caller Workstation: VANBANGIT Target Account Name: Guest Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-20 15:15:29		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1743710 Additional Information: Caller Workstation: VANBANGIT Target Account Name: HomeGroupUser$ Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-20 15:16:27		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1743710 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x1db8 Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Success	12544	2015-09-20 15:18:32		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-20 15:18:32		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-09-20 15:56:20		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-20 15:56:20		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-20 15:56:20		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-20 15:56:20		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-20 16:19:40		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-3 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x101c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-20 16:19:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x1a2b166 Linked Logon ID: 0x1a2b17d Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x101c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-20 16:19:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x1a2b17d Linked Logon ID: 0x1a2b166 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x101c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-20 16:19:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x1a2b166 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-20 16:19:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x1a2b17d Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12544	2015-09-20 16:19:41		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-20 16:19:41		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12545	2015-09-20 16:19:42		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1743710 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12545	2015-09-20 16:19:43		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x17328f0 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-20 16:19:43		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x17328c8 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12290	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1a3c3aa Linked Logon ID: 0x1a3c3e3 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1a3c3e3 Linked Logon ID: 0x1a3c3aa Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1a3c5ed Linked Logon ID: 0x1a3c619 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1a3c619 Linked Logon ID: 0x1a3c5ed Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1a3c619 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1a3c5ed Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1a3c3aa Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1a3c5ed Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x1d7c Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-09-20 21:29:31		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12544	2015-09-20 21:29:32		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-20 21:29:32		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-09-20 21:29:33		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-20 21:29:33		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	13824	2015-09-20 21:29:39		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1a3c3e3 Additional Information: Caller Workstation: VANBANGIT Target Account Name: Administrator Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-20 21:29:39		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1a3c3e3 Additional Information: Caller Workstation: VANBANGIT Target Account Name: DefaultAccount Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-20 21:29:39		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1a3c3e3 Additional Information: Caller Workstation: VANBANGIT Target Account Name: Guest Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-20 21:29:39		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1a3c3e3 Additional Information: Caller Workstation: VANBANGIT Target Account Name: HomeGroupUser$ Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-20 21:30:26		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1a3c3e3 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0xd28 Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Failure	12290	2015-09-20 21:51:52		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-20 21:51:52		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-20 21:51:52		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-20 21:51:52		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-20 22:32:45		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-20 22:32:45		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	13824	2015-09-20 22:39:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1a3c3e3 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x11dc Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Failure	12290	2015-09-20 22:51:52		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-20 22:51:52		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-20 22:59:28		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-2 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2338 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-20 22:59:28		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x1cf10db Linked Logon ID: 0x1cf10f0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2338 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-20 22:59:28		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x1cf10f0 Linked Logon ID: 0x1cf10db Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2338 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-20 22:59:28		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x1cf10db Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-20 22:59:28		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x1cf10f0 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12545	2015-09-20 22:59:29		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1a3c3e3 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12545	2015-09-20 22:59:31		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x1a2b17d Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-20 22:59:31		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x1a2b166 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12290	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1d01a05 Linked Logon ID: 0x1d01a33 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1d01a33 Linked Logon ID: 0x1d01a05 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1d01c0c Linked Logon ID: 0x1d01c38 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1d01c38 Linked Logon ID: 0x1d01c0c Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1d01c38 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1d01c0c Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1d01a05 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1d01c0c Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x19fc Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-09-21 13:57:15		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Failure	12290	2015-09-21 13:57:16		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-21 13:57:16		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	13824	2015-09-21 13:57:20		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1d01a33 Additional Information: Caller Workstation: VANBANGIT Target Account Name: Administrator Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-21 13:57:20		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1d01a33 Additional Information: Caller Workstation: VANBANGIT Target Account Name: DefaultAccount Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-21 13:57:20		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1d01a33 Additional Information: Caller Workstation: VANBANGIT Target Account Name: Guest Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-21 13:57:20		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1d01a33 Additional Information: Caller Workstation: VANBANGIT Target Account Name: HomeGroupUser$ Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-21 13:58:17		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1d01a33 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0xa60 Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Failure	12290	2015-09-21 14:57:26		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-21 14:57:26		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	13824	2015-09-21 15:02:18		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1d01a33 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x1c54 Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Failure	12290	2015-09-21 15:03:13		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-21 15:03:13		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-21 15:09:06		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-21 15:09:06		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-21 15:09:06		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-21 15:09:06		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-21 15:15:45		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-21 15:15:45		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-21 15:15:51		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-21 15:15:51		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-21 15:16:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-21 15:16:51		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-09-21 15:26:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-21 15:26:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-09-21 15:29:35		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-21 15:29:35		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-09-21 15:32:55		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-21 15:32:55		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-21 15:32:55		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-21 15:32:55		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-21 16:05:47		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-21 16:05:47		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-21 16:05:47		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-21 16:05:47		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-21 16:10:02		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-3 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x171c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-21 16:10:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x22be81b Linked Logon ID: 0x22be835 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x171c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-21 16:10:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x22be835 Linked Logon ID: 0x22be81b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x171c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-21 16:10:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x22be81b Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-21 16:10:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x22be835 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12545	2015-09-21 16:10:08		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1d01a33 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12545	2015-09-21 16:10:09		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x1cf10f0 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-21 16:10:09		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x1cf10db Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12290	2015-09-21 21:28:31		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-21 21:28:31		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-21 21:28:31		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-21 21:28:31		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-21 21:28:31		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-21 21:28:31		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-09-21 21:28:31		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-21 21:28:31		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-21 21:28:31		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-21 21:28:31		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-21 21:28:31		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-21 21:28:31		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	13824	2015-09-21 21:28:31		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x1674 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Failure	12290	2015-09-21 21:28:32		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-21 21:28:32		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-21 21:28:32		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-21 21:28:32		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x22d1bc3 Linked Logon ID: 0x22d1bf5 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-21 21:28:32		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x22d1bf5 Linked Logon ID: 0x22d1bc3 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-21 21:28:32		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-21 21:28:32		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x22d1ddf Linked Logon ID: 0x22d1e21 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-21 21:28:32		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x22d1e21 Linked Logon ID: 0x22d1ddf Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-09-21 21:28:32		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x22d1e21 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-21 21:28:32		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x22d1ddf Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-09-21 21:28:32		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x22d1bc3 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-21 21:28:32		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x22d1ddf Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-09-21 21:28:32		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-09-21 21:28:32		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-09-21 21:28:32		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13824	2015-09-21 21:28:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x22d1bf5 Additional Information: Caller Workstation: VANBANGIT Target Account Name: Administrator Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-21 21:28:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x22d1bf5 Additional Information: Caller Workstation: VANBANGIT Target Account Name: DefaultAccount Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-21 21:28:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x22d1bf5 Additional Information: Caller Workstation: VANBANGIT Target Account Name: Guest Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-21 21:28:34		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x22d1bf5 Additional Information: Caller Workstation: VANBANGIT Target Account Name: HomeGroupUser$ Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-21 21:29:32		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x22d1bf5 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0xbd4 Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Failure	12290	2015-09-21 21:58:13		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-21 21:58:13		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-21 21:58:13		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-21 21:58:13		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-21 22:16:36		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-21 22:16:36		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	13824	2015-09-21 22:17:04		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x22d1bf5 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x21e4 Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Success	13824	2015-09-21 22:20:27		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x22d1bf5 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x17c0 Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Success	13824	2015-09-21 22:25:38		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x22d1bf5 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x1eb4 Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Failure	12290	2015-09-21 22:44:34		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-21 22:44:34		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-21 22:54:37		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-2 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x1758 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-21 22:54:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x25c6e66 Linked Logon ID: 0x25c6e85 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1758 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-21 22:54:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x25c6e85 Linked Logon ID: 0x25c6e66 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1758 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-21 22:54:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-21 22:54:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x25c6e66 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-21 22:54:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x25c6e85 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12548	2015-09-21 22:54:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12545	2015-09-21 22:54:38		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x22d1bf5 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12545	2015-09-21 22:54:39		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x22be835 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-21 22:54:39		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x22be81b Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12290	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x25d4b0d Linked Logon ID: 0x25d4b46 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x25d4b46 Linked Logon ID: 0x25d4b0d Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x25d4cf1 Linked Logon ID: 0x25d4d1d Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x25d4d1d Linked Logon ID: 0x25d4cf1 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x25d4d1d Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x25d4cf1 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x25d4b0d Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x25d4cf1 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x1fc4 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-09-22 18:46:48		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Failure	12290	2015-09-22 18:46:49		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-22 18:46:49		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-22 18:46:49		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-22 18:46:49		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	13824	2015-09-22 18:46:51		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x25d4b46 Additional Information: Caller Workstation: VANBANGIT Target Account Name: Administrator Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-22 18:46:51		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x25d4b46 Additional Information: Caller Workstation: VANBANGIT Target Account Name: DefaultAccount Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-22 18:46:51		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x25d4b46 Additional Information: Caller Workstation: VANBANGIT Target Account Name: Guest Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-22 18:46:51		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x25d4b46 Additional Information: Caller Workstation: VANBANGIT Target Account Name: HomeGroupUser$ Target Account Domain: vanbangit
Security	Audit Success	12544	2015-09-22 18:49:52		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-22 18:49:52		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-09-22 18:50:34		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x25d4b46 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0xbcc Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Success	12544	2015-09-22 18:52:23		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-22 18:52:23		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-09-22 18:57:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-22 18:57:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-09-22 19:02:59		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-22 19:02:59		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-22 19:02:59		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-22 19:02:59		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-22 19:19:44		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-22 19:19:44		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12288	2015-09-22 19:19:54		Microsoft-Windows-Security-Auditing	4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x128 Name: C:\Windows\System32\svchost.exe Previous Time: 2015-09-22T12:19:59.691987600Z New Time: 2015-09-22T12:19:54.353695400Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Security	Audit Success	12288	2015-09-22 19:19:54		Microsoft-Windows-Security-Auditing	4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x128 Name: C:\Windows\System32\svchost.exe Previous Time: 2015-09-22T12:19:54.354319800Z New Time: 2015-09-22T12:19:54.353000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Security	Audit Success	12288	2015-09-22 19:19:54		Microsoft-Windows-Security-Auditing	4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x128 Name: C:\Windows\System32\svchost.exe Previous Time: 2015-09-22T12:19:54.353921000Z New Time: 2015-09-22T12:19:54.353000000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Security	Audit Success	12544	2015-09-22 19:20:03		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-22 19:20:03		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-09-22 19:20:13		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-22 19:20:13		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-22 19:20:13		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-22 19:20:13		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-09-22 19:20:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x548 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-09-22 19:20:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x548 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-09-22 19:20:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x548 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-09-22 19:20:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x548 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-09-22 19:20:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x548 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-09-22 19:20:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x548 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-09-22 19:20:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x548 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-09-22 19:20:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x548 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Failure	12290	2015-09-22 19:20:59		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-22 19:20:59		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-22 19:20:59		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-22 19:20:59		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-22 19:47:48		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-22 19:47:48		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-22 19:47:48		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-22 19:47:48		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-22 20:18:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-22 20:18:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-22 20:18:00		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-22 20:18:00		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-22 21:37:34		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-22 21:37:34		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-22 21:43:40		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-22 21:43:40		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-09-22 21:44:13		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-22 21:44:13		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-22 21:44:13		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-22 21:44:13		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-09-22 21:44:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-09-22 21:44:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-09-22 21:44:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-09-22 21:44:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-09-22 21:44:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-09-22 21:44:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-09-22 21:44:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-09-22 21:44:13		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x430 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13824	2015-09-22 21:45:59		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x25d4b46 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x134c Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Success	12544	2015-09-22 22:54:15		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-3 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x1008 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-22 22:54:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x3063088 Linked Logon ID: 0x30630ad Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1008 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-22 22:54:15		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x30630ad Linked Logon ID: 0x3063088 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1008 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-22 22:54:15		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x3063088 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-22 22:54:15		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x30630ad Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12545	2015-09-22 22:54:16		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x25d4b46 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12545	2015-09-22 22:54:17		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x25c6e85 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-22 22:54:17		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x25c6e66 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12290	2015-09-23 19:09:50		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-23 19:09:50		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-23 19:09:50		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-23 19:09:50		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-23 19:09:50		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-23 19:09:50		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-09-23 19:09:50		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-23 19:09:50		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-23 19:09:50		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-23 19:09:50		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-23 19:09:50		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-23 19:09:50		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	13824	2015-09-23 19:09:50		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x23bc Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Failure	12290	2015-09-23 19:09:51		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-23 19:09:51		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-23 19:09:51		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-23 19:09:51		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-23 19:09:51		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-23 19:09:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x3072a09 Linked Logon ID: 0x3072a39 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-23 19:09:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x3072a39 Linked Logon ID: 0x3072a09 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-23 19:09:51		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-23 19:09:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x3072c0b Linked Logon ID: 0x3072c37 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-23 19:09:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x3072c37 Linked Logon ID: 0x3072c0b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x32c Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-23 19:09:51		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-09-23 19:09:51		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x3072c37 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-23 19:09:51		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x3072c0b Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-09-23 19:09:51		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x3072a09 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-23 19:09:51		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x3072c0b Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-23 19:09:51		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-09-23 19:09:51		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-09-23 19:09:51		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-09-23 19:09:51		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13824	2015-09-23 19:09:53		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x3072a39 Additional Information: Caller Workstation: VANBANGIT Target Account Name: Administrator Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-23 19:09:53		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x3072a39 Additional Information: Caller Workstation: VANBANGIT Target Account Name: DefaultAccount Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-23 19:09:53		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x3072a39 Additional Information: Caller Workstation: VANBANGIT Target Account Name: Guest Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-23 19:09:53		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x3072a39 Additional Information: Caller Workstation: VANBANGIT Target Account Name: HomeGroupUser$ Target Account Domain: vanbangit
Security	Audit Success	12544	2015-09-23 19:12:31		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-23 19:12:31		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-09-23 19:13:41		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x3072a39 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x72c Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Failure	12290	2015-09-23 19:25:26		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-23 19:25:26		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-23 19:25:26		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-23 19:25:26		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-23 19:32:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-23 19:32:00		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-23 19:32:02		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-23 19:32:02		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-23 19:41:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-23 19:41:11		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-09-23 19:48:26		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-23 19:48:26		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-23 19:48:26		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-23 19:48:26		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-23 19:59:10		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-23 19:59:10		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-23 19:59:10		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-23 19:59:10		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-23 20:19:37		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x324 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-23 20:19:37		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	103	2015-09-23 20:19:38		Microsoft-Windows-Eventlog	1100:
Security	Audit Success	12545	2015-09-23 20:19:38		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x3072a39 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	13312	2015-09-24 11:52:51		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x198 New Process Name: ??????????????-??6?4?????? ? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????4 Process Command Line: ?????? ? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-09-24 11:52:51		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1a4 New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x198 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13573	2015-09-24 11:52:51		Microsoft-Windows-Security-Auditing	4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
Security	Audit Success	13312	2015-09-24 11:52:54		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x230 New Process Name: ??????????????-??6??8?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x198 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	12288	2015-09-24 11:52:56		Microsoft-Windows-Security-Auditing	4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Security	Audit Success	12544	2015-09-24 11:52:56		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	13312	2015-09-24 11:52:56		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x254 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x230 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-09-24 11:52:56		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x294 New Process Name: ??????????????-??6??8?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x198 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-09-24 11:52:56		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x29c New Process Name: ???????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x230 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-09-24 11:52:56		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2a4 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x294 Creator Process Name: ????????????????????4? Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-09-24 11:52:56		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2e8 New Process Name: ????????????????-??6??4?????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x294 Creator Process Name: ????????????????????4 Process Command Line: ?????? ???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-09-24 11:52:56		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x328 New Process Name: ????????????????-??6??c?????? ???????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x29c Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	13312	2015-09-24 11:52:56		Microsoft-Windows-Security-Auditing	4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x330 New Process Name: ??????????????e??? ?? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x29c Creator Process Name: ???????????????e?????? Process Command Line: ?????? ???????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Security	Audit Success	12544	2015-09-24 11:52:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-24 11:52:57		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-24 11:52:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-24 11:52:57		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	13568	2015-09-24 11:52:57		Microsoft-Windows-Security-Auditing	4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x93ad
Security	Audit Success	12292	2015-09-24 11:52:58		Microsoft-Windows-Security-Auditing	5033: The Windows Firewall Driver started successfully.
Security	Audit Success	12544	2015-09-24 11:52:58		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2e8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-24 11:52:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1059f Linked Logon ID: 0x105c0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-24 11:52:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x105c0 Linked Logon ID: 0x1059f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2e8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-24 11:52:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-24 11:52:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-24 11:52:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-24 11:52:58		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-24 11:52:58		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1059f Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-24 11:52:58		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x105c0 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12548	2015-09-24 11:52:58		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-24 11:52:58		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-24 11:52:58		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-24 11:52:58		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-09-24 11:52:58		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-09-24 11:52:58		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12544	2015-09-24 11:52:59		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-24 11:52:59		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-24 11:52:59		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-24 11:52:59		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x22734 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-24 11:52:59		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-24 11:52:59		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-24 11:52:59		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-09-24 11:52:59		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x1d0 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13826	2015-09-24 11:52:59		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x590 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-09-24 11:52:59		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x590 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	12290	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	5024: The Windows Firewall service started successfully.
Security	Audit Success	12544	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x2ad68 Linked Logon ID: 0x2ad9f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x2ad9f Linked Logon ID: 0x2ad68 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x330 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x2b5c8 Linked Logon ID: 0x2b5fd Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x330 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x2b5fd Linked Logon ID: 0x2b5c8 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x330 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x2b5fd Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x2b5c8 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x2ad68 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x2b5c8 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-09-24 11:53:00		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Failure	12290	2015-09-24 11:53:02		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-24 11:53:02		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-24 11:53:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-24 11:53:02		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-24 11:53:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-24 11:53:02		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-09-24 11:53:02		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-09-24 11:53:02		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13826	2015-09-24 11:53:03		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1158 Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	13826	2015-09-24 11:53:03		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1158 Process Name: C:\Windows\System32\SearchIndexer.exe
Security	Audit Success	13824	2015-09-24 11:53:06		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x2ad9f Additional Information: Caller Workstation: VANBANGIT Target Account Name: Administrator Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-24 11:53:06		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x2ad9f Additional Information: Caller Workstation: VANBANGIT Target Account Name: DefaultAccount Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-24 11:53:06		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x2ad9f Additional Information: Caller Workstation: VANBANGIT Target Account Name: Guest Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-24 11:53:06		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x2ad9f Additional Information: Caller Workstation: VANBANGIT Target Account Name: HomeGroupUser$ Target Account Domain: vanbangit
Security	Audit Failure	12290	2015-09-24 11:53:34		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-24 11:53:34		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-24 11:56:01		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-24 11:56:01		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-09-24 12:02:43		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-2 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x182c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-24 12:02:43		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x1913f9 Linked Logon ID: 0x191430 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x182c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-24 12:02:43		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x191430 Linked Logon ID: 0x1913f9 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x182c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-24 12:02:43		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-24 12:02:43		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x1913f9 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-24 12:02:43		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x191430 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12548	2015-09-24 12:02:43		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12545	2015-09-24 12:02:44		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x2ad9f This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12545	2015-09-24 12:02:46		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x105c0 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-24 12:02:46		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1059f Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12290	2015-09-24 18:43:04		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-24 18:43:04		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-24 18:43:04		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-24 18:43:04		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-24 18:43:04		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-24 18:43:04		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-09-24 18:43:04		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-24 18:43:04		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-24 18:43:04		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-24 18:43:04		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-24 18:43:04		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-24 18:43:04		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-24 18:43:04		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-24 18:43:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1a3944 Linked Logon ID: 0x1a3972 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-24 18:43:04		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1a3972 Linked Logon ID: 0x1a3944 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-24 18:43:04		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1a3944 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-09-24 18:43:04		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x1cb0 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-09-24 18:43:04		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-09-24 18:43:05		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x330 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-24 18:43:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1a3b28 Linked Logon ID: 0x1a3b54 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x330 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-24 18:43:05		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1a3b54 Linked Logon ID: 0x1a3b28 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x330 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-09-24 18:43:05		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1a3b54 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-24 18:43:05		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1a3b28 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-09-24 18:43:05		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1a3b28 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-09-24 18:43:05		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-09-24 18:43:05		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Failure	12290	2015-09-24 18:43:11		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-24 18:43:11		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	13824	2015-09-24 18:43:12		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1a3972 Additional Information: Caller Workstation: VANBANGIT Target Account Name: Administrator Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-24 18:43:12		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1a3972 Additional Information: Caller Workstation: VANBANGIT Target Account Name: DefaultAccount Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-24 18:43:12		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1a3972 Additional Information: Caller Workstation: VANBANGIT Target Account Name: Guest Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-24 18:43:12		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1a3972 Additional Information: Caller Workstation: VANBANGIT Target Account Name: HomeGroupUser$ Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-24 18:45:11		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1a3972 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x1d54 Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Failure	12290	2015-09-24 18:49:52		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-24 18:49:52		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-24 19:17:02		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-24 19:17:02		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-24 19:17:02		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-24 19:17:02		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-24 19:27:53		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-24 19:27:53		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-24 19:27:53		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-24 19:27:53		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-24 19:33:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-24 19:33:00		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-24 19:33:01		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-24 19:33:01		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-24 19:42:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-24 19:42:00		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-24 19:42:00		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-24 19:42:00		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-24 19:51:11		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-24 19:51:11		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-24 19:51:11		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-24 19:51:11		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-24 20:00:46		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-24 20:00:46		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-24 20:00:46		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-24 20:00:46		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-24 20:00:46		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-24 20:00:46		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-09-24 20:01:19		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-24 20:01:19		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-09-24 21:47:22		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-24 21:47:22		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-24 21:47:22		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-24 21:47:22		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-24 21:59:08		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-24 21:59:08		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-24 21:59:08		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-24 21:59:08		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-24 22:27:04		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-24 22:27:04		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-24 22:27:06		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-24 22:27:06		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-24 22:48:45		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-3 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0xe7c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-24 22:48:45		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0xa9fcd6 Linked Logon ID: 0xa9fcff Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xe7c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-24 22:48:45		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0xa9fcff Linked Logon ID: 0xa9fcd6 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xe7c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-24 22:48:45		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-24 22:48:45		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0xa9fcd6 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-24 22:48:45		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0xa9fcff Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12548	2015-09-24 22:48:45		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12545	2015-09-24 22:48:46		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1a3972 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12545	2015-09-24 22:48:47		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x191430 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-24 22:48:47		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x1913f9 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12290	2015-09-25 10:13:21		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-25 10:13:21		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-25 10:13:21		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-25 10:13:21		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-25 10:13:21		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-25 10:13:21		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 10:13:21		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 10:13:21		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 10:13:21		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 10:13:21		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 10:13:21		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 10:13:21		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-25 10:13:21		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-25 10:13:21		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0xab0629 Linked Logon ID: 0xab0658 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-25 10:13:21		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0xab0658 Linked Logon ID: 0xab0629 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-25 10:13:21		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0xab0629 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-09-25 10:13:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x610 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-09-25 10:13:21		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-09-25 10:13:22		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x330 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-25 10:13:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0xab080f Linked Logon ID: 0xab083b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x330 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-25 10:13:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0xab083b Linked Logon ID: 0xab080f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x330 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-25 10:13:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-09-25 10:13:22		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0xab083b Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-25 10:13:22		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0xab080f Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-09-25 10:13:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0xab080f Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-25 10:13:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-09-25 10:13:22		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-09-25 10:13:22		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Failure	12290	2015-09-25 10:13:23		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-25 10:13:23		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	13824	2015-09-25 10:13:26		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0xab0658 Additional Information: Caller Workstation: VANBANGIT Target Account Name: Administrator Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-25 10:13:26		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0xab0658 Additional Information: Caller Workstation: VANBANGIT Target Account Name: DefaultAccount Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-25 10:13:26		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0xab0658 Additional Information: Caller Workstation: VANBANGIT Target Account Name: Guest Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-25 10:13:26		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0xab0658 Additional Information: Caller Workstation: VANBANGIT Target Account Name: HomeGroupUser$ Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-25 10:14:35		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0xab0658 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0xe94 Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Failure	12290	2015-09-25 10:17:04		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-25 10:17:04		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-25 11:13:16		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-2 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x1e6c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-25 11:13:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0xc9c9e6 Linked Logon ID: 0xc9ca19 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1e6c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-25 11:13:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0xc9ca19 Linked Logon ID: 0xc9c9e6 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1e6c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-25 11:13:16		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-25 11:13:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0xc9c9e6 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-25 11:13:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0xc9ca19 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12548	2015-09-25 11:13:16		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12545	2015-09-25 11:13:17		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0xab0658 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12545	2015-09-25 11:13:18		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0xa9fcff Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-25 11:13:18		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0xa9fcd6 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12290	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0xcaddbe Linked Logon ID: 0xcaddec Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0xcaddec Linked Logon ID: 0xcaddbe Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x330 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0xcadfb9 Linked Logon ID: 0xcadfe5 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x330 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0xcadfe5 Linked Logon ID: 0xcadfb9 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x330 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0xcadfe5 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0xcadfb9 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0xcaddbe Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0xcadfb9 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x133c Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-09-25 14:45:50		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-09-25 14:45:51		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Failure	12290	2015-09-25 14:45:52		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-25 14:45:52		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	13824	2015-09-25 14:45:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0xcaddec Additional Information: Caller Workstation: VANBANGIT Target Account Name: Administrator Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-25 14:45:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0xcaddec Additional Information: Caller Workstation: VANBANGIT Target Account Name: DefaultAccount Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-25 14:45:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0xcaddec Additional Information: Caller Workstation: VANBANGIT Target Account Name: Guest Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-25 14:45:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0xcaddec Additional Information: Caller Workstation: VANBANGIT Target Account Name: HomeGroupUser$ Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-25 14:47:00		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0xcaddec User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x1748 Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Success	12544	2015-09-25 14:48:50		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-25 14:48:50		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-09-25 14:50:54		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-25 14:50:54		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-25 14:50:54		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 14:50:54		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-25 15:12:21		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-25 15:12:21		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-09-25 15:14:28		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-25 15:14:28		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-25 15:14:28		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-25 15:14:28		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-09-25 15:24:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-25 15:24:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-25 15:24:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-25 15:24:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13826	2015-09-25 15:24:53		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1df0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-09-25 15:24:53		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1df0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-09-25 15:24:53		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1df0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-09-25 15:24:53		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1df0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-09-25 15:24:53		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1df0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-09-25 15:24:53		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1df0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-09-25 15:24:53		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1df0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	13826	2015-09-25 15:24:53		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1df0 Process Name: C:\Windows\System32\VSSVC.exe
Security	Audit Success	12544	2015-09-25 16:08:30		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x308 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-25 16:08:30		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1015aae Linked Logon ID: 0x1015ad4 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x308 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-25 16:08:30		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1015ad4 Linked Logon ID: 0x1015aae Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x308 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-25 16:08:30		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1015aae Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-25 16:08:30		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1015ad4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12545	2015-09-25 16:08:31		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0xcaddec This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12545	2015-09-25 16:08:33		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0xc9ca19 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-25 16:08:33		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0xc9c9e6 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Failure	12290	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12290	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x10258cb Linked Logon ID: 0x10258fb Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x10258fb Linked Logon ID: 0x10258cb Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x330 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1025af6 Linked Logon ID: 0x1025b33 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x330 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1025b33 Linked Logon ID: 0x1025af6 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x330 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1025b33 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1025af6 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x10258cb Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1025af6 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x11f8 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-09-25 21:52:11		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Failure	12290	2015-09-25 21:52:12		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-25 21:52:12		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	13826	2015-09-25 21:52:12		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13824	2015-09-25 21:52:14		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x10258fb Additional Information: Caller Workstation: VANBANGIT Target Account Name: Administrator Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-25 21:52:14		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x10258fb Additional Information: Caller Workstation: VANBANGIT Target Account Name: DefaultAccount Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-25 21:52:14		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x10258fb Additional Information: Caller Workstation: VANBANGIT Target Account Name: Guest Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-25 21:52:14		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x10258fb Additional Information: Caller Workstation: VANBANGIT Target Account Name: HomeGroupUser$ Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-25 21:53:10		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x10258fb User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x604 Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Security	Audit Failure	12290	2015-09-25 22:02:07		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-25 22:02:07		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-25 22:02:07		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 22:02:07		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-25 22:08:21		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-25 22:08:21		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-25 22:08:21		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 22:08:21		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Failure	12290	2015-09-25 22:38:37		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-25 22:38:37		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-25 22:38:37		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 22:38:37		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-25 22:39:13		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-25 22:39:13		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Failure	12290	2015-09-25 22:54:10		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Failure	12290	2015-09-25 22:54:10		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-25 22:54:10		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-25 22:54:10		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-25 22:57:50		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-2 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x1d18 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-25 22:57:50		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x1368641 Linked Logon ID: 0x1368668 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1d18 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-25 22:57:50		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x1368668 Linked Logon ID: 0x1368641 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1d18 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-25 22:57:50		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-25 22:57:50		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x1368641 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-25 22:57:50		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x1368668 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12548	2015-09-25 22:57:50		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12545	2015-09-25 22:57:51		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x10258fb This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12545	2015-09-25 22:57:52		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1015ad4 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-25 22:57:52		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1015aae Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12290	2015-09-26 08:48:21		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-26 08:48:21		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-26 08:48:21		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-26 08:48:21		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-26 08:48:21		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-26 08:48:21		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-09-26 08:48:21		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-26 08:48:21		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-26 08:48:21		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-26 08:48:21		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-26 08:48:21		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-26 08:48:21		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-26 08:48:21		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-26 08:48:21		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1378ff8 Linked Logon ID: 0x1379031 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-26 08:48:21		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1379031 Linked Logon ID: 0x1378ff8 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-26 08:48:21		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1378ff8 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-09-26 08:48:21		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x1ca8 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-09-26 08:48:21		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	12544	2015-09-26 08:48:22		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x330 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-26 08:48:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1379238 Linked Logon ID: 0x1379264 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x330 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-26 08:48:22		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1379264 Linked Logon ID: 0x1379238 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x330 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-09-26 08:48:22		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1379264 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-26 08:48:22		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1379238 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-09-26 08:48:22		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1379238 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-09-26 08:48:22		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13826	2015-09-26 08:48:22		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Failure	12290	2015-09-26 08:48:23		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-26 08:48:23		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	13824	2015-09-26 08:48:24		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1379031 Additional Information: Caller Workstation: VANBANGIT Target Account Name: Administrator Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-26 08:48:24		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1379031 Additional Information: Caller Workstation: VANBANGIT Target Account Name: DefaultAccount Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-26 08:48:24		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1379031 Additional Information: Caller Workstation: VANBANGIT Target Account Name: Guest Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-26 08:48:24		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1379031 Additional Information: Caller Workstation: VANBANGIT Target Account Name: HomeGroupUser$ Target Account Domain: vanbangit
Security	Audit Failure	12290	2015-09-26 08:48:31		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-26 08:48:31		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-26 08:48:53		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x328 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-26 08:48:53		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12544	2015-09-26 08:52:32		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-3 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x1b58 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-26 08:52:32		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x144a000 Linked Logon ID: 0x144a035 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1b58 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-26 08:52:32		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x144a035 Linked Logon ID: 0x144a000 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1b58 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12548	2015-09-26 08:52:32		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x144a000 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-26 08:52:32		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x144a035 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
Security	Audit Success	12545	2015-09-26 08:52:34		Microsoft-Windows-Security-Auditing	4647: User initiated logoff: Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1379031 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Security	Audit Success	12545	2015-09-26 08:52:36		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x1368668 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-26 08:52:36		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x1368641 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12290	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12290	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
Security	Audit Success	12292	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {772D356F-D139-4408-97E5-CBE1D1ADBE22} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\a63f85bf532403431e59bf70d8a145bd_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12292	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {8A74782A-334C-4672-B492-90C16ECC23D8} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\0632cfaa5f0e97e033cc4c7b134eac93_ee759b59-7166-4417-b468-2bb994b319d6 Operation: %%2458 Return Code: 0x0
Security	Audit Success	12544	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1459d6a Linked Logon ID: 0x1459d98 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1459d98 Linked Logon ID: 0x1459d6a Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: VANBANGIT Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x330 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account�s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Security	Audit Success	12544	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x145a936 Linked Logon ID: 0x145a962 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x330 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12544	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x145a962 Linked Logon ID: 0x145a936 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x330 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: VANBANGIT Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Security	Audit Success	12545	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x145a962 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12545	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	4634: An account was logged off. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x145a936 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Security	Audit Success	12548	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x1459d6a Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	12548	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: truongvanbang@hotmail.com Account Domain: MicrosoftAccount Logon ID: 0x145a936 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege
Security	Audit Success	13824	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\LogonUI.exe
Security	Audit Success	13824	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Success	13824	2015-09-26 17:58:54		Microsoft-Windows-Security-Auditing	4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Changed Attributes: SAM Account Name: - Display Name: Truong Van Bang User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
Security	Audit Failure	12290	2015-09-26 17:58:55		Microsoft-Windows-Security-Auditing	5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
Security	Audit Success	12292	2015-09-26 17:58:55		Microsoft-Windows-Security-Auditing	5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 51a92691-66f1-280f-d0db-59fad4f73491 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848 Operation: %%2458 Return Code: 0x0
Security	Audit Success	13826	2015-09-26 17:58:55		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: VANBANGIT$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x8 Process Name: C:\Windows\System32\svchost.exe
Security	Audit Success	13824	2015-09-26 17:58:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d98 Additional Information: Caller Workstation: VANBANGIT Target Account Name: Administrator Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-26 17:58:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d98 Additional Information: Caller Workstation: VANBANGIT Target Account Name: DefaultAccount Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-26 17:58:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d98 Additional Information: Caller Workstation: VANBANGIT Target Account Name: Guest Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-26 17:58:57		Microsoft-Windows-Security-Auditing	4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d98 Additional Information: Caller Workstation: VANBANGIT Target Account Name: HomeGroupUser$ Target Account Domain: vanbangit
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-500 Account Name: Administrator Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-503 Account Name: DefaultAccount Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-501 Account Name: Guest Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1003 Account Name: HomeGroupUser$ Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-500 Account Name: Administrator Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-503 Account Name: DefaultAccount Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-501 Account Name: Guest Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1003 Account Name: HomeGroupUser$ Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-500 Account Name: Administrator Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-500 Account Name: Administrator Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-503 Account Name: DefaultAccount Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-503 Account Name: DefaultAccount Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-501 Account Name: Guest Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-501 Account Name: Guest Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1003 Account Name: HomeGroupUser$ Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1003 Account Name: HomeGroupUser$ Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-500 Account Name: Administrator Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-500 Account Name: Administrator Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-501 Account Name: Guest Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-501 Account Name: Guest Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1003 Account Name: HomeGroupUser$ Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1003 Account Name: HomeGroupUser$ Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-500 Account Name: Administrator Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-500 Account Name: Administrator Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-501 Account Name: Guest Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-501 Account Name: Guest Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1003 Account Name: HomeGroupUser$ Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-1003 Account Name: HomeGroupUser$ Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-503 Account Name: DefaultAccount Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13824	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a User: Security ID: S-1-5-21-886380259-2908458254-2842452784-503 Account Name: DefaultAccount Account Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13826	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a Group: Security ID: S-1-5-32-579 Group Name: Access Control Assistance Operators Group Domain: Builtin Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13826	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13826	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13826	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a Group: Security ID: S-1-5-32-569 Group Name: Cryptographic Operators Group Domain: Builtin Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13826	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13826	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13826	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13826	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a Group: Security ID: S-1-5-21-886380259-2908458254-2842452784-1002 Group Name: HomeUsers Group Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13826	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a Group: Security ID: S-1-5-32-578 Group Name: Hyper-V Administrators Group Domain: Builtin Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13826	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13826	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a Group: Security ID: S-1-5-32-556 Group Name: Network Configuration Operators Group Domain: Builtin Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13826	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13826	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13826	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a Group: Security ID: S-1-5-32-547 Group Name: Power Users Group Domain: Builtin Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13826	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a Group: Security ID: S-1-5-32-555 Group Name: Remote Desktop Users Group Domain: Builtin Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13826	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a Group: Security ID: S-1-5-32-580 Group Name: Remote Management Users Group Domain: Builtin Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13826	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a Group: Security ID: S-1-5-32-552 Group Name: Replicator Group Domain: Builtin Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13826	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a Group: Security ID: S-1-5-32-581 Group Name: System Managed Accounts Group Group Domain: Builtin Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13826	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
Security	Audit Success	13826	2015-09-26 18:01:09		Microsoft-Windows-Security-Auditing	4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-886380259-2908458254-2842452784-1001 Account Name: Truong Account Domain: VANBANGIT Logon ID: 0x1459d6a Group: Security ID: S-1-5-21-886380259-2908458254-2842452784-1000 Group Name: WinRMRemoteWMIUsers__ Group Domain: vanbangit Process Information: Process ID: 0x1bcc Process Name: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
System	Error	None	2015-09-20 16:19:40		Service Control Manager	7031:
System	Error	None	2015-09-20 16:19:40		Service Control Manager	7031:
System	Error	None	2015-09-20 16:19:40		Service Control Manager	7031:
System	Error	None	2015-09-20 16:19:40		Service Control Manager	7031:
System	Warning	1014	2015-09-20 21:29:39	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name isatap.domain.name timed out after none of the configured DNS servers responded.
System	Error	None	2015-09-20 22:59:28		Service Control Manager	7031:
System	Error	None	2015-09-20 22:59:28		Service Control Manager	7031:
System	Error	None	2015-09-20 22:59:28		Service Control Manager	7031:
System	Error	None	2015-09-20 22:59:28		Service Control Manager	7031:
System	Error	None	2015-09-21 13:59:22	Truong	DCOM
System	Warning	1014	2015-09-21 14:53:39	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name clients4.google.com timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-09-21 15:08:18	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name clients1.google.com timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-09-21 15:30:50	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name s.youtube.com timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-09-21 15:44:38	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name www.amazon.com timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-09-21 15:45:20	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name _ldap._tcp.dc._msdcs.WORKGROUP timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-09-21 15:45:29	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name clients4.google.com timed out after none of the configured DNS servers responded.
System	Warning	None	2015-09-21 16:06:42		Tcpip	4230: TCP/IP has chosen to restrict the congestion window for several connections due to a network condition. This could be related to a problem in the TCP global or supplemental configuration and will cause degraded throughput.
System	Error	None	2015-09-21 16:10:02		Service Control Manager	7031:
System	Error	None	2015-09-21 16:10:02		Service Control Manager	7031:
System	Error	None	2015-09-21 16:10:02		Service Control Manager	7031:
System	Error	None	2015-09-21 16:10:02		Service Control Manager	7031:
System	Error	None	2015-09-21 16:10:06	Truong	DCOM
System	Error	None	2015-09-21 22:54:37		Service Control Manager	7031:
System	Error	None	2015-09-21 22:54:37		Service Control Manager	7031:
System	Error	None	2015-09-21 22:54:37		Service Control Manager	7031:
System	Error	None	2015-09-21 22:54:37		Service Control Manager	7031:
System	Warning	1014	2015-09-22 18:47:45	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name _ldap._tcp.dc._msdcs.WORKGROUP timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-09-22 18:48:43	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name _ldap._tcp.dc._msdcs.WORKGROUP timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-09-22 21:46:45	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name www.facebook.com timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-09-22 21:48:33	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name isatap.domain.name timed out after none of the configured DNS servers responded.
System	Error	None	2015-09-22 22:54:15		Service Control Manager	7031:
System	Error	None	2015-09-22 22:54:15		Service Control Manager	7031:
System	Error	None	2015-09-22 22:54:15		Service Control Manager	7031:
System	Error	None	2015-09-22 22:54:15		Service Control Manager	7031:
System	Warning	1014	2015-09-23 19:10:10	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name _ldap._tcp.dc._msdcs.WORKGROUP timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-09-23 19:10:41	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name login.live.com timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-09-23 19:11:00	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name _ldap._tcp.dc._msdcs.WORKGROUP timed out after none of the configured DNS servers responded.
System	Error	None	2015-09-23 20:19:37		Service Control Manager	7031:
System	Error	None	2015-09-23 20:19:37		Service Control Manager	7031:
System	Error	None	2015-09-23 20:19:37		Service Control Manager	7031:
System	Error	None	2015-09-23 20:19:37		Service Control Manager	7031:
System	Warning	None	2015-09-24 11:52:56		BTHUSB	28:
System	Error	None	2015-09-24 11:54:05	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:07	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:13	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:13	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:14	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:17	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:22	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:23	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:25	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:26	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:28	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:31	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:31	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:37	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:38	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:39	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:40	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:41	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:44	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:51	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:52	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:58	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:59	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 11:54:59	LOCAL SERVICE	DCOM
System	Error	None	2015-09-24 12:02:43		Service Control Manager	7031:
System	Error	None	2015-09-24 12:02:43		Service Control Manager	7031:
System	Error	None	2015-09-24 12:02:43		Service Control Manager	7031:
System	Error	None	2015-09-24 12:02:43		Service Control Manager	7031:
System	Warning	1014	2015-09-24 21:45:37	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name s.youtube.com timed out after none of the configured DNS servers responded.
System	Warning	1014	2015-09-24 22:24:55	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name s.youtube.com timed out after none of the configured DNS servers responded.
System	Error	None	2015-09-24 22:48:45		Service Control Manager	7031:
System	Error	None	2015-09-24 22:48:45		Service Control Manager	7031:
System	Error	None	2015-09-24 22:48:45		Service Control Manager	7031:
System	Error	None	2015-09-24 22:48:45		Service Control Manager	7031:
System	Error	None	2015-09-25 10:15:29	Truong	DCOM
System	Warning	1014	2015-09-25 11:12:13	NETWORK SERVICE	Microsoft-Windows-DNS-Client	1014: Name resolution for the name thanmadigioi.com timed out after none of the configured DNS servers responded.
System	Error	None	2015-09-25 11:13:16		Service Control Manager	7031:
System	Error	None	2015-09-25 11:13:16		Service Control Manager	7031:
System	Error	None	2015-09-25 11:13:16		Service Control Manager	7031:
System	Error	None	2015-09-25 11:13:16		Service Control Manager	7031:
System	Error	None	2015-09-25 16:08:30		Service Control Manager	7031:
System	Error	None	2015-09-25 16:08:30		Service Control Manager	7031:
System	Error	None	2015-09-25 16:08:30		Service Control Manager	7031:
System	Error	None	2015-09-25 16:08:30		Service Control Manager	7031:
System	Error	1	2015-09-25 22:38:42	SYSTEM	Microsoft-Windows-WindowsUpdateClient	20:
System	Error	None	2015-09-25 22:57:50		Service Control Manager	7031:
System	Error	None	2015-09-25 22:57:50		Service Control Manager	7031:
System	Error	None	2015-09-25 22:57:50		Service Control Manager	7031:
System	Error	None	2015-09-25 22:57:50		Service Control Manager	7031:
System	Error	None	2015-09-26 08:48:49	Truong	DCOM
System	Error	None	2015-09-26 08:52:32		Service Control Manager	7031:
System	Error	None	2015-09-26 08:52:32		Service Control Manager	7031:
System	Error	None	2015-09-26 08:52:32		Service Control Manager	7031:
System	Error	None	2015-09-26 08:52:32		Service Control Manager	7031:
System	Error	None	2015-09-26 18:00:04		Application Popup	875:
System	Error	None	2015-09-26 18:00:04		Service Control Manager	7000:
System	Error	None	2015-09-26 18:00:04		Application Popup	875:
System	Error	None	2015-09-26 18:00:04		Service Control Manager	7000:

Database Software


Database Drivers:
	Borland Database Engine	-
	Borland InterBase Client	-
	Easysoft ODBC-InterBase 6	-
	Easysoft ODBC-InterBase 7	-
	Firebird Client	-
	Jet Engine	4.00.9765.0
	MDAC	10.0.10240.16384 (th1.150709-1700)
	ODBC	10.0.10240.16384 (th1.150709-1700)
	MySQL Connector/ODBC	-
	Oracle Client	-
	PsqlODBC	-
	Sybase ASE ODBC	-

Database Servers:
	Borland InterBase Server	-
	Firebird Server	-
	Microsoft SQL Server	-
	Microsoft SQL Server Compact Edition	-
	Microsoft SQL Server Express Edition	-
	MySQL Server	-
	Oracle Server	-
	PostgreSQL Server	-
	Sybase SQL Server	-

ODBC Drivers


Driver Description	File Name	Version	File Extensions Supported
Driver da Microsoft para arquivos texto (.txt; .csv)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	.,.asc,.csv,.tab,.txt,.csv
Driver do Microsoft Access (*.mdb)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	*.mdb
Driver do Microsoft dBase (*.dbf)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	.dbf,.ndx,*.mdx
Driver do Microsoft Excel(*.xls)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	*.xls
Driver do Microsoft Paradox (*.db )	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	*.db
Microsoft Access Driver (*.mdb)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	*.mdb
Microsoft Access-Treiber (*.mdb)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	*.mdb
Microsoft dBase Driver (*.dbf)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	.dbf,.ndx,*.mdx
Microsoft dBase-Treiber (*.dbf)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	.dbf,.ndx,*.mdx
Microsoft Excel Driver (*.xls)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	*.xls
Microsoft Excel-Treiber (*.xls)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	*.xls
Microsoft ODBC for Oracle	msorcl32.dll	10.0.10240.16384 (th1.150709-1700)
Microsoft Paradox Driver (*.db )	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	*.db
Microsoft Paradox-Treiber (*.db )	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	*.db
Microsoft Text Driver (.txt; .csv)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	.,.asc,.csv,.tab,.txt,.csv
Microsoft Text-Treiber (.txt; .csv)	odbcjt32.dll	10.0.10240.16384 (th1.150709-1700)	.,.asc,.csv,.tab,.txt,.csv
SQL Server	sqlsrv32.dll	10.0.10240.16384 (th1.150709-1700)
SQL Server	sqlsrv32.dll	10.0.10240.16384 (th1.150709-1700)

ODBC Data Sources


Data Source Name	Data Source Description	Type	Driver File Name
dBASE Files	Microsoft Access dBASE Driver (.dbf, .ndx, *.mdx)	User	aceodbc.dll
Excel Files	Microsoft Excel Driver (.xls, .xlsx, .xlsm, .xlsb)	User	aceodbc.dll
MS Access Database	Microsoft Access Driver (.mdb, .accdb)	User	aceodbc.dll

Memory Read


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Read Speed
Core i7-3770K	3500 MHz	Asus Sabertooth Z77	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	18778 MB/s
Core i7-3960X Extreme	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	16795 MB/s
Core i7-2600	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	16187 MB/s
FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	14342 MB/s
Core i3-3110M	2354 MHz	Asus K45A Series Notebook	HM76			14180 MB/s
Core i7-990X Extreme	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	14118 MB/s
Core i7-965 Extreme	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	13278 MB/s
Xeon X5550	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	12446 MB/s
A10-5800K	3800 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-1866	9-10-9-27 CR2	12154 MB/s
Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	11447 MB/s
Core i5-650	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	9132 MB/s
Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	8847 MB/s
Pentium EE 955	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	7989 MB/s
A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	7956 MB/s
P4EE	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	7876 MB/s
Phenom II X6 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR1	7664 MB/s
Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	7457 MB/s
Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	7156 MB/s
Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	7009 MB/s
Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	6691 MB/s
Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	6336 MB/s
Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	6169 MB/s
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	5936 MB/s
Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	5684 MB/s
Celeron 420	1600 MHz	Intel DQ965CO	Q965 Int.	Dual DDR2-667	5-5-5-15	5377 MB/s
Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	5281 MB/s
Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	4961 MB/s
Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	4909 MB/s
Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	4825 MB/s
Xeon	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	4568 MB/s
Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	4353 MB/s
Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	4060 MB/s
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	3967 MB/s
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	3915 MB/s
Nano X2 L4350	1733 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	3838 MB/s
E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	3797 MB/s
Atom 230	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	3596 MB/s
Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	3514 MB/s
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	3347 MB/s
Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	3238 MB/s
Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	3141 MB/s
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	2906 MB/s
Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	2808 MB/s

Memory Write


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Write Speed
Core i7-3770K	3500 MHz	Asus Sabertooth Z77	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	19468 MB/s
Core i7-2600	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	18439 MB/s
Core i7-3960X Extreme	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	15093 MB/s
Core i3-3110M	2400 MHz	Asus K45A Series Notebook	HM76			13571 MB/s
Core i7-990X Extreme	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	13554 MB/s
Core i7-965 Extreme	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	11984 MB/s
A10-5800K	3800 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-1866	9-10-9-27 CR2	10315 MB/s
FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	10218 MB/s
Core i5-650	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	9540 MB/s
Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	9426 MB/s
Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	8834 MB/s
Nano X2 L4350	1733 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	7883 MB/s
Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	7060 MB/s
Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	6743 MB/s
Phenom II X6 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR1	6677 MB/s
Xeon X5550	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	6342 MB/s
A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	6330 MB/s
Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	5816 MB/s
Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	5750 MB/s
Pentium EE 955	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	5606 MB/s
P4EE	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	5593 MB/s
Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	5381 MB/s
Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	4848 MB/s
Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	4840 MB/s
Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	4585 MB/s
Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	4456 MB/s
Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	4229 MB/s
Xeon	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	4176 MB/s
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	4113 MB/s
Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	3797 MB/s
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	3796 MB/s
Celeron 420	1600 MHz	Intel DQ965CO	Q965 Int.	Dual DDR2-667	5-5-5-15	3629 MB/s
Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	3585 MB/s
Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	3254 MB/s
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	3157 MB/s
Atom 230	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	2816 MB/s
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	2769 MB/s
Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	2506 MB/s
Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	2462 MB/s
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	2341 MB/s
Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	2320 MB/s
Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	2000 MB/s
E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	1582 MB/s

Memory Copy


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Copy Speed
Core i7-3770K	3500 MHz	Asus Sabertooth Z77	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	21228 MB/s
FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	18588 MB/s
A10-5800K	3800 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-1866	9-10-9-27 CR2	17717 MB/s
Core i7-2600	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	16721 MB/s
Core i7-3960X Extreme	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	16653 MB/s
Core i3-3110M	2366 MHz	Asus K45A Series Notebook	HM76			15706 MB/s
Core i7-965 Extreme	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	13834 MB/s
Core i7-990X Extreme	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	12737 MB/s
Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	11218 MB/s
A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	10723 MB/s
Phenom II X6 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR1	10506 MB/s
Core i5-650	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	9453 MB/s
Xeon X5550	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	9402 MB/s
Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	8296 MB/s
Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	7106 MB/s
Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	6805 MB/s
Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	6491 MB/s
Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	6471 MB/s
Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	6223 MB/s
Pentium EE 955	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	6044 MB/s
P4EE	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	5949 MB/s
Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	5432 MB/s
Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	5418 MB/s
Nano X2 L4350	1733 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	5084 MB/s
Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	4996 MB/s
Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	4762 MB/s
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	4625 MB/s
Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	4573 MB/s
Celeron 420	1600 MHz	Intel DQ965CO	Q965 Int.	Dual DDR2-667	5-5-5-15	4229 MB/s
Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	4228 MB/s
Xeon	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	4050 MB/s
Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	3890 MB/s
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	3667 MB/s
Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	3273 MB/s
Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	3152 MB/s
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	3082 MB/s
Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	2966 MB/s
Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	2893 MB/s
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	2762 MB/s
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	2579 MB/s
Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	2519 MB/s
E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	2426 MB/s
Atom 230	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	2364 MB/s

Memory Latency


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Latency
Core i7-3770K	3500 MHz	Asus Sabertooth Z77	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	41.5 ns
Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	47.5 ns
FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	51.3 ns
Core i7-2600	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	54.0 ns
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	55.5 ns
Core i7-3960X Extreme	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	55.9 ns
Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	58.0 ns
Phenom II X6 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR1	58.2 ns
Core i3-3110M	2400 MHz	Asus K45A Series Notebook	HM76			59.0 ns
Core i7-990X Extreme	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	59.4 ns
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	59.9 ns
Core i7-965 Extreme	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	60.1 ns
A10-5800K	3800 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-1866	9-10-9-27 CR2	62.0 ns
Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	62.2 ns
Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	62.4 ns
A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	62.6 ns
Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	68.5 ns
Xeon X5550	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	69.1 ns
Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	71.8 ns
Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	75.1 ns
Pentium EE 955	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	80.7 ns
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	81.1 ns
Core i5-650	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	83.1 ns
Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	83.5 ns
P4EE	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	85.8 ns
Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	85.8 ns
E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	87.3 ns
Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	87.3 ns
Celeron 420	1600 MHz	Intel DQ965CO	Q965 Int.	Dual DDR2-667	5-5-5-15	88.0 ns
Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	88.8 ns
Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	97.9 ns
Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	102.1 ns
Atom 230	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	103.0 ns
Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	109.4 ns
Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	110.5 ns
Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	111.5 ns
Nano X2 L4350	1733 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	113.7 ns
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	117.0 ns
Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	126.9 ns
Xeon	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	146.2 ns
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	148.7 ns
Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	158.3 ns
Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	222.4 ns

CPU Queen


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	62282
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	56820
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	53517
4x Core i7-3770K HT	3500 MHz	Asus Sabertooth Z77	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	46849
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	44128
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	42552
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	41732
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	37791
6x Phenom II X6 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR1	32372
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	31712
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	30772
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	26976
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	25502
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	22172
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	22000
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	21967
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	21919
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	21408
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	21222
4x A10-5800K	3800 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-1866	9-10-9-27 CR2	21103
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	19187
2x Core i3-3110M HT	2400 MHz	Asus K45A Series Notebook	HM76			16456
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	16100
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	12583
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	12135
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	11234
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	9615
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	7449
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	7316
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	7301
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	5920
Nano X2 L4350	1733 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	5902
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	5158
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	4877
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	4081
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	4024
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	3853
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	3793
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	3514
Celeron 420	1600 MHz	Intel DQ965CO	Q965 Int.	Dual DDR2-667	5-5-5-15	3304
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	2814
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	2590
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	1839

CPU PhotoWorxx


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	22812 MPixel/s
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	20420 MPixel/s
4x Core i7-3770K HT	3500 MHz	Asus Sabertooth Z77	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	14045 MPixel/s
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	12508 MPixel/s
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	11879 MPixel/s
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	11540 MPixel/s
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	11414 MPixel/s
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	11138 MPixel/s
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	10676 MPixel/s
4x A10-5800K	3800 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-1866	9-10-9-27 CR2	9142 MPixel/s
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	8537 MPixel/s
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	8070 MPixel/s
2x Core i3-3110M HT	2400 MHz	Asus K45A Series Notebook	HM76			7964 MPixel/s
6x Phenom II X6 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR1	7147 MPixel/s
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	6860 MPixel/s
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	6131 MPixel/s
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	5634 MPixel/s
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	4720 MPixel/s
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	4217 MPixel/s
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	3830 MPixel/s
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	3687 MPixel/s
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	3460 MPixel/s
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	3044 MPixel/s
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	2929 MPixel/s
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	2927 MPixel/s
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	2792 MPixel/s
Nano X2 L4350	1733 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	2568 MPixel/s
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	2367 MPixel/s
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	2147 MPixel/s
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	1903 MPixel/s
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	1874 MPixel/s
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	1864 MPixel/s
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	1863 MPixel/s
Celeron 420	1600 MHz	Intel DQ965CO	Q965 Int.	Dual DDR2-667	5-5-5-15	1852 MPixel/s
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	1814 MPixel/s
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	1748 MPixel/s
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	1677 MPixel/s
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	1243 MPixel/s
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	1217 MPixel/s
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	1098 MPixel/s
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	1097 MPixel/s
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	878 MPixel/s
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	826 MPixel/s

CPU ZLib


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	418.3 MB/s
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	351.1 MB/s
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	341.8 MB/s
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	338.2 MB/s
4x Core i7-3770K HT	3500 MHz	Asus Sabertooth Z77	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	299.7 MB/s
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	277.6 MB/s
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	269.0 MB/s
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	260.0 MB/s
6x Phenom II X6 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR1	246.3 MB/s
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	234.2 MB/s
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	215.0 MB/s
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	181.0 MB/s
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	166.2 MB/s
4x A10-5800K	3800 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-1866	9-10-9-27 CR2	162.6 MB/s
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	148.2 MB/s
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	146.2 MB/s
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	145.8 MB/s
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	130.0 MB/s
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	112.5 MB/s
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	107.6 MB/s
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	103.4 MB/s
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	100.7 MB/s
2x Core i3-3110M HT	2375 MHz	Asus K45A Series Notebook	HM76			97.6 MB/s
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	78.9 MB/s
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	71.6 MB/s
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	70.2 MB/s
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	57.3 MB/s
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	55.4 MB/s
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	54.9 MB/s
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	45.0 MB/s
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	39.6 MB/s
Nano X2 L4350	1733 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	34.5 MB/s
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	31.5 MB/s
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	31.1 MB/s
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	29.7 MB/s
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	29.4 MB/s
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	23.2 MB/s
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	21.8 MB/s
Celeron 420	1600 MHz	Intel DQ965CO	Q965 Int.	Dual DDR2-667	5-5-5-15	19.1 MB/s
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	17.5 MB/s
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	16.6 MB/s
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	15.6 MB/s
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	14.8 MB/s

CPU AES


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	21100 MB/s
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	15390 MB/s
4x Core i7-3770K HT	3500 MHz	Asus Sabertooth Z77	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	14453 MB/s
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	13718 MB/s
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	12249 MB/s
4x A10-5800K	3800 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-1866	9-10-9-27 CR2	8663 MB/s
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	3782 MB/s
Nano X2 L4350	1733 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	3151 MB/s
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	1930 MB/s
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	1454 MB/s
6x Phenom II X6 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR1	1332 MB/s
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	1286 MB/s
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	1213 MB/s
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	1152 MB/s
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	913 MB/s
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	802 MB/s
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	790 MB/s
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	789 MB/s
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	721 MB/s
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	651 MB/s
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	587 MB/s
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	566 MB/s
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	524 MB/s
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	493 MB/s
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	473 MB/s
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	421 MB/s
2x Core i3-3110M HT	2366 MHz	Asus K45A Series Notebook	HM76			342 MB/s
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	311 MB/s
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	277 MB/s
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	273 MB/s
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	269 MB/s
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	245 MB/s
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	242 MB/s
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	184 MB/s
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	153 MB/s
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	148 MB/s
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	144 MB/s
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	131 MB/s
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	109 MB/s
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	105 MB/s
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	98 MB/s
Celeron 420	1600 MHz	Intel DQ965CO	Q965 Int.	Dual DDR2-667	5-5-5-15	85 MB/s
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	44 MB/s

CPU Hash


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	4784 MB/s
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	3924 MB/s
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	3676 MB/s
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	3617 MB/s
6x Phenom II X6 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR1	3304 MB/s
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	3189 MB/s
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	3131 MB/s
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	3103 MB/s
4x Core i7-3770K HT	3500 MHz	Asus Sabertooth Z77	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	2994 MB/s
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	2550 MB/s
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	2344 MB/s
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	2242 MB/s
4x A10-5800K	3800 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-1866	9-10-9-27 CR2	2032 MB/s
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	1989 MB/s
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	1944 MB/s
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	1935 MB/s
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	1912 MB/s
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	1682 MB/s
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	1656 MB/s
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	1464 MB/s
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	1441 MB/s
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	1101 MB/s
Nano X2 L4350	1733 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	1057 MB/s
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	980 MB/s
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	968 MB/s
2x Core i3-3110M HT	2348 MHz	Asus K45A Series Notebook	HM76			938 MB/s
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	925 MB/s
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	828 MB/s
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	808 MB/s
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	730 MB/s
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	637 MB/s
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	550 MB/s
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	493 MB/s
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	443 MB/s
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	427 MB/s
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	351 MB/s
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	336 MB/s
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	325 MB/s
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	306 MB/s
Celeron 420	1600 MHz	Intel DQ965CO	Q965 Int.	Dual DDR2-667	5-5-5-15	251 MB/s
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	247 MB/s
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	245 MB/s
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	162 MB/s

FPU VP8


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	6439
4x Core i7-3770K HT	3500 MHz	Asus Sabertooth Z77	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	6375
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	5653
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	5519
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	5019
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	4755
6x Phenom II X6 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR1	4603
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	4371
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	4061
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	3923
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	3908
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	3879
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	3661
4x A10-5800K	3800 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-1866	9-10-9-27 CR2	3357
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	3296
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	3121
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	3084
2x Core i3-3110M HT	2385 MHz	Asus K45A Series Notebook	HM76			2804
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	2721
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	2565
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	2464
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	2377
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	2350
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	1819
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	1797
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	1769
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	1691
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	1349
Nano X2 L4350	1733 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	1197
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	1191
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	1087
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	1051
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	952
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	852
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	801
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	763
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	687
Celeron 420	1600 MHz	Intel DQ965CO	Q965 Int.	Dual DDR2-667	5-5-5-15	687
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	660
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	616
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	581
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	507
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	491

FPU Julia


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	26899
4x Core i7-3770K HT	3500 MHz	Asus Sabertooth Z77	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	19514
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	18506
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	18308
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	18012
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	17670
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	15296
6x Phenom II X6 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR1	12639
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	12208
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	11911
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	11127
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	8952
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	8681
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	8203
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	8070
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	7605
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	7429
4x A10-5800K	3800 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-1866	9-10-9-27 CR2	6641
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	6402
2x Core i3-3110M HT	2400 MHz	Asus K45A Series Notebook	HM76			6256
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	5594
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	5578
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	5551
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	3533
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	3079
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	2444
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	2386
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	2308
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	2052
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	1987
Nano X2 L4350	1733 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	1900
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	1335
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	1307
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	1114
Celeron 420	1600 MHz	Intel DQ965CO	Q965 Int.	Dual DDR2-667	5-5-5-15	959
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	911
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	896
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	893
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	796
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	702
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	640
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	589
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	513

FPU Mandel


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	14271
4x Core i7-3770K HT	3500 MHz	Asus Sabertooth Z77	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	10346
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	9807
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	9318
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	8672
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	8615
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	8066
6x Phenom II X6 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR1	6434
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	6212
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	6083
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	5395
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	4624
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	4419
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	4331
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	4179
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	3968
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	3873
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	3312
2x Core i3-3110M HT	2400 MHz	Asus K45A Series Notebook	HM76			3311
4x A10-5800K	3800 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-1866	9-10-9-27 CR2	3252
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	2888
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	2840
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	2676
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	1823
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	1625
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	1482
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	1449
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	1182
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	1061
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	1051
Nano X2 L4350	1733 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	855
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	794
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	684
Celeron 420	1600 MHz	Intel DQ965CO	Q965 Int.	Dual DDR2-667	5-5-5-15	494
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	476
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	458
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	425
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	407
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	402
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	360
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	328
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	263
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	193

FPU SinJulia


CPU	CPU Clock	Motherboard	Chipset	Memory	CL-RCD-RP-RAS	Score
6x Core i7-990X Extreme HT	3466 MHz	Intel DX58SO2	X58	Triple DDR3-1333	9-9-9-24 CR1	7470
6x Core i7-3960X Extreme HT	3300 MHz	Intel DX79SI	X79	Quad DDR3-1600	9-9-9-24 CR2	7216
8x Xeon X5550 HT	2666 MHz	Supermicro X8DTN+	i5520	Triple DDR3-1333	9-9-9-24 CR1	6993
4x Core i7-3770K HT	3500 MHz	Asus Sabertooth Z77	Z77 Int.	Dual DDR3-1600	9-9-9-24 CR2	4981
4x Core i7-2600 HT	3400 MHz	Asus P8P67	P67	Dual DDR3-1333	9-9-9-24 CR1	4686
12x Opteron 2431	2400 MHz	Supermicro H8DI3+-F	SR5690	Unganged Dual DDR2-800R	6-6-6-18 CR1	4658
4x Core i7-965 Extreme HT	3200 MHz	Asus P6T Deluxe	X58	Triple DDR3-1333	9-9-9-24 CR1	4587
8x Xeon E5462	2800 MHz	Intel S5400SF	i5400	Quad DDR2-640FB	5-5-5-15	4137
6x Phenom II X6 1100T	3300 MHz	Gigabyte GA-890GPA-UD3H v2	AMD890GX Int.	Unganged Dual DDR3-1333	9-9-9-24 CR1	3212
8x Opteron 2378	2400 MHz	Tyan Thunder n3600R	nForcePro-3600	Unganged Dual DDR2-800R	6-6-6-18 CR1	3101
8x FX-8150	3600 MHz	Asus M5A97	AMD970	Dual DDR3-1866	9-10-9-27 CR2	2632
8x Xeon L5320	1866 MHz	Intel S5000VCL	i5000V	Dual DDR2-533FB	4-4-4-12	2589
2x Core i5-650 HT	3200 MHz	Supermicro C7SIM-Q	Q57 Int.	Dual DDR3-1333	9-9-9-24 CR1	2307
4x Xeon X3430	2400 MHz	Supermicro X8SIL-F	i3420	Dual DDR3-1333	9-9-9-24 CR1	2266
4x Core 2 Extreme QX9650	3000 MHz	Gigabyte GA-EP35C-DS3R	P35	Dual DDR3-1066	8-8-8-20 CR2	2221
8x Opteron 2344 HE	1700 MHz	Supermicro H8DME-2	nForcePro-3600	Unganged Dual DDR2-667R	5-5-5-15 CR1	2209
4x Phenom II X4 Black 940	3000 MHz	Asus M3N78-EM	GeForce8300 Int.	Ganged Dual DDR2-800	5-5-5-18 CR2	1934
4x A8-3850	2900 MHz	Gigabyte GA-A75M-UD2H	A75 Int.	Dual DDR3-1333	9-9-9-24 CR1	1870
4x Core 2 Extreme QX6700	2666 MHz	Intel D975XBX2	i975X	Dual DDR2-667	5-5-5-15	1855
4x Xeon 5140	2333 MHz	Intel S5000VSA	i5000V	Dual DDR2-667FB	5-5-5-15	1618
2x Core i3-3110M HT	2366 MHz	Asus K45A Series Notebook	HM76			1565
4x A10-5800K	3800 MHz	Gigabyte GA-F2A85X-UP4	A85X Int.	Dual DDR3-1866	9-10-9-27 CR2	1443
4x Phenom X4 9500	2200 MHz	Asus M3A	AMD770	Ganged Dual DDR2-800	5-5-5-18 CR2	1421
4x Opteron 2210 HE	1800 MHz	Tyan Thunder h2000M	BCM5785	Dual DDR2-600R	5-5-5-15 CR1	1178
2x Athlon64 X2 Black 6400+	3200 MHz	MSI K9N SLI Platinum	nForce570SLI	Dual DDR2-800	4-4-4-11 CR1	1049
2x Core 2 Extreme X6800	2933 MHz	Abit AB9	P965	Dual DDR2-800	5-5-5-18 CR2	1021
2x Pentium EE 955 HT	3466 MHz	Intel D955XBK	i955X	Dual DDR2-667	4-4-4-11	960
2x Xeon HT	3400 MHz	Intel SE7320SP2	iE7320	Dual DDR333R	2.5-3-3-7	942
2x Core 2 Duo P8400	2266 MHz	MSI MegaBook PR201	GM45 Int.	Dual DDR2-667	5-5-5-15	834
2x Athlon64 X2 4000+	2100 MHz	ASRock ALiveNF7G-HDready	nForce7050-630a Int.	Dual DDR2-700	5-5-5-18 CR2	682
P4EE HT	3733 MHz	Intel SE7230NH1LX	iE7230	Dual DDR2-667	5-5-5-15	516
2x E-350	1600 MHz	ASRock E350M1	A50M Int.	DDR3-1066 SDRAM	8-8-8-20 CR1	505
2x Opteron 240	1400 MHz	MSI K8D Master3-133 FS	AMD8100	Dual DDR400R	3-4-4-8 CR1	457
2x Pentium D 820	2800 MHz	Abit Fatal1ty F-I90HD	RS600 Int.	Dual DDR2-800	5-5-5-18 CR2	452
Opteron 248	2200 MHz	MSI K8T Master1-FAR	K8T800	Dual DDR266R	2-3-3-6 CR1	359
Athlon64 3200+	2000 MHz	ASRock 939S56-M	SiS756	Dual DDR400	2.5-3-3-8 CR2	327
Nano X2 L4350	1733 MHz	VIA EPIA-M900	VX900H Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	308
Celeron 420	1600 MHz	Intel DQ965CO	Q965 Int.	Dual DDR2-667	5-5-5-15	277
2x Atom D2500	1866 MHz	Intel D2500CC	NM10 Int.	DDR3-1066 SDRAM	7-7-7-20 CR2	262
Sempron 2600+	1600 MHz	ASRock K8NF4G-SATA2	GeForce6100 Int.	DDR400 SDRAM	2.5-3-3-8 CR2	262
Atom 230 HT	1600 MHz	Intel D945GCLF	i945GC Int.	DDR2-533 SDRAM	4-4-4-12	205
Celeron D 326	2533 MHz	ASRock 775Twins-HDTV	RC410 Ext.	DDR2-533 SDRAM	4-4-4-11	203
Nano L2200	1600 MHz	VIA VB8001	CN896 Int.	DDR2-667 SDRAM	5-5-5-15 CR2	131

Debug - PCI


		B00 D02 F00:	Intel Ivy Bridge-MB - Integrated Graphics Controller (MB GT2)

		Offset 000:	86 80 66 01 00 00 00 00 09 00 00 00 00 00 00 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 AC 10
		Offset 030:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B00 D1F F02:	Intel Panther Point-M PCH - SATA AHCI Controller [C-1]

		Offset 000:	86 80 03 1E 00 00 00 00 04 00 00 00 00 00 00 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 AC 10
		Offset 030:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B03 D00 F00:	Atheros AR9285 802.11b/g/n Wireless Network Adapter

		Offset 000:	8C 16 2B 00 00 00 00 00 01 00 00 00 00 00 00 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 3B 1A 37 2C
		Offset 030:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B02 D00 F00:	Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter

		Offset 000:	EC 10 68 81 00 00 00 00 07 00 00 00 00 00 00 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 AC 10
		Offset 030:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B00 D1B F00:	Intel Panther Point PCH - High Definition Audio Controller [C-1]

		Offset 000:	86 80 20 1E 00 00 00 00 04 00 00 00 00 00 00 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 AC 10
		Offset 030:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B00 D16 F00:	Intel Panther Point PCH - Host Embedded Controller Interface 1 (HECI1) [C-1]

		Offset 000:	86 80 3A 1E 00 00 00 00 04 00 00 00 00 00 00 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 AC 10
		Offset 030:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B00 D1F F00:	Intel HM76 Chipset - LPC Interface Controller [C-1]

		Offset 000:	86 80 59 1E 00 00 00 00 04 00 00 00 00 00 00 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 AC 10
		Offset 030:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B00 D00 F00:	Intel Ivy Bridge-MB - Host Bridge/DRAM Controller

		Offset 000:	86 80 54 01 00 00 00 00 09 00 00 00 00 00 00 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 AC 10
		Offset 030:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B00 D01 F00:	Intel Ivy Bridge-DT - PCI Express Graphics Root Port

		Offset 000:	86 80 51 01 00 00 00 00 09 00 00 00 00 00 00 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 AC 10
		Offset 030:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B00 D1C F00:	Intel Panther Point PCH - PCI Express Port 1

		Offset 000:	86 80 10 1E 00 00 00 00 C4 00 00 00 00 00 00 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 AC 10
		Offset 030:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B00 D1C F01:	Intel Panther Point PCH - PCI Express Port 2

		Offset 000:	86 80 12 1E 00 00 00 00 C4 00 00 00 00 00 00 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 AC 10
		Offset 030:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B00 D1F F03:	Intel Panther Point PCH - SMBus Controller [C-1]

		Offset 000:	86 80 22 1E 00 00 00 00 04 00 00 00 00 00 00 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 AC 10
		Offset 030:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B00 D1D F00:	Intel Panther Point PCH - USB 2.0 EHCI Controller #1 [C-1]

		Offset 000:	86 80 26 1E 00 00 00 00 04 00 00 00 00 00 00 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 AC 10
		Offset 030:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B00 D1A F00:	Intel Panther Point PCH - USB 2.0 EHCI Controller #2 [C-1]

		Offset 000:	86 80 2D 1E 00 00 00 00 04 00 00 00 00 00 00 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 AC 10
		Offset 030:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

		B00 D14 F00:	Intel Panther Point PCH - USB 3.0 xHCI Controller [C-1]

		Offset 000:	86 80 31 1E 00 00 00 00 04 00 00 00 00 00 00 00
		Offset 010:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 020:	00 00 00 00 00 00 00 00 00 00 00 00 43 10 AC 10
		Offset 030:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 040:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 050:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 060:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 070:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 080:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 090:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0A0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0B0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0C0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0D0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0E0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
		Offset 0F0:	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Debug - Video BIOS


		C000:0000	................................................................
		C000:0040	................................................................
		C000:0080	................................................................
		C000:00C0	................................................................
		C000:0100	................................................................
		C000:0140	................................................................
		C000:0180	................................................................
		C000:01C0	................................................................
		C000:0200	................................................................
		C000:0240	................................................................
		C000:0280	................................................................
		C000:02C0	................................................................
		C000:0300	................................................................
		C000:0340	................................................................
		C000:0380	................................................................
		C000:03C0	................................................................

Debug - Unknown


		BIOS	Unknown
		HDD	INTEL SSDSC2BW120A4
		SSD	INTEL SSDSC2BW120A4

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.